Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

infection site chat land

nettoyantlunettes
 Partager

Messages recommandés

nettoyantlunettes Junior Member

nettoyantlunettes

Posté(e)
Posté(e)

Bonjour,

 

je récupère mon ordi de retour de vacance et quand j'ouvre mozilla...ben a plus mozilla!!

A la place j'ai une connerie de site "chat land" que j'n'arrive pas a virer

J'ai d'abord lancer antivir et antimalware..qui m'ont trouvés des virus (ps ne laisser jamais votre ordi a une gamine de 20 piges ca craint!!)que j'ai du reste supprimés mais toujours cette saloperie qui perdure.

Du coup j'ai lancé ZHP diag ad remover et HJ ...je vous mets les rapports si des fois une ame charitable voulait bien m'aiguiller

 

Cordialement

 

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

 

Mis à jour par TeamXscript le 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

Site web: http://www.teamxscript.org

 

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 21:11:13 le 28/07/2011, Mode normal

 

Microsoft Windows XP Édition familiale Service Pack 3 (X86)

radicho@PUPUCINO ( )

 

============== RECHERCHE ==============

 

 

Fichier trouvé: C:\Program Files\Mozilla FireFox\searchplugins\SearchquWebSearch.xml

Dossier trouvé: C:\Program Files\Windows Searchqu Toolbar

Fichier trouvé: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

Dossier trouvé: C:\Documents and Settings\radicho\Application Data\Mozilla\FireFox\Profiles\zydvn8dp.default\extensions\toolbar@ask.com

Fichier trouvé: C:\Documents and Settings\radicho\Application Data\Mozilla\FireFox\Profiles\zydvn8dp.default\searchplugins\askcom.xml

Dossier trouvé: C:\Documents and Settings\radicho\Application Data\Mozilla\FireFox\Profiles\zydvn8dp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}

Dossier trouvé: C:\Documents and Settings\radicho\Application Data\Mozilla\FireFox\Profiles\zydvn8dp.default\searchqutb

Fichier trouvé: C:\Documents and Settings\radicho\Application Data\Mozilla\FireFox\Profiles\zydvn8dp.default\searchplugins\SearchquWebSearch.xml

Fichier trouvé: C:\Documents and Settings\radicho\Application Data\Mozilla\FireFox\Profiles\zydvn8dp.default\searchplugins\cherche.xml

Fichier trouvé: C:\Documents and Settings\radicho\scriptjava.html

Fichier trouvé: C:\Documents and Settings\radicho\tmp1.7

Dossier trouvé: C:\Program Files\Ask.com

Dossier trouvé: C:\Documents and Settings\radicho\Application Data\SearchquTB

Dossier trouvé: C:\Documents and Settings\radicho\Application Data\Viewpoint

Dossier trouvé: C:\Documents and Settings\radicho\Application Data\OfferBox

Dossier trouvé: C:\Program Files\OfferBox

 

-- Fichier ouvert: C:\Documents and Settings\radicho\Application Data\Mozilla\FireFox\Profiles\zydvn8dp.default\Prefs.js --

Ligne trouvée: user_pref("browser.search.defaultengine", "Ask.com");

Ligne trouvée: user_pref("browser.search.defaultenginename", "Ask.com");

Ligne trouvée: user_pref("browser.search.order.1", "Ask.com");

Ligne trouvée: user_pref("browser.search.selectedEngine", "Ask.com");

Ligne trouvée: user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");

Ligne trouvée: user_pref("extensions.asktb.cbid", "GL");

Ligne trouvée: user_pref("extensions.asktb.config-updated", false);

Ligne trouvée: user_pref("extensions.asktb.crumb", "2011.07.28+11.57.10-toolbar006iad-FR-THlvbixGcmFuY2U%3D");

Ligne trouvée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}...

Ligne trouvée: user_pref("extensions.asktb.dtid", "YYYYYYT6FR");

Ligne trouvée: user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.searchqu.com/web?src=ffb&systemid=...

Ligne trouvée: user_pref("extensions.asktb.first-launch", true);

Ligne trouvée: user_pref("extensions.asktb.first-restart-after-config-update", true);

Ligne trouvée: user_pref("extensions.asktb.fresh-install", false);

Ligne trouvée: user_pref("extensions.asktb.guid", "FD015A73-5AEE-48E9-AD0A-41798C0988DA");

Ligne trouvée: user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com...

Ligne trouvée: user_pref("extensions.asktb.if", "first");

Ligne trouvée: user_pref("extensions.asktb.l", "dis");

Ligne trouvée: user_pref("extensions.asktb.last-config-req", "1311879713339");

Ligne trouvée: user_pref("extensions.asktb.locale", "fr_FR");

Ligne trouvée: user_pref("extensions.asktb.location", "Lyon,France");

Ligne trouvée: user_pref("extensions.asktb.o", "10168");

Ligne trouvée: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

Ligne trouvée: user_pref("extensions.asktb.qsrc", "2871");

Ligne trouvée: user_pref("extensions.asktb.r", "4");

Ligne trouvée: user_pref("extensions.asktb.sa", "YES");

Ligne trouvée: user_pref("extensions.asktb.saguid", "B42C5179-7CCA-4B9C-9324-B9A4BAC98602");

Ligne trouvée: user_pref("extensions.asktb.search-suggestions-enabled", false);

Ligne trouvée: user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);

Ligne trouvée: user_pref("extensions.asktb.themeid", "");

Ligne trouvée: user_pref("extensions.asktb.to", "");

Ligne trouvée: user_pref("extensions.asktb.version", "5.11.3.15590");

Ligne trouvée: user_pref("extensions.enabledItems", "{a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10,{CAFEEFAC-0016-0...

Ligne trouvée: user_pref("extensions.newAddons", "toolbar@ask.com");

Ligne trouvée: user_pref("extensions.snipit.askTbInstalled", true);

Ligne trouvée: user_pref("keyword.URL", "hxxp://www.searchqu.com/web?src=ffb&systemid=403&q=");

-- Fichier Fermé --

 

 

Clé trouvée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Clé trouvée: HKLM\Software\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}

Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FF99715-3016-4381-84CE-E4E4C9673020}

Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020}

Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FF99715-3016-4381-84CE-E4E4C9673020}

Clé trouvée: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Clé trouvée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Clé trouvée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Clé trouvée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Clé trouvée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Clé trouvée: HKLM\Software\Classes\BandooCore.BandooCore

Clé trouvée: HKLM\Software\Classes\BandooCore.BandooCore.1

Clé trouvée: HKLM\Software\Classes\BandooCore.ResourcesMngr

Clé trouvée: HKLM\Software\Classes\BandooCore.ResourcesMngr.1

Clé trouvée: HKLM\Software\Classes\BandooCore.SettingsMngr

Clé trouvée: HKLM\Software\Classes\BandooCore.SettingsMngr.1

Clé trouvée: HKLM\Software\Classes\BandooCore.StatisticMngr

Clé trouvée: HKLM\Software\Classes\BandooCore.StatisticMngr.1

Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd

Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1

Clé trouvée: HKLM\Software\Classes\AppID\BandooCore.EXE

Clé trouvée: HKLM\Software\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}

Clé trouvée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL

Clé trouvée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Clé trouvée: HKLM\Software\AskToolbar

Clé trouvée: HKLM\Software\bandoo

Clé trouvée: HKLM\Software\DataMngr

Clé trouvée: HKLM\Software\OfferBox

Clé trouvée: HKLM\Software\SearchquMediabarTb

Clé trouvée: HKLM\Software\Titan Poker

Clé trouvée: HKCU\Software\Ask.com

Clé trouvée: HKCU\Software\AskToolbar

Clé trouvée: HKCU\Software\DataMngr

Clé trouvée: HKCU\Software\Grand Virtual

Clé trouvée: HKCU\Software\searchqutb

Clé trouvée: HKCU\Software\Spointer

Clé trouvée: HKLM\Software\Canneverbe Limited\OpenCandy

Clé trouvée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}

Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}

Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}

Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}

Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu MediaBar

Clé trouvée: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom

Clé trouvée: HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Clé trouvée: HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

 

Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DataMngr

Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC}

Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}

Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{7FF99715-3016-4381-84CE-E4E4C9673020}

Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

 

 

============== SCAN ADDITIONNEL ==============

 

**** Mozilla Firefox Version [3.6.8 (fr)] ****

 

Plugins\npFoxitReaderPlugin.dll (Foxit Software Company)

HKLM_MozillaPlugins\@zylom.com/ZylomGamesPlayer (x)

HKLM_MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 (x)

Searchplugins\SearchquWebSearch.xml ( hxxp://www.searchqu.com/web?src=ffb&systemid=403&q={searchTerms}/)

Searchplugins\SiteVacuum.xml (<SearchPlugin xmlns=hxxp://www.mozilla.org/2006/browser/search/<ShortNameGoogle Search Community</ShortName<DescriptionGoogle Power + Community</Description<InputEncodingUTF-8</InputEncoding<Image width=16 height=16data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAABGdBTUEAALGPC/xhBQAAAwBQTFRFAAAAAUbWAUfbAUnfE1PZE1TeAU3jCk/gA1TlClPkCVjmD1zmE1bhEFjlE13lHmboKGrlMWvlP3jlVYLhVYLkVYPnWIXkWInobZHjapXrdpvpgKLq////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+iJwJgAAAQB0Uk5T////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////AFP3ByUAAAAJcEhZcwAADsAAAA7AAWrWiQkAAAAYdEVYdFNvZnR3YXJlAFBhaW50Lk5FVCB2My4zNTDus58AAABrSURBVChTdY9JEoAgDARR3HBF3HX+/00NagStcm7pdMFE7J+IPzDb2OVtjBuAdXyAWQAJTIYNTXsC0AxqSBvUDlzGA7LmBEXOhkoq2quEfylla59IuUccDq4vFYuC3usvaO78e8h4zXyLcw4at7Hur4NtIQAAAABJRU5ErkJggg==</Image<Url type=application/x-suggestions+json method=GET template=hxxp://suggestqueries.google.com/complete/search?output=firefox&client=firefox&qu={searchTerms}/hxxp://www.google.fr/cse<Param name=cx value=partner-pub-8885210189291163:81bei0-h4yd/<Param name=hl value=fr/<Param name=ie value=UTF-8/<Param name=oe value=UTF-8/<Param name=sa value=Search/<Param name=q value={searchTerms}/<!-- Dynamic parameters --<MozParam name=client condition=defaultEngine trueValue=firefox-a falseValue=firefox/</Url<SearchFormhxxp://www.europowersearch.com/Results.aspx</SearchForm</SearchPlugin)

Components\GooglePlusVideosXPCOM.dll (?)

Components\SiteVacuumXPCOM.dll (?)

 

-- C:\Documents and Settings\radicho\Application Data\Mozilla\FireFox\Profiles\zydvn8dp.default --

Extensions\toolbar@ask.com (Ask Toolbar)

Extensions\{1cdccf78-1ea9-4f40-b69f-ef7674dbef8c} (MegaUpload Time Attack)

Extensions\{7FF99715-3016-4381-84CE-E4E4C9673020} (Searchqu Toolbar)

Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} (FireFTP)

Searchplugins\askcom.xml (?)

Searchplugins\cherche.xml (hxxp://search-web.net/results.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A5...)

Searchplugins\SearchquWebSearch.xml ( hxxp://www.searchqu.com/web?src=ffb&systemid=403&q={searchTerms}/)

Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\radicho\\Bureau

Prefs.js - browser.search.defaultenginename, Ask.com

Prefs.js - browser.search.selectedEngine, Ask.com

Prefs.js - browser.startup.homepage, hxxp://www.search-web.net/

Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.8

Prefs.js - keyword.URL, hxxp://www.searchqu.com/web?src=ffb&systemid=403&q=

 

========================================

 

**** Internet Explorer Version [6.0.2900.5512] ****

 

HKCU_Main|Default_Page_URL - hxxp://www.search-web.net

HKCU_Main|Default_Search_URL - hxxp://www.search-web.net/keyword/

HKCU_Main|First Home Page - hxxp://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1

HKCU_Main|SearchMigratedDefaultURL - hxxp://search-web.net/results.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A5...

HKCU_Main|Search bar - hxxp://www.search-web.net

HKCU_Main|Search Page - hxxp://www.search-web.net

HKCU_Main|Start Page - hxxp://www.search-web.net

HKLM_Main|Default_Page_URL - hxxp://www.google.com

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search Page - hxxp://www.google.com

HKLM_Main|Start Page - hxxp://www.msn.com/

HKCU_URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC} - "UrlSearchHook Class" (C:\Program Files\Ask.com\GenericAskToolbar.dll)

HKCU_URLSearchHooks|{08C06D61-F1F3-4799-86F8-BE1A89362C85} - "Search Class" (C:\Program Files\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll)

HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "Ask Search" (hxxp://websearch.ask.com/redirect?client=ie&tb=GLSV5&o=10168&src=crm&q={searchTe...)

HKCU_SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193} - "search-web.net" (hxxp://search-web.net/results.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&...)

HKCU_Toolbar|{1E796980-9CC5-11D1-A83F-00C04FC99D61} (x)

HKCU_Toolbar\WebBrowser|{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (x)

HKCU_Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (C:\Program Files\Ask.com\GenericAskToolbar.dll)

HKLM_Toolbar|{7FF99715-3016-4381-84CE-E4E4C9673020} (C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll)

HKLM_Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440} (C:\Program Files\Ask.com\GenericAskToolbar.dll)

HKCU_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Program Files\Ask.com\SaUpdate.exe (?)

HKLM_ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC} - C:\Program Files\Fun4IM\BndCore.exe (x)

HKLM_ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12} - C:\Program Files\Fun4IM\ExtensionsManager.exe (x)

HKLM_ElevationPolicy\{7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\uninstall.exe (Discordia Ltd.)

HKLM_ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} - C:\Program Files\Fun4IM\Bandoo.exe (x)

HKLM_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Program Files\Ask.com\SaUpdate.exe (?)

HKLM_ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080} - C:\Program Files\Fun4IM\BandooUI.exe (x)

HKCU_Extensions\{0FC33475-3DB9-41E0-9E94-598B59D139F2} - "888poker" (C:\Microgaming\Poker\888MPP\MPPoker.exe,2)

HKLM_Extensions\{06568ceb-5721-47d4-9d93-7e604fcbaeab} - "PMU Poker" (C:\Program Files\PMU\PMUPoker\Images\ppicon.ico)

HKLM_Extensions\{725EC34E-943C-4df6-B0B2-FBDE7F242276} - "PartyPoker.fr" (C:\Program Files\PartyFrance\PartyPokerFr\Images\ppicon.ico)

HKLM_Extensions\{90EAE591-7E7E-434a-8E28-ECFD00071806} - "PokerStars.fr" (C:\Program Files\PokerStars.FR\main.ico)

HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)

BHO\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - "AcroIEHlprObj Class" (C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll)

BHO\{7FF99715-3016-4381-84CE-E4E4C9673020} - "Searchqu Toolbar" (C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll)

BHO\{D4027C7F-154A-4066-A1AD-4243D8127440} - "Ask Toolbar" (C:\Program Files\Ask.com\GenericAskToolbar.dll)

 

========================================

 

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)

C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

 

C:\Ad-Report-SCAN[1].txt - 28/07/2011 21:11:18 (6018 Octet(s))

 

Fin à: 21:11:47, 28/07/2011

 

============== E.O.F ==============

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:12:33, on 28/07/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE

C:\Program Files\Java\jre6\bin\javaw.exe

C:\WINDOWS\system32\cscript.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Glary Utilities\Integrator.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-web.net/keyword/%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Chat, rencontre, Tchat, rencontres

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-web.net/keyword/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Chat, rencontre, Tchat, rencontres

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Chat, rencontre, Tchat, rencontres

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Chat, rencontre, Tchat, rencontres

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Chat, rencontre, Tchat, rencontres

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Search

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = Chat, rencontre, Tchat, rencontres

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-21-2736170881-2526285521-1674068758-1019\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'elephant')

O4 - Startup: Protection.lnk = C:\Documents and Settings\radicho\Protection.jar

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Recherche avec search-web - C:\Documents and Settings\radicho\scriptjava.html

O8 - Extra context menu item: uStart Search - res://C:\Documents and Settings\radicho\Local Settings\Application Data\addtoustart\addtoustart.dll/202

O9 - Extra button: PMU Poker - {06568ceb-5721-47d4-9d93-7e604fcbaeab} - C:\Documents and Settings\radicho\Bureau\PMU Poker.lnk

O9 - Extra 'Tools' menuitem: PMU Poker - {06568ceb-5721-47d4-9d93-7e604fcbaeab} - C:\Documents and Settings\radicho\Bureau\PMU Poker.lnk

O9 - Extra button: PartyPoker.fr - {725EC34E-943C-4df6-B0B2-FBDE7F242276} - C:\Documents and Settings\radicho\Bureau\PartyPoker.fr.lnk

O9 - Extra 'Tools' menuitem: PartyPoker.fr - {725EC34E-943C-4df6-B0B2-FBDE7F242276} - C:\Documents and Settings\radicho\Bureau\PartyPoker.fr.lnk

O9 - Extra button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: 888poker - {0FC33475-3DB9-41E0-9E94-598B59D139F2} - C:\Microgaming\Poker\888MPP\MPPoker.exe (HKCU)

O15 - Trusted Zone: Chat, rencontre, Tchat, rencontres

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

 

--

End of file - 6856 bytes

 

 

 

Rapport de ZHPDiag v1.28.02 par Nicolas Coolman, Update du 28/07/2011

Run by radicho at 28/07/2011 21:14:31

Web site : ZHPDiag Outil de diagnostic

 

 

---\\ Web Browser

MSIE: Internet Explorer v6.0.2900.5512

MFIE: Mozilla Firefox v (Defaut)

 

---\\ System Information

Windows XP Home Edition Service Pack 3 (Build 2600)

~ Processor: x86 Family 15 Model 4 Stepping 9, GenuineIntel

~ Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 1014 MB (48% free)

System Restore: Activé (Enable)

System drive C: has 55 GB (50%) free of 109 GB

 

---\\ Logged in mode

~ Computer Name: PUPUCINO

~ User Name: radicho

~ All Users Names: SUPPORT_388945a0, radicho, HelpAssistant, elephant, ASPNET, Administrateur,

~ Unselected Option: O45,O61,O62,O65,O66,O82

Logged in as Administrator

 

---\\ Environnement Variables

~ %AppData%=C:\Documents and Settings\radicho\Application Data\

~ %Desktop%=C:\Documents and Settings\radicho\Bureau\

~ %Favorites%=C:\Documents and Settings\radicho\Favoris\

~ %LocalAppData%=C:\Documents and Settings\radicho\Local Settings\Application Data\

~ %StartMenu%=C:\Documents and Settings\radicho\Menu Démarrer\

 

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 55 Go of 109 Go)

D:\ Hard drive, Flash drive, Thumb drive (Free 7 Go of 37 Go)

E:\ CD-ROM drive (Free 0 Go of 0 Go)

F:\ CD-ROM drive (Not Inserted)

 

 

 

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK

[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK

~ Scan Security Center in 00mn 00s

 

 

 

---\\ Recherche particulière de fichiers génériques

[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824]

[MD5.93AD0B78C7357A05F50E594EC7C22300] - (....) (.14/04/2008 - 03:34:20.) -- C:\WINDOWS\system32\rundll32.exe [33792]

[MD5.0BABCDABF7463FCABA6EDE0CEFC8A4A3] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/04/2011 - 15:47:19.) -- C:\WINDOWS\system32\wininet.dll [671232]

[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000]

[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 19:40:30.) -- C:\WINDOWS\system32\drivers\atapi.sys [96512]

[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 20:15:53.) -- C:\WINDOWS\system32\drivers\ntfs.sys [574976]

~ Scan Generic Processes in 00mn 00s

 

 

 

---\\ Etat des fichiers cachés (Caché/Total)

~ Mes images (My Pictures) : 44/247

~ Mes musiques (My Musics) : 1/3

~ Mes Videos (My Video) : 0/0

~ Mes Favoris (My Favorites) : 1/15

~ Mes Documents (My Documents) : 151/2867

~ Mon Bureau (My Desktop) : 29/4684

~ Menu demarrer (Programs) : 6/42

~ Scan Hidden Files in 00mn 05s

 

 

 

---\\ Processus lancés

[MD5.9015BC03F62940527EC92D45EE89E46F] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [108289]

[MD5.B8720A787C1223492E6F319465E996CE] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [185089]

[MD5.B0C9FFF54F16DF2012F53A34736A0975] - (.France Telecom SA - Orange Connection Kit.) -- C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [69632]

[MD5.39133291CB607BDD87CFC565A4A1E7A5] - (.Sun Microsystems, Inc. - Java Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376]

[MD5.B90E093E7A7250906F1054418B5339C0] - (.Nero AG - Nero BackItUp.) -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [935208]

[MD5.7AEA4DF1CA68FD45DD4BBE1F0243CE7F] - (...) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096]

[MD5.747E60B773E95F6C93D5621B550D6865] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [92008]

[MD5.3E0724E99C129D0946279D7118482185] - (.Discordia, LTD - Data Manager.) -- C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE [985488]

[MD5.45D9E6C134735854866608931269B43E] - (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\javaw.exe [145184]

[MD5.23D42C651F89420F7232AEB7A2A43D03] - (.Microsoft Corporation - Microsoft ® Console Based Script Host.) -- C:\WINDOWS\system32\cscript.exe [135168]

[MD5.BACCDA841C689D1CBA941F478E8ED24B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [910296]

[MD5.642FA80C2C43EE609313746AA305DC86] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [14808]

[MD5.C8CAD00860A4A621CB20354AEBB2B3D8] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [662016]

~ Scan Processes Running in 00mn 00s

 

 

 

---\\ Opera, Plugins,Démarrage,Recherche (P1,B0,B1)

P1 - OPN:Opera Plugin Navigator . (.Microsoft Corporation - Microsoft® C++ Runtime Library.) -- C:\Program Files\Opera\Program\Plugins\msvcp90.dll

P1 - OPN:Opera Plugin Navigator . (.Microsoft Corporation - Microsoft® C Runtime Library.) -- C:\Program Files\Opera\Program\Plugins\msvcr90.dll

P1 - OPN:Opera Plugin Navigator . (...) -- C:\Program Files\Opera\Program\Plugins\NPSWF32.dll

P1 - OPN:Opera Plugin Navigator . (.Adobe Systems, Inc. - Adobe Flash Player Helper 10.0 r32.) -- C:\Program Files\Opera\Program\Plugins\NPSWF32_FlashUtil.exe

~ Scan Opera Browser in 00mn 00s

 

 

 

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)

C:\Documents and Settings\radicho\Local Settings\Application Data\Mozilla\Firefox\Profiles\zydvn8dp.default\prefs.js

M3 - MFPP: Plugins - [radicho] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml

M3 - MFPP: Plugins - [radicho] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml

M3 - MFPP: Plugins - [radicho] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml

M3 - MFPP: Plugins - [radicho] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml

M3 - MFPP: Plugins - [radicho] -- C:\Program Files\Mozilla FireFox\searchplugins\SearchquWebSearch.xml

M3 - MFPP: Plugins - [radicho] -- C:\Program Files\Mozilla FireFox\searchplugins\SiteVacuum.xml

M3 - MFPP: Plugins - [radicho] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml

M3 - MFPP: Plugins - [radicho] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml

P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - np-mswmp.) -- C:\Program Files\Mozilla Firefox\Plugins\np-mswmp.dll

P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeploytk.dll

P2 - FPN:Firefox Plugin Navigator . (.Foxit Software Company - Foxit Reader Plug-In For Firefox and Netscape.) -- C:\Program Files\Mozilla Firefox\Plugins\npFoxitReaderPlugin.dll

P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll

P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFFICE.DLL

P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

P2 - FPN: [HKLM] [@videolan.org/vlc,version=1.1.9] - (.the VideoLAN Team - Version 1.1.9, copyright 1996-2011 The VideoLAN Team<br><a href="http:.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll

P2 - FPN: [HKLM] [@virtools.com/3DviaPlayer] - (.Dassault Systèmes - 3DVIA player(5.0.0.12). For more information, visit the <a href="http.) -- C:\Program Files\Virtools\3D Life Player\npvirtools.dll

P2 - FPN: [HKLM] [@zylom.com/ZylomGamesPlayer] - (.Zylom - Zylom Plugin.) -- C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

P2 - FPN: [HKLM] [yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1] - (...) -- C:\Program Files\Yahoo!\Common\npyaxmpb.dll (.not file.)

~ Scan Firefox Browser in 00mn 00s

 

 

 

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Chat, rencontre, Tchat, rencontres

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKUS\S-1-5-21-2736170881-2526285521-1674068758-1019-2736170881-2526285521-1674068758-1006\Software\Microsoft\Internet Explorer\Main,Start Page = Dell Site Officiel - Ordinateur Portable | Dell France

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Chat, rencontre, Tchat, rencontres

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Chat, rencontre, Tchat, rencontres

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Chat, rencontre, Tchat, rencontres

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Chat, rencontre, Tchat, rencontres

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Search

R1 - HKUS\S-1-5-21-2736170881-2526285521-1674068758-1019-2736170881-2526285521-1674068758-1006\Software\Microsoft\Internet Explorer\Main,Search Page = Microsoft Corporation

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} . (.Ask - Ask Toolbar.) (5.11.3.15590) -- C:\Program Files\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} . (...) (No version) -- (.not file.)

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} . (...) (No version) -- C:\Program Files\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll

R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1

~ Scan IE Browser in 00mn 00s

 

 

 

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Scan Proxy management in 00mn 00s

 

 

 

---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

~ Scan Keys in 00mn 00s

 

 

 

---\\ Redirection du fichier Hosts (O1)

~ Scan Hosts File in 00mn 00s

 

 

 

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe Acrobat IE Helper Version 6.0 for Act.) -- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} . (.Pas de propriétaire - Searchqu Toolbar Link Library.) -- C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

~ Scan BHO in 00mn 00s

 

 

 

---\\ Internet Explorer Toolbars (O3)

O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} . (.Pas de propriétaire - Searchqu Toolbar Link Library.) -- C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: (no name) - {1E796980-9CC5-11D1-A83F-00C04FC99D61} . (...) -- (.not file.)

~ Scan Toolbar in 00mn 00s

 

 

 

---\\ Applications démarrées par registre & par dossier (O4)

O4 - HKLM\..\Run: [DATAMNGR] . (.Discordia, LTD - Data Manager.) -- C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe

O4 - HKUS\S-1-5-21-2736170881-2526285521-1674068758-1019-2736170881-2526285521-1674068758-1006\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

~ Scan Application in 00mn 00s

 

 

 

---\\ Autres liens utilisateurs (O4)

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 6.0.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A00000000001}\SC_Reader_PM.ico

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\CDBurnerXP.lnk . (.Canneverbe Limited.) -- C:\Program Files\CDBurnerXP\cdbxpp.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\moviemk.exe

O4 - Global Startup: C:\Documents And Settings\radicho\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe

O4 - Global Startup: C:\Documents And Settings\radicho\Menu Démarrer\Programmes\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe

~ Scan Global Startup in 00mn 00s

 

 

 

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)

O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.exe

O8 - Extra context menu item: Recherche avec search-web . (...) -- C:\Documents and Settings\radicho\scriptjava.html

O8 - Extra context menu item: uStart Search - (.not file.) - C:\Documents and Settings\radicho\Local Settings\Application Data\addtoustart\addtoustart.dll

~ Scan IE Menu Contextuel in 00mn 00s

 

 

 

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

O9 - Extra button: PMU Poker - {06568ceb-5721-47d4-9d93-7e604fcbaeab} . (...) -- C:\Program Files\PMU\PMUPoker\Images\ppicon.ico

O9 - Extra button: PartyPoker.fr - {725EC34E-943C-4df6-B0B2-FBDE7F242276} . (...) -- C:\Program Files\PartyFrance\PartyPokerFr\Images\ppicon.ico

O9 - Extra button: PartyPoker.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} -- C:\Program Files\PokerStars.FR\main.ico (.not file.)

O9 - Extra button: PartyPoker.fr - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\PROGRA~1\MICROS~3\OFFICE11\REFBARH.ICO

O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (...) -- C:\PROGRA~1\MICROS~3\OFFICE11\REFBARH.ICO

~ Scan IE Extra Buttons in 00mn 00s

 

 

 

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll

~ Scan Winsock in 00mn 00s

 

 

 

---\\ Site dans la Zone de confiance d'Internet Explorer (O15)

O15 - Trusted Zone: [HKCU\...\Domains\www] http.chat-land.org

~ Scan IE Zone Confiance in 00mn 00s

 

 

 

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{24B448E8-481F-4A03-A989-3A9C195CCC7F}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{3298ACB0-7E66-4413-A519-87FCF51392AA}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{6DF3FEB9-14F3-431B-BFCB-AB20A2FE8877}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{24B448E8-481F-4A03-A989-3A9C195CCC7F}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{3298ACB0-7E66-4413-A519-87FCF51392AA}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{6DF3FEB9-14F3-431B-BFCB-AB20A2FE8877}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{24B448E8-481F-4A03-A989-3A9C195CCC7F}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{3298ACB0-7E66-4413-A519-87FCF51392AA}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{6DF3FEB9-14F3-431B-BFCB-AB20A2FE8877}: DhcpNameServer = 192.168.1.1

~ Scan Domain in 00mn 00s

 

 

 

---\\ Protocole additionnel (O18)

O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\WINDOWS\system32\Mshtml.dll

O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll

O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\WINDOWS\system32\msvidctl.dll

O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll

O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll

O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll

O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll

O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll

O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll

O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\WINDOWS\system32\Mshtml.dll

O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll

O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\WINDOWS\system32\Mshtml.dll

O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API.) -- C:\WINDOWS\system32\inetcomm.dll

O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll

O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll

O18 - Handler: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} . (.Microsoft Corporation - Microsoft Office XP Web Components.) -- C:\PROGRA~1\FICHIE~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

O18 - Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} . (.Microsoft Corporation - Microsoft Office Web Components 2003.) -- C:\PROGRA~1\FICHIE~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\WINDOWS\system32\Mshtml.dll

O18 - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\WINDOWS\system32\Mshtml.dll

O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\WINDOWS\system32\msvidctl.dll

O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\WINDOWS\system32\Mshtml.dll

O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll

O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll

O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll

O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll

O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll

O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll

O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll

O18 - Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll

O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll

O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

~ Scan Protocole Additionnel in 00mn 00s

 

 

 

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll

O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll

O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\Windows\System32\cscdll.dll

O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll

O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll

O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll

O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll

O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll

O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\WlNotify.dll

O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll

O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Windows Genuine Advantage Notification.) -- C:\Windows\System32\WgaLogon.dll

O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll

~ Scan Winlogon in 00mn 00s

 

 

 

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\WINDOWS\system32\webcheck.dll

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll

~ Scan SSODL in 00mn 00s

 

 

 

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)

O22 - SharedTaskScheduler: (no name) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll

~ Scan STS/SSO in 00mn 00s

 

 

 

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) . (.France Telecom SA - Orange Connection Kit.) - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler 4.0) . (.Nero AG - Nero BackItUp.) - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NMSAccess (NMSAccess) . (...) - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) . (.PostgreSQL Global Development Group - pg_ctl - starts/stops/restarts the PostgreS.) - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe

O23 - Service: TomTomHOMEService (TomTomHOMEService) . (.TomTom - Windows Service for TomTom HOME.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

~ Scan Services in 00mn 00s

 

 

 

---\\ Enumération Active Desktop & MHTML Editor (O24)

O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.exe

~ Scan Desktop Component in 00mn 00s

 

 

 

---\\ Tâches planifiées en automatique (O39)

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GlaryInitialize.job

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Nouvelle Tâche.job

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

~ Scan Scheduled Task in 00mn 00s

 

 

 

---\\ Pilotes lancés au démarrage (O41)

O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys

O41 - Driver: (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys

O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for RootKit Detection.) - C:\WINDOWS\System32\DRIVERS\avipbb.sys

O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\WINDOWS\System32\DRIVERS\cdrom.sys

O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\WINDOWS\System32\DRIVERS\i8042prt.sys

O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\WINDOWS\System32\DRIVERS\imapi.sys

O41 - Driver: (intelppm) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\WINDOWS\System32\DRIVERS\intelppm.sys

O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\WINDOWS\System32\DRIVERS\ipsec.sys

O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\WINDOWS\System32\DRIVERS\kbdclass.sys

O41 - Driver: (kbdhid) . (.Microsoft Corporation - Pilote de filtre souris HID.) - C:\WINDOWS\System32\DRIVERS\kbdhid.sys

O41 - Driver: (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\WINDOWS\System32\DRIVERS\mouclass.sys

O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\WINDOWS\System32\DRIVERS\mrxsmb.sys

O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\WINDOWS\System32\DRIVERS\netbios.sys

O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\WINDOWS\System32\DRIVERS\netbt.sys

O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\WINDOWS\System32\DRIVERS\rasacd.sys

O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\WINDOWS\System32\DRIVERS\rdbss.sys

O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

O41 - Driver: (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\WINDOWS\System32\DRIVERS\redbook.sys

O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\WINDOWS\System32\DRIVERS\serial.sys

O41 - Driver: (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\WINDOWS\System32\DRIVERS\tcpip.sys

O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\WINDOWS\System32\DRIVERS\termdd.sys

O41 - Driver: Carte vidéo VGA. (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys

~ Scan Drivers in 00mn 00s

 

 

 

---\\ Logiciels installés (O42)

O42 - Logiciel: 3DVIA player 5.0 - (.3DVIA.) [HKLM] -- {4E868D3D-6EEB-4273-926C-2287236B5B79}

O42 - Logiciel: 7-Zip 4.65 - (.Pas de propriétaire.) [HKLM] -- 7-Zip

O42 - Logiciel: 725plc32 - (.Dell.) [HKLM] -- {162D2FB8-60A3-4871-B6A1-5C744CD34FF5}

O42 - Logiciel: 802.11 USB Wireless LAN Adapter - (.Pas de propriétaire.) [HKLM] -- SiS163u

O42 - Logiciel: ALZip - (.ESTsoft Corp..) [HKLM] -- ALZip_is1

O42 - Logiciel: Adobe Acrobat - Reader 6.0.2 Update - (.Adobe Systems.) [HKLM] -- {AC76BA86-0000-0000-0000-6028747ADE01}

O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX

O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin

O42 - Logiciel: Adobe Flash Player 9 ActiveX - (.Adobe Systems.) [HKLM] -- ShockwaveFlash

O42 - Logiciel: Adobe Reader 6.0.1 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A00000000001}

O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE}

O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop

O42 - Logiciel: Bass Audio Decoder (remove only) - (.Pas de propriétaire.) [HKLM] -- Bass Audio Decoder

O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner

O42 - Logiciel: CD Audio Reader Filter (remove only) - (.Pas de propriétaire.) [HKLM] -- CD Audio Reader Filter

O42 - Logiciel: CDBurnerXP - (.CDBurnerXP.) [HKLM] -- {7E265513-8CDA-4631-B696-F40D983F3B07}_is1

O42 - Logiciel: Connexion Internet Orange - (.Pas de propriétaire.) [HKLM] -- {ORAHSS}.UninstallSuite

O42 - Logiciel: DCoder Image Source (remove only) - (.Pas de propriétaire.) [HKLM] -- DCoder Image Source

O42 - Logiciel: DScaler 5 Mpeg Decoders - (.Pas de propriétaire.) [HKLM] -- DScaler 5 Mpeg Decoders_is1

O42 - Logiciel: Dell Driver Reset Tool - (.Dell Inc..) [HKLM] -- {5905F42D-3F5F-4916-ADA6-94A3646AEE76}

O42 - Logiciel: FFMPEG Core Files (remove only) - (.Pas de propriétaire.) [HKLM] -- FFMPEG Core Files

O42 - Logiciel: Foxit PDF Editor - (.Pas de propriétaire.) [HKLM] -- Foxit PDF Editor

O42 - Logiciel: Foxit Reader - (.Pas de propriétaire.) [HKLM] -- Foxit Reader

O42 - Logiciel: Full Tilt Poker.Fr - (.Pas de propriétaire.) [HKLM] -- {34785AD0-6276-11DF-A08A-0800200C9A66}

O42 - Logiciel: Gabest MPEG Splitter (remove only) - (.Pas de propriétaire.) [HKLM] -- Gabest MPEG Splitter

O42 - Logiciel: Glary Utilities 2.35.0.1216 - (.Glarysoft Ltd.) [HKLM] -- Glary Utilities_is1

O42 - Logiciel: HP Photo and Imaging 2.0 - Scanners - (.{&Tahoma8}Hewlett-Packard.) [HKLM] -- {6CC93102-135E-49E2-99A4-C431E671C12A}

O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595

O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484

O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5

O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] -- KB976002-v5

O42 - Logiciel: Intel® Graphics Media Accelerator Driver - (.Pas de propriétaire.) [HKLM] -- {8A708DD8-A5E6-11D4-A706-000629E95E20}

O42 - Logiciel: Intel® PRO Network Connections Drivers - (.Pas de propriétaire.) [HKLM] -- PROSet

O42 - Logiciel: Intel® PROSet for Wired Connections - (.Dell.) [HKLM] -- {83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}

O42 - Logiciel: Internet Explorer Default Page - (.Dell Inc..) [HKLM] -- {35BDEFF1-A610-4956-A00D-15453C116395}

O42 - Logiciel: Java 2 Runtime Environment, SE v1.4.2_03 - (.Sun Microsystems, Inc..) [HKLM] -- {7148F0A8-6813-11D6-A77B-00B0D0142030}

O42 - Logiciel: Java 6 Update 17 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216015FF}

O42 - Logiciel: Java 6 Update 7 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160070}

O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM] -- Windows Media Player

O42 - Logiciel: MONOGRAM AMR Splitter/Decoder (remove only) - (.Pas de propriétaire.) [HKLM] -- MONOGRAM AMR Splitter/Decoder

O42 - Logiciel: MSXML 4.0 SP2 (KB936181) - (.Microsoft Corporation.) [HKLM] -- {C04E32E0-0416-434D-AFB9-6969D703A9EF}

O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

O42 - Logiciel: Macromedia Dreamweaver 8 - (..) [HKLM] -- {5FD788ED-1A37-4496-9BDD-463F493B27FA}

O42 - Logiciel: Macromedia Extension Manager - (.Nom de votre société.) [HKLM] -- {3C8C9FB3-5FDF-40B4-B314-EAD722728C76}

O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.1.1800 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1

O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] -- Microsoft .NET Framework 1.1 (1033)

O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB2416447) - (.Pas de propriétaire.) [HKLM] -- M2416447

O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB979906) - (.Pas de propriétaire.) [HKLM] -- M979906

O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {72AD53CC-CCC0-3757-8480-9EE176866A7C}

O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {0BD83598-C2EF-3343-847B-7D2E84599128}

O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31}

O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1

O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}

O42 - Logiciel: Microsoft .NET Framework 4 Extended - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Extended

O42 - Logiciel: Microsoft .NET Framework 4 Extended - (.Microsoft Corporation.) [HKLM] -- {0A0CADCF-78DA-33C4-A350-CD51849B9702}

O42 - Logiciel: Microsoft .NET Framework 4 Extended FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {043F86B7-EE12-3399-B2CA-D0B603D87963}

O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM] -- MSCompPackV1

O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs - (.Microsoft Corporation.) [HKLM] -- IDNMitigationAPIs

O42 - Logiciel: Microsoft National Language Support Downlevel APIs - (.Microsoft Corporation.) [HKLM] -- NLSDownlevelMapping

O42 - Logiciel: Microsoft Office File Validation Add-In - (.Microsoft Corporation.) [HKLM] -- {90140000-2005-0000-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Professional Edition 2003 - (.Microsoft Corporation.) [HKLM] -- {9111040C-6000-11D3-8CFE-0150048383C9}

O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- Wudf01000

O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 - (.Microsoft Corporation.) [HKLM] -- {86CE85E6-DBAC-3FFD-B977-E4B79F83C909}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F}

O42 - Logiciel: Microsoft Works 7.0 - (.Microsoft Corporation.) [HKLM] -- {64D114CE-4234-45C2-B60A-2B07D5A48F72}

O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra

O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack

O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Extended FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Extended FRA Language Pack

O42 - Logiciel: Mozilla Firefox (3.6.8) - (.Mozilla.) [HKLM] -- Mozilla Firefox (3.6.8)

O42 - Logiciel: Nero 9 HD - (.Nero AG.) [HKLM] -- {e2bbe4e5-574c-4588-a231-d9afaef024a6}

O42 - Logiciel: Notepad++ - (.Pas de propriétaire.) [HKLM] -- Notepad++

O42 - Logiciel: OpenSource AVI Splitter (remove only) - (.Pas de propriétaire.) [HKLM] -- OpenSource AVI Splitter

O42 - Logiciel: OpenSource DTS/AC3/DD+ Source Filter (remove only) - (.Pas de propriétaire.) [HKLM] -- OpenSource DTS/AC3/DD+ Source Filter

O42 - Logiciel: OpenSource Flash Video Splitter (remove only) - (.Pas de propriétaire.) [HKLM] -- OpenSource Flash Video Splitter

O42 - Logiciel: Optimisation Windows - (.Pas de propriétaire.) [HKLM] -- ST6UNST #1

O42 - Logiciel: PMU Poker - (.PMU.) [HKLM] -- PMUPoker

O42 - Logiciel: PartyPoker.fr - (.PartyFrance.) [HKLM] -- PartyPokerFr

O42 - Logiciel: Picasa 2 - (.Google, Inc..) [HKLM] -- Picasa2

O42 - Logiciel: PokerStars.fr - (.PokerStars.fr.) [HKLM] -- PokerStars.fr

O42 - Logiciel: PokerStrategy.com Elephant - (.PokerStrategy.com.) [HKLM] -- {C2F8468F-85AB-4D08-A68E-01D328E7B261}

O42 - Logiciel: PostgreSQL 8.3 - (.PostgreSQL Global Development Group.) [HKLM] -- {B823632F-3B72-4514-8861-B961CE263224}

O42 - Logiciel: RealMedia (remove only) - (.Pas de propriétaire.) [HKLM] -- RealMedia

O42 - Logiciel: SHOUTcast Source (remove only) - (.Pas de propriétaire.) [HKLM] -- SHOUTcast Source

O42 - Logiciel: Samsung ML-1640 Series - (.Samsung Electronics CO.,LTD.) [HKLM] -- Samsung ML-1640 Series

O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- KB931906

O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- {0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Extended (KB2416472) - (.Microsoft Corporation.) [HKLM] -- {0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2416472

O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2478663

O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2518870

O42 - Logiciel: Sonic Activation Module - (.Sonic Solutions.) [HKLM] -- {5B6BE547-21E2-49CA-B2E2-6A5F470593B1}

O42 - Logiciel: Sonic Update Manager - (.Sonic Solutions.) [HKLM] -- {30465B6C-B53F-49A1-9EBA-A3F187AD502E}

O42 - Logiciel: TomTom HOME 2.7.6.2056 - (.TomTom.) [HKLM] -- TomTom HOME

O42 - Logiciel: TomTom HOME Visual Studio Merge Modules - (.TomTom International B.V..) [HKLM] -- {8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}

O42 - Logiciel: Tomtomax Maxi-Box V2.0.21 - (.Tomtomax et KoakDesign.) [HKLM] -- {A10F672B-01C4-498F-ADBD-3E5B144284B7}_is1

O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707

O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2473228) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2473228

O42 - Logiciel: VLC media player 1.1.9 - (.VideoLAN.) [HKLM] -- VLC media player

O42 - Logiciel: WinPatrol - (.Pas de propriétaire.) [HKLM] -- WinPatrol

O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM] -- WgaNotify

O42 - Logiciel: Windows Installer 3.1 (KB893803) - (.Microsoft Corporation.) [HKLM] -- KB893803v2

O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] -- WMFDist11

O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM] -- wmp11

O42 - Logiciel: Windows Media Player Firefox Plugin - (.Microsoft Corp.) [HKLM] -- {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

O42 - Logiciel: Windows Searchqu Toolbar - (.Bandoo Media Inc.) [HKLM] -- Searchqu MediaBar

O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service

O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XPSEPSCLP

O42 - Logiciel: Zeb-Utility 1.2 - (.Pas de propriétaire.) [HKLM] -- Zeb-Utility 1.2

 

---\\ HKCU & HKLM Software Keys

[HKCU\Software\7-Zip]

[HKCU\Software\?? ?? ???? ????? ??? ?? ????]

[HKCU\Software\Ad-Remover]

[HKCU\Software\Adobe]

[HKCU\Software\Ahead]

[HKCU\Software\AppDataLow\Software]

[HKCU\Software\AppDataLow]

[HKCU\Software\Apple Computer, Inc.]

[HKCU\Software\Ask.com]

[HKCU\Software\AskToolbar]

[HKCU\Software\Audacity]

[HKCU\Software\Avira]

[HKCU\Software\BillP Studios]

[HKCU\Software\CDDB]

[HKCU\Software\Canneverbe Limited]

[HKCU\Software\Classes]

[HKCU\Software\Clients]

[HKCU\Software\Corel]

[HKCU\Software\DSP-worx]

[HKCU\Software\DT Soft]

[HKCU\Software\DataMngr]

[HKCU\Software\EstSoft]

[HKCU\Software\Foxit Software Company]

[HKCU\Software\Foxit Software]

[HKCU\Software\Full Tilt Poker.fr]

[HKCU\Software\Gabest]

[HKCU\Software\GlarySoft]

[HKCU\Software\Google]

[HKCU\Software\Grand Virtual]

[HKCU\Software\Hewlett-Packard]

[HKCU\Software\InstallShield]

[HKCU\Software\Intel]

[HKCU\Software\InterActual Technologies]

[HKCU\Software\JavaSoft]

[HKCU\Software\Keops]

[HKCU\Software\Local AppWizard-Generated Applications]

[HKCU\Software\MGS]

[HKCU\Software\Macromedia]

[HKCU\Software\Malwarebytes' Anti-Malware]

[HKCU\Software\Microgaming]

[HKCU\Software\Mirabilis]

[HKCU\Software\MozillaPlugins]

[HKCU\Software\Mozilla]

[HKCU\Software\MyWaySA]

[HKCU\Software\Nero]

[HKCU\Software\Northcode Inc]

[HKCU\Software\Novell]

[HKCU\Software\ODBC]

[HKCU\Software\PMU]

[HKCU\Software\PartyFrance]

[HKCU\Software\Piriform]

[HKCU\Software\Policies]

[HKCU\Software\Protexis]

[HKCU\Software\RealNetworks]

[HKCU\Software\SSPrint]

[HKCU\Software\SampleView]

[HKCU\Software\Samsung]

[HKCU\Software\Smart Projects]

[HKCU\Software\Soft-R Research]

[HKCU\Software\Sonic]

[HKCU\Software\Spointer]

[HKCU\Software\Textalk]

[HKCU\Software\TomTom]

[HKCU\Software\Trolltech]

[HKCU\Software\VB and VBA Program Settings]

[HKCU\Software\VSO]

[HKCU\Software\Virtools]

[HKCU\Software\VirtualDub.org]

[HKCU\Software\WinRAR SFX]

[HKCU\Software\eChanblard]

[HKCU\Software\pgAdmin III]

[HKCU\Software\searchqutb]

[HKLM\Software\Adobe]

[HKLM\Software\Ahead]

[HKLM\Software\America Online]

[HKLM\Software\AskToolbar]

[HKLM\Software\Avira]

[HKLM\Software\Bandoo]

[HKLM\Software\BillP Studios]

[HKLM\Software\C07ft5Y]

[HKLM\Software\Canneverbe Limited]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\Corel]

[HKLM\Software\DT Soft]

[HKLM\Software\DataMngr]

[HKLM\Software\Debug]

[HKLM\Software\Dell Computers]

[HKLM\Software\Dell]

[HKLM\Software\DirectShowFilters]

[HKLM\Software\EnterpriseDB]

[HKLM\Software\EstSoft]

[HKLM\Software\FDEInstaller]

[HKLM\Software\FRANCE TELECOM]

[HKLM\Software\FREEzeFrog]

[HKLM\Software\Foxit Software]

[HKLM\Software\Full Tilt Poker]

[HKLM\Software\Gabest]

[HKLM\Software\Genesys Logic]

[HKLM\Software\GlarySoft]

[HKLM\Software\Google]

[HKLM\Software\Hewlett-Packard]

[HKLM\Software\InstallShield]

[HKLM\Software\InstalledOptions]

[HKLM\Software\Intel]

[HKLM\Software\InterActual Technologies]

[HKLM\Software\InterVideo]

[HKLM\Software\JavaSoft]

[HKLM\Software\L&H]

[HKLM\Software\Licenses]

[HKLM\Software\MCCI]

[HKLM\Software\Macromedia]

[HKLM\Software\Malwarebytes' Anti-Malware]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\NeoWorx]

[HKLM\Software\Nero]

[HKLM\Software\Notepad]

[HKLM\Software\ODBC]

[HKLM\Software\OfferBox]

[HKLM\Software\PTECH]

[HKLM\Software\Panasonic]

[HKLM\Software\Piriform]

[HKLM\Software\Policies]

[HKLM\Software\PostgreSQL]

[HKLM\Software\Program Groups]

[HKLM\Software\Protexis]

[HKLM\Software\RealNetworks]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\Reviversoft]

[HKLM\Software\Roxio]

[HKLM\Software\SSPrint]

[HKLM\Software\Samsung]

[HKLM\Software\SearchquMediabarTb]

[HKLM\Software\SecureDigitalServices]

[HKLM\Software\Sigmatel]

[HKLM\Software\Sonic]

[HKLM\Software\Symantec]

[HKLM\Software\Titan Poker]

[HKLM\Software\TomTom]

[HKLM\Software\TrendMicro]

[HKLM\Software\VSO]

[HKLM\Software\VideoLAN]

[HKLM\Software\Virtools]

[HKLM\Software\Windows 3.1 Migration Status]

[HKLM\Software\X-AVCSD]

[HKLM\Software\XHEO INC]

[HKLM\Software\Zeb-Utility]

[HKLM\Software\mozilla.org]

~ Scan Softwares in 00mn 00s

 

 

 

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 07/10/2010 - 10:52:16 - [3094515] ----D- C:\Program Files\7-Zip

O43 - CFD: 28/07/2011 - 21:11:14 - [2824456] ----D- C:\Program Files\Ad-Remover

O43 - CFD: 11/08/2006 - 13:56:20 - [75869596] ----D- C:\Program Files\Adobe

O43 - CFD: 17/08/2006 - 08:50:58 - [0] ----D- C:\Program Files\Alwil Software

O43 - CFD: 28/07/2011 - 20:57:32 - [1948615] ----D- C:\Program Files\Ask.com

O43 - CFD: 09/06/2009 - 16:07:32 - [184798016] ----D- C:\Program Files\Avira

O43 - CFD: 07/10/2010 - 10:51:02 - [667719] ----D- C:\Program Files\Bass Audio Decoder

O43 - CFD: 02/04/2007 - 06:47:30 - [849109] ----D- C:\Program Files\BillP Studios

O43 - CFD: 27/03/2011 - 11:52:52 - [4474622] ----D- C:\Program Files\CCleaner

O43 - CFD: 07/10/2010 - 10:51:56 - [299361] ----D- C:\Program Files\CD Audio Reader Filter

O43 - CFD: 06/10/2010 - 10:39:08 - [17424536] ----D- C:\Program Files\CDBurnerXP

O43 - CFD: 07/10/2010 - 11:16:58 - [12298627] ----D- C:\Program Files\Combined Community Codec Pack

O43 - CFD: 27/04/2010 - 12:52:58 - [10308220] ----D- C:\Program Files\DAEMON Tools Lite

O43 - CFD: 07/10/2010 - 10:52:18 - [220642] ----D- C:\Program Files\DCoder Image Source

O43 - CFD: 07/10/2010 - 10:51:28 - [1556125] ----D- C:\Program Files\DScaler5

O43 - CFD: 21/09/2010 - 11:14:24 - [3814099895] ----D- C:\Program Files\eChanblard

O43 - CFD: 26/11/2008 - 20:27:48 - [12324757] ----D- C:\Program Files\ESTsoft

O43 - CFD: 07/10/2010 - 10:52:10 - [9978642] ----D- C:\Program Files\FFMPEG Core Files

O43 - CFD: 10/02/2011 - 15:13:34 - [501811889] ----D- C:\Program Files\Fichiers communs

O43 - CFD: 04/07/2011 - 21:23:00 - [12737862] ----D- C:\Program Files\Foxit Software

O43 - CFD: 20/07/2011 - 15:48:22 - [0] ----D- C:\Program Files\FREEzeFrog

O43 - CFD: 04/07/2011 - 08:36:08 - [109781604] ----D- C:\Program Files\Full Tilt Poker.Fr

O43 - CFD: 07/10/2010 - 10:51:54 - [450848] ----D- C:\Program Files\Gabest MPEG Splitter

O43 - CFD: 28/07/2011 - 20:59:00 - [26321114] ----D- C:\Program Files\Glary Utilities

O43 - CFD: 16/07/2010 - 20:45:28 - [136120] ----D- C:\Program Files\Google

O43 - CFD: 02/02/2011 - 18:15:14 - [119832525] ----D- C:\Program Files\Hewlett-Packard

O43 - CFD: 28/07/2011 - 21:10:10 - [815437] ----D- C:\Program Files\HijackThis

O43 - CFD: 31/01/2011 - 13:36:18 - [68993] ----D- C:\Program Files\icons

O43 - CFD: 11/08/2006 - 13:53:40 - [15569742] ----D- C:\Program Files\Intel

O43 - CFD: 13/09/2010 - 19:33:20 - [1931061] ----D- C:\Program Files\Internet Explorer

O43 - CFD: 08/10/2008 - 17:39:22 - [380928] ----D- C:\Program Files\Inventel

O43 - CFD: 13/11/2009 - 16:04:54 - [197888510] ----D- C:\Program Files\Java

O43 - CFD: 22/09/2010 - 14:17:50 - [161654006] ----D- C:\Program Files\Macromedia

O43 - CFD: 28/07/2011 - 19:45:34 - [7105823] ----D- C:\Program Files\Malwarebytes' Anti-Malware

O43 - CFD: 19/06/2009 - 23:46:14 - [800662] ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2

O43 - CFD: 20/08/2004 - 11:37:28 - [0] ----D- C:\Program Files\microsoft frontpage

O43 - CFD: 30/06/2011 - 16:02:40 - [179463645] ----D- C:\Program Files\Microsoft Office

O43 - CFD: 11/08/2006 - 13:54:52 - [110228165] ----D- C:\Program Files\Microsoft Works

O43 - CFD: 09/01/2011 - 12:24:00 - [339327] ----D- C:\Program Files\Microsoft.NET

O43 - CFD: 07/10/2010 - 10:51:56 - [721262] ----D- C:\Program Files\MONOGRAM AMR SplitterDecoder

O43 - CFD: 12/08/2010 - 23:26:36 - [10374874] ----D- C:\Program Files\Movie Maker

O43 - CFD: 20/07/2011 - 13:31:14 - [31117097] ----D- C:\Program Files\Mozilla Firefox

O43 - CFD: 04/11/2009 - 11:21:02 - [25757] ----D- C:\Program Files\MSBuild

O43 - CFD: 20/08/2004 - 11:34:16 - [8745735] ----D- C:\Program Files\MSN Gaming Zone

O43 - CFD: 29/01/2009 - 11:19:20 - [1125420414] ----D- C:\Program Files\Nero

O43 - CFD: 27/06/2010 - 21:23:02 - [3149824] ----D- C:\Program Files\NetMeeting

O43 - CFD: 31/01/2011 - 22:03:32 - [4876587] ----D- C:\Program Files\Notepad++

O43 - CFD: 01/02/2011 - 15:25:34 - [96600] ----D- C:\Program Files\OfferBox

O43 - CFD: 16/07/2010 - 20:45:30 - [6401970] ----D- C:\Program Files\OpenOffice.org 3

O43 - CFD: 07/10/2010 - 10:51:54 - [430370] ----D- C:\Program Files\OpenSource AVI Splitter

O43 - CFD: 07/10/2010 - 10:51:52 - [342313] ----D- C:\Program Files\OpenSource DTSAC3DD+ Source Filter

O43 - CFD: 07/10/2010 - 10:51:12 - [396583] ----D- C:\Program Files\OpenSource Flash Video Splitter

O43 - CFD: 31/01/2011 - 13:31:24 - [5367157] ----D- C:\Program Files\Opera

O43 - CFD: 17/08/2006 - 08:52:46 - [3364329] ----D- C:\Program Files\Optimisation Windows

O43 - CFD: 14/09/2010 - 13:17:46 - [351969645] ----D- C:\Program Files\Orange

O43 - CFD: 15/12/2010 - 23:38:38 - [4379321] ----D- C:\Program Files\Outlook Express

O43 - CFD: 29/06/2011 - 09:01:34 - [43254006] ----D- C:\Program Files\PartyFrance

O43 - CFD: 31/01/2011 - 22:03:32 - [39161625] ----D- C:\Program Files\Picasa2

O43 - CFD: 20/07/2011 - 13:31:12 - [50616926] ----D- C:\Program Files\PMU

O43 - CFD: 08/06/2011 - 11:11:32 - [89458347] ----D- C:\Program Files\PokerStars.FR

O43 - CFD: 05/04/2011 - 14:05:14 - [81407047] ----D- C:\Program Files\PokerStrategy.com

O43 - CFD: 05/04/2011 - 14:07:24 - [1647823064] ----D- C:\Program Files\PostgreSQL

O43 - CFD: 07/10/2010 - 10:51:50 - [12785326] ----D- C:\Program Files\RealMedia

O43 - CFD: 04/11/2009 - 11:20:56 - [37949185] ----D- C:\Program Files\Reference Assemblies

O43 - CFD: 16/07/2010 - 20:47:04 - [1236821] ----D- C:\Program Files\RegCleaner

O43 - CFD: 12/09/2008 - 15:12:50 - [4972544] ----D- C:\Program Files\Roxio

O43 - CFD: 31/03/2011 - 12:51:58 - [0] ----D- C:\Program Files\RVG Software

O43 - CFD: 16/07/2010 - 21:07:18 - [51495603] ----D- C:\Program Files\Samsung

O43 - CFD: 07/10/2010 - 10:51:58 - [278883] ----D- C:\Program Files\SHOUTcast Source

O43 - CFD: 28/01/2009 - 18:31:54 - [9709951] ----D- C:\Program Files\Smart Projects

O43 - CFD: 11/08/2006 - 13:59:46 - [154] ----D- C:\Program Files\Sonic

O43 - CFD: 06/10/2010 - 09:58:14 - [50448426] ----D- C:\Program Files\TomTom HOME 2

O43 - CFD: 06/10/2010 - 09:58:40 - [22486] ----D- C:\Program Files\TomTom International B.V

O43 - CFD: 06/10/2010 - 13:11:32 - [2179492] ----D- C:\Program Files\Tomtomax Maxi-Box

O43 - CFD: 17/06/2008 - 14:22:32 - [0] --H-D- C:\Program Files\Uninstall Information

O43 - CFD: 20/11/2008 - 17:26:20 - [89777002] ----D- C:\Program Files\VideoLAN

O43 - CFD: 19/12/2010 - 18:36:38 - [15324543] ----D- C:\Program Files\Virtools

O43 - CFD: 24/10/2009 - 12:38:56 - [3317984] ----D- C:\Program Files\VSO

O43 - CFD: 09/12/2008 - 13:24:46 - [3581070] ----D- C:\Program Files\Windows Media Connect 2

O43 - CFD: 31/01/2011 - 22:03:32 - [3214608] ----D- C:\Program Files\Windows Media Player

O43 - CFD: 29/09/2008 - 09:01:58 - [3942655] ----D- C:\Program Files\Windows NT

O43 - CFD: 01/02/2011 - 13:45:10 - [10910651] ----D- C:\Program Files\Windows Searchqu Toolbar

O43 - CFD: 29/01/2009 - 11:17:06 - [49852356] ----D- C:\Program Files\Windows Sidebar

O43 - CFD: 16/08/2006 - 23:23:42 - [0] --H-D- C:\Program Files\WindowsUpdate

O43 - CFD: 20/08/2004 - 11:37:28 - [0] ----D- C:\Program Files\xerox

O43 - CFD: 02/02/2011 - 18:16:24 - [89822996] ----D- C:\Program Files\Zeb-Utility

O43 - CFD: 28/07/2011 - 21:14:40 - [3936128] ----D- C:\Program Files\ZHPDiag

O43 - CFD: 17/08/2006 - 12:18:14 - [62919] ----D- C:\Program Files\Fichiers Communs\Adobe

O43 - CFD: 30/09/2006 - 12:05:04 - [86016] ----D- C:\Program Files\Fichiers Communs\DESIGNER

O43 - CFD: 14/09/2010 - 13:07:44 - [8113537] ----D- C:\Program Files\Fichiers Communs\France Telecom

O43 - CFD: 19/01/2011 - 12:07:50 - [115118] ----D- C:\Program Files\Fichiers Communs\Hewlett-Packard

O43 - CFD: 11/08/2006 - 13:57:38 - [13500015] ----D- C:\Program Files\Fichiers Communs\InstallShield

O43 - CFD: 11/08/2006 - 13:49:04 - [55448464] ----D- C:\Program Files\Fichiers Communs\Java

O43 - CFD: 22/09/2010 - 14:18:54 - [1003644] ----D- C:\Program Files\Fichiers Communs\Macromedia

O43 - CFD: 15/07/2010 - 03:04:26 - [134729567] ----D- C:\Program Files\Fichiers Communs\Microsoft Shared

O43 - CFD: 20/08/2004 - 11:35:30 - [568832] ----D- C:\Program Files\Fichiers Communs\MSSoap

O43 - CFD: 29/01/2009 - 11:43:14 - [218289668] ----D- C:\Program Files\Fichiers Communs\Nero

O43 - CFD: 11/08/2006 - 13:56:00 - [2392177] ----D- C:\Program Files\Fichiers Communs\Nullsoft

O43 - CFD: 10/02/2011 - 15:13:34 - [0] ----D- C:\Program Files\Fichiers Communs\ODBC

O43 - CFD: 30/06/2009 - 23:53:28 - [106260] ----D- C:\Program Files\Fichiers Communs\Real

O43 - CFD: 16/07/2010 - 19:08:34 - [5757937] ----D- C:\Program Files\Fichiers Communs\Roxio Shared

O43 - CFD: 20/08/2004 - 11:35:32 - [8106] ----D- C:\Program Files\Fichiers Communs\Services

O43 - CFD: 20/08/2004 - 11:30:36 - [3787229] ----D- C:\Program Files\Fichiers Communs\SpeechEngines

O43 - CFD: 29/09/2008 - 09:01:54 - [20169119] ----D- C:\Program Files\Fichiers Communs\System

O43 - CFD: 18/06/2009 - 20:45:34 - [37394753] ----D- C:\Program Files\Fichiers Communs\Windows Live

O43 - CFD: 17/06/2008 - 14:26:08 - [7216150] ----D- C:\Documents and Settings\radicho\Application Data\Adobe

O43 - CFD: 12/01/2008 - 19:58:36 - [0] ----D- C:\Documents and Settings\radicho\Application Data\Apple Computer

O43 - CFD: 06/10/2010 - 10:39:38 - [1524] ----D- C:\Documents and Settings\radicho\Application Data\Canneverbe Limited

O43 - CFD: 16/08/2006 - 23:24:40 - [344064] ----D- C:\Documents and Settings\radicho\Application Data\Corel Photo Album

O43 - CFD: 26/02/2009 - 14:16:28 - [481] ----D- C:\Documents and Settings\radicho\Application Data\DAEMON Tools

O43 - CFD: 27/04/2010 - 13:07:28 - [2066] ----D- C:\Documents and Settings\radicho\Application Data\DAEMON Tools Lite

O43 - CFD: 09/06/2009 - 14:19:24 - [0] ----D- C:\Documents and Settings\radicho\Application Data\DartyBox

O43 - CFD: 31/01/2011 - 18:43:42 - [0] ----D- C:\Documents and Settings\radicho\Application Data\Dossier de téléchargement Share-to-Web

O43 - CFD: 31/01/2011 - 18:43:42 - [0] ----D- C:\Documents and Settings\radicho\Application Data\Dossier de téléchargement Share-to-Web

O43 - CFD: 19/07/2011 - 15:18:10 - [311] ----D- C:\Documents and Settings\radicho\Application Data\dvdcss

O43 - CFD: 20/10/2006 - 12:43:32 - [64] ----D- C:\Documents and Settings\radicho\Application Data\EFF

O43 - CFD: 26/11/2008 - 20:28:08 - [1003] ----D- C:\Documents and Settings\radicho\Application Data\ESTsoft

O43 - CFD: 11/02/2009 - 18:19:28 - [34100] ----D- C:\Documents and Settings\radicho\Application Data\Foxit

O43 - CFD: 20/07/2011 - 15:48:22 - [0] ----D- C:\Documents and Settings\radicho\Application Data\FREEzeFrog

O43 - CFD: 16/07/2010 - 21:07:58 - [86031] ----D- C:\Documents and Settings\radicho\Application Data\GlarySoft

O43 - CFD: 29/01/2009 - 14:45:44 - [0] ----D- C:\Documents and Settings\radicho\Application Data\Help

O43 - CFD: 04/11/2009 - 20:15:08 - [7827599] ----D- C:\Documents and Settings\radicho\Application Data\HouseCall 6.6

O43 - CFD: 14/05/2009 - 15:21:50 - [21358] ----D- C:\Documents and Settings\radicho\Application Data\Icone

O43 - CFD: 21/05/2009 - 16:11:46 - [4638] ----D- C:\Documents and Settings\radicho\Application Data\Identities

O43 - CFD: 26/10/2010 - 15:55:24 - [1525754] ----D- C:\Documents and Settings\radicho\Application Data\KompoZer

O43 - CFD: 26/10/2010 - 15:58:40 - [213051] ----D- C:\Documents and Settings\radicho\Application Data\kompozer.net

O43 - CFD: 19/08/2006 - 15:55:40 - [510] ----D- C:\Documents and Settings\radicho\Application Data\Leadertech

O43 - CFD: 22/09/2010 - 15:36:14 - [5614741] ----D- C:\Documents and Settings\radicho\Application Data\Macromedia

O43 - CFD: 09/06/2009 - 14:45:12 - [19438458] ----D- C:\Documents and Settings\radicho\Application Data\Malwarebytes

O43 - CFD: 26/07/2011 - 13:43:46 - [0] ----D- C:\Documents and Settings\radicho\Application Data\Media Player Classic

O43 - CFD: 29/03/2011 - 11:33:50 - [1722522] ----D- C:\Documents and Settings\radicho\Application Data\Microgaming

O43 - CFD: 02/02/2011 - 19:46:18 - [9474456] -S--D- C:\Documents and Settings\radicho\Application Data\Microsoft

O43 - CFD: 08/11/2010 - 11:45:44 - [584590] ----D- C:\Documents and Settings\radicho\Application Data\moovida-1

O43 - CFD: 09/11/2010 - 18:30:08 - [16881690] ----D- C:\Documents and Settings\radicho\Application Data\Mozilla

O43 - CFD: 21/01/2011 - 22:51:58 - [964414] ----D- C:\Documents and Settings\radicho\Application Data\Mozilla-Cache

O43 - CFD: 18/06/2009 - 20:44:46 - [1559] ----D- C:\Documents and Settings\radicho\Application Data\MSN6

O43 - CFD: 29/01/2009 - 12:59:54 - [1733363] ----D- C:\Documents and Settings\radicho\Application Data\Nero

O43 - CFD: 23/09/2010 - 12:28:14 - [105761] ----D- C:\Documents and Settings\radicho\Application Data\Notepad++

O43 - CFD: 31/01/2011 - 13:36:24 - [238766] ----D- C:\Documents and Settings\radicho\Application Data\OfferBox

O43 - CFD: 05/02/2009 - 17:16:26 - [2345150] ----D- C:\Documents and Settings\radicho\Application Data\OpenOffice.org

O43 - CFD: 09/06/2009 - 11:30:00 - [0] ----D- C:\Documents and Settings\radicho\Application Data\Panasonic

O43 - CFD: 08/03/2011 - 22:39:34 - [343027] ----D- C:\Documents and Settings\radicho\Application Data\Reviversoft

O43 - CFD: 16/07/2010 - 21:07:26 - [0] ----D- C:\Documents and Settings\radicho\Application Data\Samsung

O43 - CFD: 01/07/2011 - 12:37:02 - [23929] ----D- C:\Documents and Settings\radicho\Application Data\searchqutb

O43 - CFD: 12/12/2010 - 20:35:02 - [835584] ----D- C:\Documents and Settings\radicho\Application Data\Soft-R Research

O43 - CFD: 29/08/2006 - 08:48:44 - [0] ----D- C:\Documents and Settings\radicho\Application Data\Sonic

O43 - CFD: 30/07/2007 - 20:44:54 - [246628] ----D- C:\Documents and Settings\radicho\Application Data\Sony Ericsson

O43 - CFD: 11/08/2006 - 13:49:12 - [16176577] ----D- C:\Documents and Settings\radicho\Application Data\Sun

O43 - CFD: 11/08/2006 - 14:02:34 - [0] ----D- C:\Documents and Settings\radicho\Application Data\Symantec

O43 - CFD: 18/09/2009 - 14:18:02 - [19532] ----D- C:\Documents and Settings\radicho\Application Data\TeamViewer

O43 - CFD: 30/07/2007 - 20:45:42 - [7416860] ----D- C:\Documents and Settings\radicho\Application Data\Teleca

O43 - CFD: 19/08/2006 - 11:56:30 - [8704] ----D- C:\Documents and Settings\radicho\Application Data\Template

O43 - CFD: 06/10/2010 - 09:58:58 - [952691] ----D- C:\Documents and Settings\radicho\Application Data\TomTom

O43 - CFD: 07/12/2010 - 09:11:54 - [289492] ----D- C:\Documents and Settings\radicho\Application Data\Uniblue

O43 - CFD: 01/12/2007 - 07:59:30 - [33126] ----D- C:\Documents and Settings\radicho\Application Data\Viewpoint

O43 - CFD: 20/07/2011 - 21:48:30 - [1312441] ----D- C:\Documents and Settings\radicho\Application Data\vlc

O43 - CFD: 07/09/2009 - 13:53:04 - [7957] ----D- C:\Documents and Settings\radicho\Application Data\Vso

O43 - CFD: 02/04/2007 - 06:47:36 - [790] ----D- C:\Documents and Settings\radicho\Application Data\WinPatrol

O43 - CFD: 11/08/2006 - 13:56:08 - [0] ----D- C:\Documents and Settings\radicho\Application Data\You've Got Pictures Screensaver

O43 - CFD: 21/05/2009 - 16:11:44 - [3774] ----D- C:\Documents and Settings\radicho\Application Data\Zylom

O43 - CFD: 19/12/2010 - 18:37:06 - [0] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\3DVIA

O43 - CFD: 16/07/2010 - 19:07:22 - [0] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\addtoustart

O43 - CFD: 17/08/2006 - 12:50:16 - [250793] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\Adobe

O43 - CFD: 12/01/2008 - 19:43:26 - [0] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\Apple

O43 - CFD: 12/01/2008 - 19:43:14 - [19906] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\Apple Computer

O43 - CFD: 17/09/2010 - 09:51:38 - [10559] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\ApplicationHistory

O43 - CFD: 14/03/2011 - 18:30:24 - [2003961] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\cache

O43 - CFD: 16/08/2006 - 23:24:38 - [16712] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\Corel Photo Album

O43 - CFD: 14/01/2011 - 12:14:44 - [146144968] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\Downloaded Installations

O43 - CFD: 14/01/2011 - 12:20:44 - [65] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\Equilab

O43 - CFD: 09/06/2011 - 16:37:58 - [0] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\FullTiltPoker

O43 - CFD: 28/06/2011 - 17:16:30 - [1324790] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\FullTiltPoker.fr

O43 - CFD: 15/07/2010 - 20:33:38 - [35294418] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\Google

O43 - CFD: 16/08/2006 - 16:43:46 - [5509716] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\Identities

O43 - CFD: 31/03/2011 - 10:22:54 - [152177] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\In The Money

O43 - CFD: 28/01/2011 - 13:34:22 - [1532] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\IsolatedStorage

O43 - CFD: 10/07/2011 - 13:22:58 - [27280211] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\Microsoft

O43 - CFD: 08/11/2010 - 11:54:20 - [134199] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\moovida Air

O43 - CFD: 16/08/2006 - 16:52:04 - [82284681] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\Mozilla

O43 - CFD: 07/10/2010 - 11:19:48 - [79261] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\Nero

O43 - CFD: 07/12/2010 - 09:11:30 - [0] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\PackageAware

O43 - CFD: 05/04/2011 - 14:06:46 - [116226392] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\PokerStrategy.com

O43 - CFD: 06/10/2010 - 09:58:58 - [2033276] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\TomTom

O43 - CFD: 11/08/2006 - 13:49:02 - [10043904] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}

~ Scan Program Folder in 00mn 05s

 

 

 

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.CEC7B266CA431DB7DA4ED2610A6B2E79] - 28/07/2011 - 20:11:47 ---A- . (...) -- C:\Ad-Report-SCAN[1].txt [17615]

O44 - LFC:[MD5.01AA82EB44C393969A662B97EA8EC31D] - 28/07/2011 - 20:01:15 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [1821826]

O44 - LFC:[MD5.55922DAB65CBB518351AF1697BC8A096] - 28/07/2011 - 19:59:55 ---A- . (...) -- C:\WINDOWS\System32\wpa.dbl [2206]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 28/07/2011 - 19:59:36 ---A- . (...) -- C:\WINDOWS\0.log [0]

O44 - LFC:[MD5.B0AA0ADF5A68B5DC6E1FBC56A6B5872D] - 28/07/2011 - 19:59:25 ---A- . (...) -- C:\WINDOWS\wiadebug.log [157]

O44 - LFC:[MD5.7A690BF466A60BE97A4D056E1078F55A] - 28/07/2011 - 19:59:23 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]

O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 28/07/2011 - 19:59:05 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048]

O44 - LFC:[MD5.B56C831484B2FB1545B47A6866FD89A7] - 28/07/2011 - 19:57:43 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [32274]

O44 - LFC:[MD5.0A47EAFFC885BCDE091BC5CFE6D34F24] - 28/07/2011 - 19:56:51 ---A- . (.Pas de propriétaire - Setup/Uninstall.) -- C:\WINDOWS\isRS-000.tmp [704000]

O44 - LFC:[MD5.4679A2329C2BD00E927AFEB8918747D7] - 14/07/2011 - 15:05:03 ---A- . (...) -- C:\WINDOWS\System32\FNTCACHE.DAT [239144]

O44 - LFC:[MD5.ECA00EED9AB95489007B0EF84C7149DE] - 06/07/2011 - 18:52:42 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys [22712]

O44 - LFC:[MD5.B18225739ED9CAA83BA2DF966E9F43E8] - 06/07/2011 - 18:52:42 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [41272]

O44 - LFC:[MD5.8F433AFE9BC750D743C96A1563E4059F] - 30/06/2011 - 15:06:54 ---A- . (...) -- C:\WINDOWS\System32\PerfStringBackup.INI [1256934]

O44 - LFC:[MD5.D1A1F049A8B84609AA1ED044BB5EE6C2] - 30/06/2011 - 15:06:54 ---A- . (...) -- C:\WINDOWS\System32\perfc009.dat [89850]

O44 - LFC:[MD5.8606EDB14043D35CAF7E929D5B4400EF] - 30/06/2011 - 15:06:54 ---A- . (...) -- C:\WINDOWS\System32\perfc00C.dat [106528]

O44 - LFC:[MD5.673FF07622C87FCFEA9CDD027422EE98] - 30/06/2011 - 15:06:54 ---A- . (...) -- C:\WINDOWS\System32\perfh009.dat [507056]

O44 - LFC:[MD5.89329F65B1C008230374B9F6170A2254] - 30/06/2011 - 15:06:54 ---A- . (...) -- C:\WINDOWS\System32\perfh00C.dat [580482]

~ Scan Files in 00mn 46s

 

 

 

---\\ Export de clé d'application autorisée (O47)

O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe

O47 - AAKE:Key Export SP - "C:\Program Files\eChanblard\emule.exe" [Enabled] .(.http://www.emule-project.net - eMule.) -- C:\Program Files\eChanblard\emule.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Java\jre6\bin\java.exe" [Enabled] .(.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\java.exe

O47 - AAKE:Key Export SP - "C:\Program Files\PartyFrance\PartyFrance.exe" [Enabled] .(.Pas de propriétaire - PartyGaming MFC Application.) -- C:\Program Files\PartyFrance\PartyFrance.exe

O47 - AAKE:Key Export SP - "C:\Program Files\PartyFrance\PartyPokerFr\RunApp.exe" [Enabled] .(.Pas de propriétaire - RunApp MFC Application.) -- C:\Program Files\PartyFrance\PartyPokerFr\RunApp.exe

O47 - AAKE:Key Export SP - "C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe" [Enabled] .(...) -- C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe (.not file.)

O47 - AAKE:Key Export SP - "C:\Program Files\Orange\Connexion Internet Orange\Connectivity\ConnectivityManager.exe" [Enabled] .(.France Telecom SA.) -- C:\Program Files\Orange\Connexion Internet Orange\Connectivity\ConnectivityManager.exe

O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe" [Enabled] .(...) -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Nam

O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe

~ Scan Keys in 00mn 00s

 

 

 

---\\ Contrôle du Safe Boot (CSB) (O49)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\System32\Drivers\dmboot.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\System32\Drivers\dmio.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\System32\Drivers\dmload.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (...) -- C:\WINDOWS\System32\Drivers\sermouse.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\System32\Drivers\sr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\System32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\WINDOWS\System32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\System32\Drivers\dmboot.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\System32\Drivers\dmio.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\System32\Drivers\dmload.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys . (.Microsoft Corporation - IPv6 Windows Firewall Driver.) -- C:\WINDOWS\System32\Drivers\ip6fw.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\System32\Drivers\ipnat.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\WINDOWS\System32\Drivers\rdpcdd.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys . (...) -- C:\WINDOWS\System32\Drivers\rdpdd.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys . (.Microsoft Corporation - RDP Terminal Stack Driver (US/Canada Only, Not for Export).) -- C:\WINDOWS\System32\Drivers\rdpwd.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (...) -- C:\WINDOWS\System32\Drivers\sermouse.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\System32\Drivers\sr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys . (.Microsoft Corporation - Named Pipe Transport Driver.) -- C:\WINDOWS\System32\Drivers\tdpipe.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys . (.Microsoft Corporation - TCP Transport Driver.) -- C:\WINDOWS\System32\Drivers\tdtcp.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\System32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\WINDOWS\System32\Drivers\vgasave.sys (.not file.)

~ Scan CSB in 00mn 00s

 

 

 

---\\ Image File Execution Options (IFEO) (O50)

O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

~ Scan IFEO in 00mn 00s

 

 

 

---\\ MountPoints2 Shell Key (O51)

O51 - MPSK:{90836209-d11f-11df-aa51-0016766e727d}\AutoRun\command. (...) -- G:\InstallTomTomHOME.exe (.not file.)

~ Scan Keys in 00mn 00s

 

 

 

---\\ Trojan Driver Search Data (HKLM) (O52)

O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm

O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll

O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (...) -- C:\WINDOWS\System32\ir32_32.dll

O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (...) -- C:\WINDOWS\System32\ir32_32.dll

O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax

O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm

O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax

O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm

O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm

O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax

O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (...) -- (.not file.)

O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm

O52 - TDSD: \drivers.desc\"C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll"="ffdshow Video Codec" . (...) -- (.not file.)

~ Scan Keys in 00mn 00s

 

 

 

---\\ Microsoft Control Security Providers (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll

~ Scan Keys in 00mn 00s

 

 

 

---\\ Microsoft Windows Policies System (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

~ Scan Keys in 00mn 00s

 

 

 

---\\ Microsoft Windows Policies Explorer (O56)

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=1

~ Scan Keys in 00mn 00s

 

 

 

---\\ Liste des Drivers Système (O58)

O58 - SDL:[MD5.1140AB9938809700B46BB88E46D72A96] - 17/08/2006 - 21:51:56 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\WINDOWS\system32\drivers\aliide.sys [5248]

O58 - SDL:[MD5.95B4FB835E28AA1336CEEB07FD5B9398] - 13/04/2008 - 19:36:39 ---A- . (.Advanced Micro Devices, Inc. - AMD Win2000 AGP Filter.) -- C:\WINDOWS\system32\drivers\amdagp.sys [43008]

O58 - SDL:[MD5.62D318E9A0C8FC9B780008E724283707] - 17/08/2006 - 21:52:00 ---A- . (.Advanced System Products, Inc. - AdvanSys SCSI Controller Driver.) -- C:\WINDOWS\system32\drivers\asc.sys [26496]

O58 - SDL:[MD5.5D8DE112AA0254B907861E9E9C31D597] - 17/08/2006 - 21:51:58 ---A- . (.Advanced System Products, Inc. - AdvanSys Ultra-Wide PCI SCSI Driver.) -- C:\WINDOWS\system32\drivers\asc3550.sys [14848]

O58 - SDL:[MD5.5B44C214F9CD9F590BE9125347610380] - 09/06/2009 - 11:17:49 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\system32\drivers\avgntdd.sys [45416]

O58 - SDL:[MD5.14FE36D8F2C6A2435275338D061A0B66] - 09/06/2009 - 10:02:31 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\WINDOWS\system32\drivers\avgntflt.sys [56816]

O58 - SDL:[MD5.2DAA8CC2670720DEDDCC74A20EDE2EE9] - 09/06/2009 - 11:28:39 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver Manager.) -- C:\WINDOWS\system32\drivers\avgntmgr.sys [22360]

O58 - SDL:[MD5.AD9BD66A862116E79CB45BB6BE46055F] - 09/06/2009 - 09:32:47 ---A- . (.Avira GmbH - Avira Driver for RootKit Detection.) -- C:\WINDOWS\system32\drivers\avipbb.sys [96104]

O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 20/08/2004 - 12:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys [262528]

O58 - SDL:[MD5.E3726AD522D0BDAE090671048C991AB3] - 17/08/2006 - 17:04:44 ---A- . (.CMD Technology, Inc. - Pilote de bus PCI IDE CMD.) -- C:\WINDOWS\system32\drivers\cmdide.sys [6656]

O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 20/08/2004 - 12:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys [11776]

O58 - SDL:[MD5.E550E7418984B65A78299D248F0A7F36] - 17/08/2006 - 21:52:16 ---A- . (.Mylex Corporation - Mylex Disk Array Controller Driver.) -- C:\WINDOWS\system32\drivers\dac2w2k.sys [179584]

O58 - SDL:[MD5.95974E66D3DE4951D29E28E8BC0B644C] - 17/08/2006 - 01:30:46 ---A- . (.Intel Corporation - Intel® PRO/100 Adapter NDIS 5.1 driver.) -- C:\WINDOWS\system32\drivers\e100b325.sys [155648]

O58 - SDL:[MD5.CABBA915F11FF2013C550BB1A9B977DF] - 17/08/2006 - 22:27:16 ---A- . (.SingleClick Systems - SCS NDIS 5.0 Wireless Protocol Driver.) -- C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys [13696]

O58 - SDL:[MD5.5A8E05F1D5C36ABD58CFFA111EB325EA] - 17/08/2006 - 14:15:18 ---A- . (.Intel Corporation - Intel Graphics Miniport Driver.) -- C:\WINDOWS\system32\drivers\ialmnt5.sys [1302812]

O58 - SDL:[MD5.9121D8FFFF773C66BBF4955E4F7AAC23] - 11/08/2006 - 15:12:14 ---A- . (.Intel Corporation - Intel® Network Adapter Diagnostic Driver.) -- C:\WINDOWS\system32\drivers\iqvw32.sys [19456]

O58 - SDL:[MD5.ECA00EED9AB95489007B0EF84C7149DE] - 09/06/2009 - 18:52:42 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys [22712]

O58 - SDL:[MD5.B18225739ED9CAA83BA2DF966E9F43E8] - 28/07/2011 - 18:52:42 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys [41272]

O58 - SDL:[MD5.3F4BB95E5A44F3BE34824E8E7CAF0737] - 17/08/2006 - 21:52:12 ---A- . (.American Megatrends Inc. - MegaRAID RAID Controller Driver for Windows Whistler 32.) -- C:\WINDOWS\system32\drivers\mraid35x.sys [17280]

O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 20/08/2004 - 12:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys [12032]

O58 - SDL:[MD5.2B298519EDBFCF451D43E0F1E8F1006D] - 17/08/2006 - 22:29:56 ---A- . (.NVIDIA Corporation - NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73.) -- C:\WINDOWS\system32\drivers\nv4_mini.sys [1897408]

O58 - SDL:[MD5.EC0D523B492764B15B3B6B1E17172201] - 17/08/2006 - 22:26:10 ---A- . (.SingleClick Systems - SCS NDIS 5.0 Auto IP Protocol Driver.) -- C:\WINDOWS\system32\drivers\packet.sys [13312]

O58 - SDL:[MD5.5B6C11DE7E839C05248CED8825470FEF] - 04/09/2009 - 08:14:26 ---A- . (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\WINDOWS\system32\drivers\pcouffin.sys [47360]

O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 17/08/2006 - 12:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys [17792]

O58 - SDL:[MD5.F7BB4E7A7C02AB4A2672937E124E306E] - 05/12/2007 - 22:53:22 ---A- . (.Sonic Solutions - Px Engine Device Driver for Windows 2000/XP.) -- C:\WINDOWS\system32\drivers\pxhelp20.sys [36560]

O58 - SDL:[MD5.0A63FB54039EB5662433CABA3B26DBA7] - 17/08/2006 - 21:52:20 ---A- . (.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) -- C:\WINDOWS\system32\drivers\ql1080.sys [40320]

O58 - SDL:[MD5.156ED0EF20C15114CA097A34A30D8A01] - 17/08/2006 - 21:52:20 ---A- . (.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) -- C:\WINDOWS\system32\drivers\ql12160.sys [45312]

O58 - SDL:[MD5.907F0AEEA6BC451011611E732BD31FCF] - 17/08/2006 - 21:52:18 ---A- . (.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) -- C:\WINDOWS\system32\drivers\ql1280.sys [49024]

O58 - SDL:[MD5.2C4FB2E9F039287767C384E46EE91030] - 06/01/2010 - 16:18:02 R--A- . (.Research in Motion Ltd - RIM Virtual Serial Driver.) -- C:\WINDOWS\system32\drivers\RimSerial.sys [27136]

O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 20/08/2004 - 12:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys [12032]

O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 20/08/2004 - 12:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys [12032]

O58 - SDL:[MD5.62AF804EBB0CC6A34DDD1B0AACACD47F] - 30/07/2007 - 08:46:52 R--A- . (.MCCI - Sony Ericsson Device 043 Driver Driver.) -- C:\WINDOWS\system32\drivers\SE2Bbus.sys [61600]

O58 - SDL:[MD5.58F020F88F5DB6F57C6229ED26C02290] - 30/07/2007 - 08:46:54 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\SE2Bcm.sys [6240]

O58 - SDL:[MD5.58F020F88F5DB6F57C6229ED26C02290] - 30/07/2007 - 08:46:54 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\SE2Bcmnt.sys [6240]

O58 - SDL:[MD5.F5AE0A580F850E358B79B6D37C560904] - 30/07/2007 - 08:46:58 R--A- . (.MCCI - Sony Ericsson Device 043 USB Ethernet Emulation (WDM class regi.) -- C:\WINDOWS\system32\drivers\se2Bcr.sys [4128]

O58 - SDL:[MD5.FEF0BC327F083210C5A5DD890BF41C0A] - 30/07/2007 - 08:46:58 R--A- . (.MCCI - Sony Ericsson Device 043 USB WMC Modem Filter Driver.) -- C:\WINDOWS\system32\drivers\SE2Bmdfl.sys [9360]

O58 - SDL:[MD5.00CFA9A63E3915BEE7E3FBC23213B8FD] - 30/07/2007 - 08:47:00 R--A- . (.MCCI - Sony Ericsson Device 043 USB WMC Modem WDM Driver.) -- C:\WINDOWS\system32\drivers\SE2Bmdm.sys [97184]

O58 - SDL:[MD5.46147915DA4525A95E9404B646DF91EF] - 30/07/2007 - 08:47:06 R--A- . (.MCCI - Sony Ericsson Device 043 USB WMC Device Management Driver.) -- C:\WINDOWS\system32\drivers\SE2Bmgmt.sys [88688]

O58 - SDL:[MD5.DBAAF0DE434F4D88DB40DB3AFAB301FE] - 30/07/2007 - 08:47:08 R--A- . (.MCCI - Sony Ericsson Device 043 USB Ethernet Emulation (NDIS 5 Minipor.) -- C:\WINDOWS\system32\drivers\se2Bnd5.sys [18704]

O58 - SDL:[MD5.98B2F0E34D1F3AEE840F741C161C01EE] - 30/07/2007 - 08:47:10 R--A- . (.MCCI - Sony Ericsson Device 043 USB WMC OBEX Interface Device Driver.) -- C:\WINDOWS\system32\drivers\SE2Bobex.sys [86560]

O58 - SDL:[MD5.29ACFCC6AFBA06DFD7C66C5C33087F9C] - 30/07/2007 - 08:47:18 R--A- . (.MCCI - Sony Ericsson Device 043 USB Ethernet Emulation.) -- C:\WINDOWS\system32\drivers\se2Bunic.sys [90800]

O58 - SDL:[MD5.7217C7C599DBF2322CC245F807004E6F] - 30/07/2007 - 08:47:22 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\SE2Bwh.sys [5872]

O58 - SDL:[MD5.7217C7C599DBF2322CC245F807004E6F] - 30/07/2007 - 08:47:22 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\SE2Bwhnt.sys [5872]

O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/11/2007 - 11:25:54 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys [20480]

O58 - SDL:[MD5.4EDC881C138E778FEB9BD24CBC6B33ED] - 20/06/2005 - 10:12:00 ---A- . (.SiS Corporation - SiS163 usb Wireless LAN Adapter Driver.) -- C:\WINDOWS\system32\drivers\sis163u.sys [215040]

O58 - SDL:[MD5.6B33D0EBD30DB32E27D1D78FE946A754] - 13/04/2008 - 19:36:39 ---A- . (.Silicon Integrated Systems Corporation - SiS NT AGP Filter.) -- C:\WINDOWS\system32\drivers\sisagp.sys [40960]

O58 - SDL:[MD5.A1ECEEAA5C5E74B2499EB51D38185B84] - 17/05/2009 - 20:56:16 ---A- . (.Sony Corporation - Sony USB Lower Filter driver.) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS [7552]

O58 - SDL:[MD5.83C0F71F86D3BDAF915685F3D568B20E] - 17/08/2006 - 22:07:44 ---A- . (.Adaptec, Inc. - Adaptec AIC-6x60 series SCSI miniport.) -- C:\WINDOWS\system32\drivers\sparrow.sys [19072]

O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 26/02/2009 - 00:00:00 ---A- . (...) -- C:\WINDOWS\system32\drivers\sptd.sys [691696]

O58 - SDL:[MD5.3AD0362CF68DE3AC500E981700242CCA] - 09/06/2009 - 19:48:11 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\drivers\ssmdrv.sys [28520]

O58 - SDL:[MD5.DF5C19F053EFF7F8BA25D73AEA899656] - 25/10/2009 - 01:47:38 ---A- . (.MCCI - SAMSUNG Mobile USB Device II 1.0 Driver.) -- C:\WINDOWS\system32\drivers\ssm_bus.sys [58320]

O58 - SDL:[MD5.A2C7705A4745A60B875F931860DF3557] - 25/10/2009 - 01:49:28 ---A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\ssm_cm.sys [6176]

O58 - SDL:[MD5.A2C7705A4745A60B875F931860DF3557] - 25/10/2009 - 01:49:28 ---A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\ssm_cmnt.sys [6176]

O58 - SDL:[MD5.5347169FA449EABC4D0728AE39FAB926] - 25/10/2009 - 01:49:34 ---A- . (.MCCI - SAMSUNG Mobile USB Modem II 1.0 Filter Driver.) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys [8336]

O58 - SDL:[MD5.7AAE23DD105EED15C4F45FC269FA42A9] - 25/10/2009 - 01:49:38 ---A- . (.MCCI - SAMSUNG Mobile USB Modem II 1.0 Driver.) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys [94000]

O58 - SDL:[MD5.5F4D52B9C1A7312598D88CBAECB3FC70] - 25/10/2009 - 01:47:34 ---A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\ssm_wh.sys [5840]

O58 - SDL:[MD5.5F4D52B9C1A7312598D88CBAECB3FC70] - 25/10/2009 - 01:47:34 ---A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\ssm_whnt.sys [5840]

O58 - SDL:[MD5.F92254B0BCFCD10CAAC7BCCC7CB7F467] - 06/10/2010 - 13:48:56 ---A- . (...) -- C:\WINDOWS\system32\drivers\StarOpen.sys [7168]

O58 - SDL:[MD5.2A2DC39623ADEF8AB3703AB9FAC4B440] - 17/08/2006 - 14:36:00 ---A- . (.SigmaTel, Inc. - NDRC.) -- C:\WINDOWS\system32\drivers\sthda.sys [1047816]

O58 - SDL:[MD5.1FF3217614018630D0A6758630FC698C] - 17/08/2006 - 22:07:34 ---A- . (.Symbios Logic Inc. - Symbios Logic Inc. SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\symc810.sys [16256]

O58 - SDL:[MD5.070E001D95CF725186EF8B20335F933C] - 17/08/2006 - 22:07:36 ---A- . (.LSI Logic - Symbios 8XX SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\symc8xx.sys [32640]

O58 - SDL:[MD5.80AC1C4ABBE2DF3B738BF15517A51F2C] - 17/08/2006 - 22:07:40 ---A- . (.LSI Logic - Symbios Hi-Perf SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\sym_hi.sys [28384]

O58 - SDL:[MD5.BF4FAB949A382A8E105F46EBB4937058] - 17/08/2006 - 22:07:42 ---A- . (.LSI Logic - Symbios Ultra3 SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\sym_u3.sys [30688]

O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 20/08/2004 - 12:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys [21376]

O58 - SDL:[MD5.1961590AA191B6B7DCF18A6A693AF7B8] - 09/06/2009 - 13:14:57 ---A- . (.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 SPR Protocol Driver.) -- C:\WINDOWS\system32\drivers\TV_551805_Sp50.sys [27072]

O58 - SDL:[MD5.1B698A51CD528D8DA4FFAED66DFC51B9] - 17/08/2006 - 21:52:22 ---A- . (.Promise Technology, Inc. - Gestionnaire de miniport ULTRA66 de Promise.) -- C:\WINDOWS\system32\drivers\ultra.sys [36736]

O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 20/08/2004 - 12:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys [58112]

O58 - SDL:[MD5.22068DCA607F93BF5FD5926390FB478F] - 17/08/2006 - 22:29:38 ---A- . (.SingleClick Systems - SCS NDIS 5.0 Wireless Security Protocol Driver.) -- C:\WINDOWS\system32\drivers\wsp_pkt.sys [13568]

O58 - SDL:[MD5.801F16225EADCEFDAC17319AD163F80E] - 17/08/2006 - 22:26:57 RSH-- . (...) -- C:\WINDOWS\system32\058CE3B643.sys [88]

O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 20/08/2004 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]

O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 11/08/2006 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]

O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 11/08/2006 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]

O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 20/08/2004 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]

O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 11/08/2006 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]

O58 - SDL:[MD5.9C2E00D5A3B0B6B012BA59FCE2C3F0C9] - 16/08/2006 - 08:53:14 -SHA- . (...) -- C:\WINDOWS\system32\KGyGaAvL.sys [6580]

O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 11/08/2006 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]

O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 20/08/2004 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]

O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 20/08/2004 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]

O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 20/08/2004 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]

O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 20/08/2004 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]

O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 11/08/2006 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]

O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 20/08/2004 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]

O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 20/08/2004 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]

O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 20/08/2004 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]

O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 20/08/2004 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]

O58 - SDL:[MD5.B670C5D89F0726B7A2A7DFB4E968CDF8] - 14/09/2010 - 11:22:58 ---A- . (.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 MPR Protocol Driver.) -- C:\WINDOWS\system32\pcampr5.sys [34688]

O58 - SDL:[MD5.ECD2F9D67B06606064DAF6961A6D5EFE] - 14/09/2010 - 11:22:58 ---A- . (.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 Protocol Driver.) -- C:\WINDOWS\system32\pcandis5.sys [32128]

~ Scan Drivers in 00mn 01s

 

 

 

---\\ Liste des outils de nettoyage (O63)

O63 - Logiciel: Ad-Remover par C_XX - (.C_XX.) [HKLM] -- Ad-Remover

O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) [HKLM] -- HijackThis

O63 - Logiciel: ZHPDiag 1.28 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1

O63 - Logiciel: RSIT - (.random/random.)

O63 - Logiciel: Toolbar SD - (.IDN Team.)

~ Scan ADS in 00mn 00s

 

 

 

---\\ Liste des services Legacy (O64)

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\aliide.sys - No object(No service) .(.Acer Laboratories Inc. - ALi mini IDE Driver.) - LEGACY_ALIIDE

O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\DRIVERS\amdagp.sys - No object(No service) .(.Advanced Micro Devices, Inc. - AMD Win2000 AGP Filter.) - LEGACY_AMDAGP

O64 - Services: CurCS - 16/07/2009 - C:\Program Files\Avira\AntiVir Desktop\sched.exe - Avira AntiVir Planificateur(AntiVirSchedulerService) .(.Avira GmbH - Antivirus Scheduler.) - LEGACY_ANTIVIRSCHEDULERSERVICE

O64 - Services: CurCS - 18/08/2009 - C:\Program Files\Avira\AntiVir Desktop\avguard.exe - Avira AntiVir Guard(AntiVirService) .(.Avira GmbH - Antivirus On-Access Service.) - LEGACY_ANTIVIRSERVICE

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\asc.sys - No object(No service) .(.Advanced System Products, Inc. - AdvanSys SCSI Controller Driver.) - LEGACY_ASC

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\asc3550.sys - No object(No service) .(.Advanced System Products, Inc. - AdvanSys Ultra-Wide PCI SCSI Driver.) - LEGACY_ASC3550

O64 - Services: CurCS - 13/02/2009 - C:\Program Files\Avira\AntiVir Desktop\avgio.sys - avgio(avgio) .(.Avira GmbH - Avira AntiVir Support for Minifilter.) - LEGACY_AVGIO

O64 - Services: CurCS - 11/12/2009 - C:\WINDOWS\System32\DRIVERS\avgntflt.sys - avgntflt(avgntflt) .(.Avira GmbH - Avira Minifilter Driver.) - LEGACY_AVGNTFLT

O64 - Services: CurCS - 30/03/2009 - C:\WINDOWS\System32\DRIVERS\avipbb.sys - avipbb(avipbb) .(.Avira GmbH - Avira Driver for RootKit Detection.) - LEGACY_AVIPBB

O64 - Services: CurCS - 23/08/2001 - C:\WINDOWS\system32\DRIVERS\cmdide.sys - No object(No service) .(.CMD Technology, Inc. - Pilote de bus PCI IDE CMD.) - LEGACY_CMDIDE

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\dac2w2k.sys - No object(No service) .(.Mylex Corporation - Mylex Disk Array Controller Driver.) - LEGACY_DAC2W2K

O64 - Services: CurCS - 10/01/2008 - C:\WINDOWS\system32\Drivers\DgiVecp.sys - DgiVecp(DgiVecp) .(.Samsung Electronics Co., Ltd. - Windows 2k,XP IEEE-1284 parallel class driv.) - LEGACY_DGIVECP

O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\System32\dmadmin.exe - Service d'administration du Gestionnaire de disque logique(dmadmin) .(.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - LEGACY_DMADMIN

O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\System32\drivers\dmboot.sys - dmboot(dmboot) .(.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disq.) - LEGACY_DMBOOT

O64 - Services: CurCS - 05/08/2004 - C:\WINDOWS\System32\drivers\dmload.sys - dmload(dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD

O64 - Services: CurCS - 24/08/2009 - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe - France Telecom Routing Table Service(FTRTSVC) .(.France Telecom SA - Orange Connection Kit.) - LEGACY_FTRTSVC

O64 - Services: CurCS - 04/01/2007 - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe - Google Updater Service(gusvc) .(.Google - gusvc.) - LEGACY_GUSVC

O64 - Services: CurCS - 11/10/2009 - C:\Program Files\Java\jre6\bin\jqs.exe - Java Quick Starter(JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE

O64 - Services: CurCS - 06/07/2011 - C:\WINDOWS\system32\drivers\mbamswissarmy.sys - MBAMSwissArmy(MBAMSwissArmy) .(.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - LEGACY_MBAMSWISSARMY

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\mraid35x.sys - No object(No service) .(.American Megatrends Inc. - MegaRAID RAID Controller Driver for Windows.) - LEGACY_MRAID35X

O64 - Services: CurCS - 19/11/2004 - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe - Intel NCS NetService(NetSvc) .(.Intel® Corporation - NetSvc Module.) - LEGACY_NETSVC

O64 - Services: CurCS - 04/03/2010 - C:\Program Files\CDBurnerXP\NMSAccessU.exe - NMSAccess (NMSAccess) .(...) - LEGACY_NMSACCESS

O64 - Services: CurCS - 24/08/2009 - C:\WINDOWS\system32\PCAMPR5.sys - No object(No service) .(.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 MPR Protocol Driver.) - LEGACY_PCAMPR5

O64 - Services: CurCS - 24/08/2009 - C:\WINDOWS\system32\PCANDIS5.sys - PCANDIS5 NDIS Protocol Driver(PCANDIS5) .(.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 Protocol Driver.) - LEGACY_PCANDIS5

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\ql1080.sys - No object(No service) .(.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) - LEGACY_QL1080

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\ql12160.sys - No object(No service) .(.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) - LEGACY_QL12160

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\ql1280.sys - No object(No service) .(.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) - LEGACY_QL1280

O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\DRIVERS\sisagp.sys - No object(No service) .(.Silicon Integrated Systems Corporation - SiS NT AGP Filter.) - LEGACY_SISAGP

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\sparrow.sys - No object(No service) .(.Adaptec, Inc. - Adaptec AIC-6x60 series SCSI miniport.) - LEGACY_SPARROW

O64 - Services: CurCS - ??/??/???? - C:\WINDOWS\System32\Drivers\sptd.sys - sptd (sptd) .(...) - LEGACY_SPTD

O64 - Services: CurCS - 16/07/2009 - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys - ssmdrv(ssmdrv) .(.Avira GmbH - AVIRA SnapShot Driver.) - LEGACY_SSMDRV

O64 - Services: CurCS - ??/??/???? - C:\WINDOWS\system32\Drivers\SSPORT.sys (.not file.) - SSPORT (SSPORT) .(...) - LEGACY_SSPORT

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\symc810.sys - No object(No service) .(.Symbios Logic Inc. - Symbios Logic Inc. SCSI Miniport Driver.) - LEGACY_SYMC810

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\symc8xx.sys - No object(No service) .(.LSI Logic - Symbios 8XX SCSI Miniport Driver.) - LEGACY_SYMC8XX

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\sym_hi.sys - No object(No service) .(.LSI Logic - Symbios Hi-Perf SCSI Miniport Driver.) - LEGACY_SYM_HI

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\sym_u3.sys - No object(No service) .(.LSI Logic - Symbios Ultra3 SCSI Miniport Driver.) - LEGACY_SYM_U3

O64 - Services: CurCS - 24/08/2010 - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe - TomTomHOMEService(TomTomHOMEService) .(.TomTom - Windows Service for TomTom HOME.) - LEGACY_TOMTOMHOMESERVICE

O64 - Services: CurCS - 09/06/2009 - C:\WINDOWS\System32\Drivers\TV_551805_Sp50.sys - TV_551805_Sp50 NDIS Protocol Driver(TV_551805_Sp50) .(.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 SPR Protocol Driver.) - LEGACY_TV_551805_SP50

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\ultra.sys - No object(No service) .(.Promise Technology, Inc. - Gestionnaire de miniport ULTRA66 de Promise.) - LEGACY_ULTRA

~ Scan Services in 00mn 01s

 

 

 

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (. - .) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKLM\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe

~ Scan Keys in 00mn 00s

 

 

 

---\\ Start Menu Internet (O68)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

~ Scan Keys in 00mn 00s

 

 

 

---\\ Search Browser Infection (O69)

O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://websearch.ask.com

O69 - SBI: SearchScopes [HKCU] {2A5D1C44-CD3F-4514-A15B-B0BF238447B2} - (Google Custom Search) - Google

O69 - SBI: SearchScopes [HKCU] {557C21FE-7274-410D-853E-9ED4471BF193} [DefaultScope] - (search-web.net) - http://search-web.net3A%23FFFFF0%3B&ie=iso-8859-1&oe=iso-8859-1&sa=Rechercher&lang=en&q={searchTerms}

O69 - SBI: SearchScopes [HKCU] {574C8A75-3535-46BD-888C-7FDDE22927FC} - (Live Search) - Bing

O69 - SBI: SearchScopes [HKCU] {A540D69B-1CD5-44FA-9B2A-DFEA5EBD97F1} - (uStart) - http://www.ustart.orgNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A11

~ Scan Keys in 00mn 00s

 

 

 

---\\ Recherche particuliere à la racine de certains dossiers (O84)

[MD5.0FFDFED8004B5E46BECAB345258D6182] [sPRF][05/04/2011] (...) -- C:\Documents and Settings\radicho\Local Settings\Application Data\postgresinstall.bat [379]

[MD5.254FBCA565E049648B0CCE2CEADF05D2] [sPRF][07/09/2009] (...) -- C:\Documents and Settings\radicho\Application Data\inst.exe [87608]

[MD5.5B6C11DE7E839C05248CED8825470FEF] [sPRF][07/09/2009] (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\Documents and Settings\radicho\Application Data\pcouffin.sys [47360]

[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [sPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.dll [24576]

[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [sPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.exe [196608]

[MD5.D8FB851A9FBD62352FD74283F9C14C77] [sPRF][10/06/2005] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\WINDOWS\Downloaded Program Files\isusweb.dll [417792]

~ Scan Files in 00mn 00s

 

 

 

---\\ Scan Additionnel (O88)

Database Version : 8555 - (28/07/2011)

Clés trouvées (Keys found) : 64

Valeurs trouvées (Values found) : 3

Dossiers trouvés (Folders found) : 10

Fichiers trouvés (Files found) : 1

 

[HKLM\Software\Classes\AppID\bandoocore.exe] =>Adware.Bandoo

[HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Toolbar.AskSBar

[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu MediaBar] =>Adware.Bandoo

[HKLM\Software\Classes\bandoocore.bandoocore] =>Adware.Bandoo

[HKLM\Software\Classes\bandoocore.bandoocore.1] =>Adware.Bandoo

[HKLM\Software\Classes\bandoocore.resourcesmngr] =>Adware.Bandoo

[HKLM\Software\Classes\bandoocore.resourcesmngr.1] =>Adware.Bandoo

[HKLM\Software\Classes\bandoocore.settingsmngr] =>Adware.Bandoo

[HKLM\Software\Classes\bandoocore.settingsmngr.1] =>Adware.Bandoo

[HKLM\Software\Classes\bandoocore.statisticmngr] =>Adware.Bandoo

[HKLM\Software\Classes\bandoocore.statisticmngr.1] =>Adware.Bandoo

[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd] =>Toolbar.AskSBar

[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1] =>Toolbar.AskSBar

[HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar

[HKLM\Software\Classes\AppID\{1301a8a5-3dfb-4731-a162-b357d00c9644}] =>Adware.Bandoo

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}] =>Toolbar.Agent

[HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}] =>Adware.MetaStream

[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}] =>Adware.MetaStream

[HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] =>Toolbar.AskSBar

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2A5D1C44-CD3F-4514-A15B-B0BF238447B2}] =>Adware.EasySearch

[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2A5D1C44-CD3F-4514-A15B-B0BF238447B2}] =>Adware.EasySearch

[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624f4-c5dd-4e1d-bdd0-1e9c9b7799cc}] =>Adware.Bandoo

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193}] =>Hijacker.ChercheUS

[HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask

[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}] =>Adware.Bandoo

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FF99715-3016-4381-84CE-E4E4C9673020}] =>Adware.Bandoo

[HKLM\Software\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}] =>Adware.Bandoo

[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FF99715-3016-4381-84CE-E4E4C9673020}] =>Adware.Bandoo

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020}] =>Adware.Bandoo

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.AskSBar

[HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask

[HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Toolbar.AskSBar

[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9c8a3ca5-889e-4554-beec-ec0876e4e96a}] =>Adware.Bandoo

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.AskSBar

[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.AskSBar

[HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c7b76b90-3455-4ae6-a752-eac4d19689e5}] =>PUP.Eorezo

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.AskSBar

[HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.AskSBar

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.AskSBar

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}] =>Adware.SPointer

[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f9189560-573a-4fde-b055-ae7b0f4cf080}] =>Adware.Bandoo

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>Hijacker.Agent

[HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom] =>PUP.OfferBox

[HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AskSBar

[HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AskSBar

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AskSBar

[HKCU\Software\Microsoft\Internet Explorer\MenuExt\Recherche avec search-web] =>Hijacker.ChercheUS

[HKCU\Software\Ask.com] =>Toolbar.AskBar

[HKCU\Software\Ask.com] =>Toolbar.AskBarDis

[HKCU\Software\AskToolbar] =>Toolbar.AskTBar

[HKLM\Software\AskToolbar] =>Toolbar.AskTBar

[HKLM\Software\Bandoo] =>Adware.Bandoo

[HKCU\Software\DataMngr] =>Adware.Bandoo

[HKLM\Software\DataMngr] =>Adware.Bandoo

[HKLM\Software\FREEzeFrog] =>Adware.FreezeFrog

[HKCU\Software\Grand Virtual] =>Spyware.AgenceExclusive

[HKLM\Software\OfferBox] =>PUP.OfferBox

[HKCU\Software\PartyFrance] =>Casino.OnlineGames

[HKLM\Software\SearchquMediabarTb] =>Adware.Bandoo

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Software\AskToolbar] =>Toolbar.AskTBar

[HKCU\Software\Spointer] =>Adware.SPointer

[HKLM\Software\titan poker] =>Adware.Casino

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchqu mediabar] =>Adware.Bandoo

[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC} =>Adware.ShoppingReport2

[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.AskSBar

[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.AskSBar

C:\Program Files\Ask.com =>Toolbar.AskBar

C:\Program Files\FREEzeFrog =>Keylogger.Agent

C:\Program Files\OfferBox =>PUP.OfferBox

C:\Program Files\Windows Searchqu Toolbar =>Adware.Bandoo

C:\Documents and Settings\radicho\Application Data\FREEzeFrog =>Keylogger.Agent

C:\Documents and Settings\radicho\Application Data\OfferBox =>PUP.OfferBox

C:\Documents and Settings\radicho\Application Data\searchqutb =>Adware.Bandoo

C:\Documents and Settings\radicho\Application Data\Viewpoint =>Adware.MetaStream

C:\Documents and Settings\radicho\Local Settings\Application Data\moovida air =>Adware.SPointer

C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml =>Adware.Bandoo

~ Scan Additionnel in 00mn 11s

 

 

 

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)

SR - | Auto 09/06/2009 108289 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe

SR - | Auto 09/06/2009 185089 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\System32\dmadmin.exe

SR - | Auto 14/09/2010 69632 | (FTRTSVC) . (.France Telecom SA.) - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

SS - | Demand 07/01/2007 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

SR - | Auto 11/10/2009 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Program Files\Java\jre6\bin\jqs.exe

SR - | Auto 29/01/2009 935208 | Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe

SS - | Demand 17/08/2006 147456 | (NetSvc) . (.Intel® Corporation.) - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

SR - | Auto 06/10/2010 71096 | (NMSAccess) . (...) - C:\Program Files\CDBurnerXP\NMSAccessU.exe

SR - | Auto 06/10/2010 92008 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

~ Scan Services in 00mn 00s

 

 

 

---\\ Recherche Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Run by radicho at 28/07/2011 21:15:52

 

device: opened successfully

user: MBR read successfully

 

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys spkl.sys hal.dll >>UNKNOWN [0x86573938]<<

spkl.sys

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8651DAB8]

3 CLASSPNP[0xF75FEFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP1T0L0-e[0x8653ED98]

kernel: MBR read successfully

user & kernel MBR OK

~ Scan MBR in 00mn 02s

 

 

 

---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.geekstog

Run by radicho at 28/07/2011 21:15:54

 

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

~ Scan MBR in 00mn 04s

 

 

 

End of the scan (1298 lines in 01mn 23s)(0)

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Bonsoir,

 

Relance Ad-Remover et cette fois, clique sur Nettoyer

 

Le bureau va disparaître, c'est normal.

 

Le rapport à poster sera sur C:\Ad-Report Clean.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Refais ensuite un ZHPDIAG mais cette fois, héberge-le stp: Cijoint.fr - Service gratuit de dépôt de fichiers

 

@++

nettoyantlunettes Junior Member

nettoyantlunettes

Posté(e)
  • Auteur
Posté(e)

Merci d'avoir pris le temps de me répondre....comme demandé voici le rapport ad remover

 

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

 

Mis à jour par TeamXscript le 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

Site web: http://www.teamxscript.org

 

C:\Program Files\Ad-Remover\main.exe (CLEAN [2]) -> Lancé à 10:11:01 le 29/07/2011, Mode normal

 

Microsoft Windows XP Édition familiale Service Pack 3 (X86)

radicho@PUPUCINO ( )

 

============== ACTION(S) ==============

 

 

Dossier supprimé: C:\Documents and Settings\radicho\Application Data\Mozilla\FireFox\Profiles\zydvn8dp.default\searchqutb

 

(!) -- Fichiers temporaires supprimés.

 

 

-- Fichier ouvert: C:\Documents and Settings\radicho\Application Data\Mozilla\FireFox\Profiles\zydvn8dp.default\Prefs.js --

/!\ Impossible d'ouvrir le fichier, nettoyage interrompu /!\

-- Fichier Fermé --

 

 

 

 

============== SCAN ADDITIONNEL ==============

 

**** Mozilla Firefox Version [3.6.8 (fr)] ****

 

Plugins\npFoxitReaderPlugin.dll (Foxit Software Company)

HKLM_MozillaPlugins\@zylom.com/ZylomGamesPlayer (x)

HKLM_MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 (x)

Searchplugins\SiteVacuum.xml (<SearchPlugin xmlns=hxxp://www.mozilla.org/2006/browser/search/<ShortNameGoogle Search Community</ShortName<DescriptionGoogle Power + Community</Description<InputEncodingUTF-8</InputEncoding<Image width=16 height=16data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAABGdBTUEAALGPC/xhBQAAAwBQTFRFAAAAAUbWAUfbAUnfE1PZE1TeAU3jCk/gA1TlClPkCVjmD1zmE1bhEFjlE13lHmboKGrlMWvlP3jlVYLhVYLkVYPnWIXkWInobZHjapXrdpvpgKLq////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+iJwJgAAAQB0Uk5T////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////AFP3ByUAAAAJcEhZcwAADsAAAA7AAWrWiQkAAAAYdEVYdFNvZnR3YXJlAFBhaW50Lk5FVCB2My4zNTDus58AAABrSURBVChTdY9JEoAgDARR3HBF3HX+/00NagStcm7pdMFE7J+IPzDb2OVtjBuAdXyAWQAJTIYNTXsC0AxqSBvUDlzGA7LmBEXOhkoq2quEfylla59IuUccDq4vFYuC3usvaO78e8h4zXyLcw4at7Hur4NtIQAAAABJRU5ErkJggg==</Image<Url type=application/x-suggestions+json method=GET template=hxxp://suggestqueries.google.com/complete/search?output=firefox&client=firefox&qu={searchTerms}/hxxp://www.google.fr/cse<Param name=cx value=partner-pub-8885210189291163:81bei0-h4yd/<Param name=hl value=fr/<Param name=ie value=UTF-8/<Param name=oe value=UTF-8/<Param name=sa value=Search/<Param name=q value={searchTerms}/<!-- Dynamic parameters --<MozParam name=client condition=defaultEngine trueValue=firefox-a falseValue=firefox/</Url<SearchFormhxxp://www.europowersearch.com/Results.aspx</SearchForm</SearchPlugin)

Components\GooglePlusVideosXPCOM.dll (?)

Components\SiteVacuumXPCOM.dll (?)

 

-- C:\Documents and Settings\radicho\Application Data\Mozilla\FireFox\Profiles\zydvn8dp.default --

Extensions\{1cdccf78-1ea9-4f40-b69f-ef7674dbef8c} (MegaUpload Time Attack)

Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} (FireFTP)

Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\radicho\\Bureau

Prefs.js - browser.search.defaultenginename, Ask.com

Prefs.js - browser.search.selectedEngine, Google

Prefs.js - browser.startup.homepage, hxxp://www.search-web.net/

Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.8

Prefs.js - keyword.URL, hxxp://www.searchqu.com/web?src=ffb&systemid=403&q=

 

========================================

 

**** Internet Explorer Version [6.0.2900.5512] ****

 

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_URLSearchHooks|{08C06D61-F1F3-4799-86F8-BE1A89362C85} - "Search Class" (C:\Program Files\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll)

HKCU_SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193} - "search-web.net" (hxxp://search-web.net/results.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&...)

HKCU_Toolbar|{1E796980-9CC5-11D1-A83F-00C04FC99D61} (x)

HKCU_Toolbar\WebBrowser|{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (x)

HKCU_Extensions\{0FC33475-3DB9-41E0-9E94-598B59D139F2} - "888poker" (C:\Microgaming\Poker\888MPP\MPPoker.exe,2)

HKLM_Extensions\{06568ceb-5721-47d4-9d93-7e604fcbaeab} - "PMU Poker" (C:\Program Files\PMU\PMUPoker\Images\ppicon.ico)

HKLM_Extensions\{725EC34E-943C-4df6-B0B2-FBDE7F242276} - "PartyPoker.fr" (C:\Program Files\PartyFrance\PartyPokerFr\Images\ppicon.ico)

HKLM_Extensions\{90EAE591-7E7E-434a-8E28-ECFD00071806} - "PokerStars.fr" (C:\Program Files\PokerStars.FR\main.ico)

HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)

BHO\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - "AcroIEHlprObj Class" (C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll)

 

========================================

 

C:\Program Files\Ad-Remover\Quarantine: 1146 Fichier(s)

C:\Program Files\Ad-Remover\Backup: 29 Fichier(s)

 

C:\Ad-Report-CLEAN[1].txt - 28/07/2011 21:26:15 (12989 Octet(s))

C:\Ad-Report-CLEAN[2].txt - 29/07/2011 10:11:05 (6345 Octet(s))

C:\Ad-Report-SCAN[1].txt - 28/07/2011 21:11:18 (17615 Octet(s))

C:\Ad-Report-SCAN[2].txt - 28/07/2011 21:25:29 (17681 Octet(s))

 

Fin à: 10:12:10, 29/07/2011

 

============== E.O.F ==============

...et zhp en hébergé:

 

Mon lien

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Bonjour,,

Relance ad-removet et désinstalle-le.

 

1) Télécharger ATF Cleaner par Atribune.

  • Installe-le sur le bureau. (A conserver car très utile après chaque séance de surf)
     
    Double-clique ATF-Cleaner.exe afin de lancer le programme.
    --> Sous Vista/7: Clic droit/exécuter en temps qu'administrateur.
     
    Sous l'onglet Main, choisis : Select All
    Cliquer sur le bouton Empty Selected

Si tu utilises le navigateur Firefox :

  • Clique Firefox au haut et choisis : Select All
    Cliquer le bouton Empty Selected
    NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

  • Clique Opera au haut et choisis : Select All
    Cliquer le bouton Empty Selected
    NOTE : Si tu veux conserver tes mots de passe sauvegardés, cliquer No à l'invite.

Clique Exit, du menu principal, afin de fermer le programme.

Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus.

 

~~~~~~~~~~~~~~~~~

2) Télécharge Malwarebytes' Anti-Malware (MBAM).

 

Malwarebytes : Malwarebytes Anti-Malware PRO removes malware including viruses, spyware, worms and trojans, plus it protects your computer clique pour la version FREE et enregistre l'exécutable sur le bureau.

 

Si MBAM est déjà installé, aller directement à la mise à jour puis à l'analyse.

 

Ce logiciel est à garder.

 

Uniquement en cas de problème de mise à jour:

 

Télécharger mises à jour MBAM

 

Exécute le fichier après l'installation de MBAM

 

Connecter les supports amovibles (clés usb etc.) avant de lancer l'analyse.

 

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen complet"
  • Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

Si MBAM demande à redémarrer le pc, fais-le.

 

Si au redémarrage Windows te dit qu'il a bloqué certains programmes de démarrage, clique sur la bulle puis sur Exécuter les programmes bloqués/Malwarebytes Anti-Malware.

 

@++

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Hello,

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

 

Pour les systèmes 64 Bits: Télécharger RSIT 64 Bits

 

  • Double-clique sur RSIT.exe afin de lancer RSIT. Pour XP
     
    Important :
    * Sous Vista : il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
     
    * Sous Windows 7 : Il faut mettre le fichier RSIT.exe sur le bureau, faire un clic droit dessus et dans Propriétés, onglet Compatibilité, cocher la case "Exécuter ce programme en mode compatibilité pour" et dans le menu choisir Vista SP2 et la case dans Niveau de privilège.
    Valide par Appliquer.
     
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

 

Les rapports sont également enregistrés dans le répertoire C:\RSIT.

 

>>>Héberge les rapports RSIT ici: Cijoint.fr - Service gratuit de dépôt de fichiers et me donner les liens pour que je puisse les consulter. ou ici: Free large file hosting. Send big files the easy way! >> copier/coller le tout premier lien fourni par l'hébergeur svp.

 

+++

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Va dans c:\program Files et cherche le dossier Trend; ouvre-le et lance Hijackthis.

 

Clique sur "Do a system scan only" et coche les caes suivantes:

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Chat, rencontre, Tchat, rencontres

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O8 - Extra context menu item: Recherche avec search-web - C:\Documents and Settings\radicho\scriptjava.html

 

Ferme toutes les applications et navigateurs puis clique sur Fix Checked.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Ouvre le bloc-notes (Démarrer/Programmes/Accessoires/Bloc-notes) et copie-colle l'intégralité du texte contenu dans le cadre ci-dessous (sans oublier la 1ère ligne):

 

 

Windows Registry Editor Version 5.00 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] 
"Start Page"="http://www.google.fr" 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] 
"Tabs"="res://ieframe.dll/tabswelcome.htm"

 

 

Tu enregistres le fichier sur ton bureau en le nommant CleanReg.reg et en choisissant Tous les fichiers dans le champ Type.

Double-clique sur CleanReg.reg et accepte la fusion.

Tu dois avoir un message disant que tout s'est bien passé.

 

Redémarre le pc.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure.

 

Désactive ton antivirus, firewall et antispyware le temps de l'analyse.

Si vous ne savez pas comment faire, reportez-vous à cet article.

 

Connecter les supports amovibles (clé usb et autres) avant de procéder.

 

 

Tutoriel officiel

 

Télécharge ComboFix sur ton bureau (et pas ailleurs).

  • attention.gifSi la console de récupération n'est pas installée sur un XP, ComboFix va proposer de l'installer: Accepter!
     
    consolerestaucf.jpg
     
  • Assure toi que tous les programmes soient fermés avant de commencer.
  • Double-clique ComboFix.exe afin de l'exécuter.
  • Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  • Il est possible que ton pare-feu (firewall) te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
  • Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
  • Lorsque l'analyse sera terminée, un rapport apparaîtra.
  • Copie-colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve dans : C:\Combofix.txt (si jamais).

 

Si tu perds la connexion après le passage de ComboFix, voici comment la réparer ICI.

 

NB: Si malgré tout, tu ne parviens pas à réparer la connexion, lis ce sujet stp.

 

Si le message: "Tentative d'opération non autorisée sur une clé du Registre marquée pour suppression".

apparaissait, redémarrer le pc.

 

sshot-1-9.jpg

 

@++

nettoyantlunettes Junior Member

nettoyantlunettes

Posté(e)
  • Auteur
Posté(e)

hello,

 

voila ce que ca donne

 

ComboFix 11-07-29.01 - radicho 29/07/2011 15:53:27.1.2 - x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.634 [GMT 2:00]

Lancé depuis: c:\documents and settings\radicho\Bureau\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

* Un nouveau point de restauration a été créé

.

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\radicho\Application Data\FREEzeFrog

c:\documents and settings\radicho\Application Data\inst.exe

c:\documents and settings\radicho\errorlog.tmp

c:\documents and settings\radicho\WINDOWS

c:\program files\FREEzeFrog

c:\windows\isRS-000.tmp

c:\windows\ST6UNST.000

c:\windows\system32\rnaph.dll

c:\windows\system32\Temp

.

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_WINDOWS_INTERNET_NAME_SERVICE

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2011-06-28 au 2011-07-29 ))))))))))))))))))))))))))))))))))))

.

.

2011-07-29 11:45 . 2011-07-29 13:32 -------- d-----w- c:\program files\trend micro

2011-07-28 19:15 . 2011-07-29 08:23 512 ----a-w- C:\PhysicalDisk0_MBR.bin

2011-07-28 19:14 . 2011-07-29 08:23 -------- d-----w- c:\program files\ZHPDiag

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-06 17:52 . 2009-06-09 12:45 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 17:52 . 2009-06-09 12:45 22712 -c--a-w- c:\windows\system32\drivers\mbam.sys

2011-06-06 11:35 . 2004-08-20 09:24 1859072 ----a-w- c:\windows\system32\win32k.sys

2011-05-25 07:28 . 2011-05-25 07:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-02 15:31 . 2004-08-20 09:35 692736 ----a-w- c:\windows\system32\inetcomm.dll

2008-10-15 11:34 . 2006-08-16 14:31 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe

2007-11-07 01:19 . 2010-11-08 09:59 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll

2007-11-07 01:19 . 2010-11-08 09:59 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll

2009-04-07 18:52 . 2009-04-07 18:52 28672 -c--a-w- c:\program files\mozilla firefox\components\GooglePlusVideosXPCOM.dll

2008-10-19 09:58 . 2008-10-19 09:58 49152 -c--a-w- c:\program files\mozilla firefox\components\SiteVacuumXPCOM.dll

.

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

c:\documents and settings\radicho\Menu D‚marrer\Programmes\D‚marrage\

Protection.lnk - c:\documents and settings\radicho\Protection.jar [2011-6-29 18345]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\eChanblard\\emule.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\PartyFrance\\PartyFrance.exe"=

"c:\\Program Files\\PartyFrance\\PartyPokerFr\\RunApp.exe"=

"c:\\Program Files\\Orange\\Connexion Internet Orange\\Connectivity\\ConnectivityManager.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2147:TCP"= 2147:TCP:port

"443:TCP"= 443:TCP:Port

"5432:TCP"= 5432:TCP:postgres

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/02/2009 14:16 691696]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [09/06/2009 16:07 108289]

R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [01/02/2008 04:02 65536]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/08/2010 11:38 92008]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384]

S2 ntpsirad;Server Support;c:\windows\system32\svchost.exe -k netsvcs [20/08/2004 11:24 14336]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [20/06/2005 11:12 215040]

S3 TV_551805_Sp50;TV_551805_Sp50 NDIS Protocol Driver;c:\windows\system32\drivers\TV_551805_Sp50.sys [09/06/2009 14:14 27072]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ntpsirad

.

Contenu du dossier 'Tâches planifiées'

.

2011-07-29 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2010-07-16 06:26]

.

2011-07-29 c:\windows\Tasks\Nouvelle Tâche.job

- c:\program files\Glary Utilities\oneclickoptimizer.exe [2010-07-16 06:27]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.search-web.net

mWindow Title =

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: uStart Search - c:\documents and settings\radicho\Local Settings\Application Data\addtoustart\addtoustart.dll/202

IE: {{06568ceb-5721-47d4-9d93-7e604fcbaeab} - c:\documents and settings\radicho\Bureau\PMU Poker.lnk

IE: {{725EC34E-943C-4df6-B0B2-FBDE7F242276} - c:\documents and settings\radicho\Bureau\PartyPoker.fr.lnk

IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files\PokerStars.FR\PokerStarsUpdate.exe

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\radicho\Application Data\Mozilla\Firefox\Profiles\zydvn8dp.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.search-web.net/

FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=403&q=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 50020

FF - prefs.js: network.proxy.type - 4

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHELINS SUPPRIMES - - - -

.

SafeBoot-AVG Anti-Spyware Driver

SafeBoot-AVG Anti-Spyware Guard

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-07-29 16:02

Windows 5.1.2600 Service Pack 3 NTFS

.

Recherche de processus cachés ...

.

Recherche d'éléments en démarrage automatique cachés ...

.

Recherche de fichiers cachés ...

.

Scan terminé avec succès

Fichiers cachés: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ntpsirad]

"ServiceDll"="c:\windows\system32\xlnpzth.dll"

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]

"C040111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

.

- - - - - - - > 'explorer.exe'(2120)

c:\windows\system32\eappprxy.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\program files\PostgreSQL\8.3\bin\postgres.exe

c:\program files\PostgreSQL\8.3\bin\postgres.exe

c:\program files\PostgreSQL\8.3\bin\postgres.exe

c:\program files\PostgreSQL\8.3\bin\postgres.exe

c:\program files\PostgreSQL\8.3\bin\postgres.exe

c:\program files\PostgreSQL\8.3\bin\postgres.exe

c:\program files\Java\jre6\bin\javaw.exe

c:\windows\system32\cscript.exe

.

**************************************************************************

.

Heure de fin: 2011-07-29 16:05:12 - La machine a redémarré

ComboFix-quarantined-files.txt 2011-07-29 14:05

.

Avant-CF: 58 939 723 776 octets libres

Après-CF: 58 928 881 664 octets libres

.

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

.

- - End Of File - - 56D9B9015006C14B97545448D2DFEC99

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Re,

 

Rends toi sur ce lien : Virus Total

  • Clique sur le bouton Parcourir...
  • Parcours tes dossiers jusque à ce fichier, si tu le trouves :

  • c:\program files\mozilla firefox\components\googleplusvideosxpcom.dll
     
     

 

  • Clique sur Envoyer le fichier, et si VirusTotal dit que le fichier a déjà été analysé, clique sur le bouton Reanalyse le fichier maintenant.
  • Laisse le site travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. Dans ce cas, il te faudra patienter sans réactualiser la page.
  • Lorsque l'analyse est terminée copie le lien qui se trouve dans la barre de navigateur et colle-le dans ta réponse stp.

 

Fais de même avec cela: c:\program files\mozilla firefox\components\sitevacuumxpcom.dll

 

@

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...