Problèmes PC suite à un virus

[Syrius]

Bonjour,

 

Il y a 2 jours, mon PC a été infecté par le virus "Système Progressive Protection". Après nettoyage avec RogueKiller et Malware bytes, il subsiste encore quelques problèmes : pc parfois lent, blocage de de firefox, pas d'accès au pare feu windows avec le message suivant : "En raison d'un problème non identifié, Windows ne peut afficher les paramètres du pare feu windows" et peut être d'autre problèmes que je n'ai pas encore identifiés..

OS : windows XP

 

Merci de votre aide

[pear]

Bonjour,

 

Après nettoyage avec RogueKiller et Malware bytes

 

Postez les rapports, svp.

 

Télécharger OTL sur le bureau

Double cliquer sur l'icône

 

 

Si la protection en temps réel de Malwarebytes Anti-Malware est activée..

Il faut absolument la désactiver sous peine de plantage dans MBAM version PRO ou dans MBAM version gratuite si la période d'essai (de 14 jours de la version PRO) est en cours

 

Vérifiez que toutes les autres fenêtres sont fermées afin qu'il s'exécute sans interruption.

Cochez]----------------->Tous les utilisateurs (scan all users)

Sous Rapport (output)

Cliquez ----------------------------->Rapport Standard (Standard Output)

Sous Régistre Standard(Standard Registry) cocher Tous(All)

Cochez------------------------------> Lop check et Purity check

 

Dans Pesonnalisation (Custom Scans Fixes) copier_coller le contenu ci dessous, en vert:

 

SAVEMBR:0

NetSvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%SYSTEMDRIVE%\*.exe

%USERPROFILE%\AppData\Local\*.*

%USERPROFILE%\AppData\Roaming\*.*

%systemroot%\system32\*.ini

%systemroot%\Tasks\*.*

%systemroot%\system32\Tasks\*.*

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

afd.sys

ahcix86s.sys

atapi.sys

iaStor.sys

iastorv.sys

ipsec.sys

netbt.sys

tcpip.sys

nvrd32.sys

nvstor.sys

nvstor32.sys

explorer.exe

ntoskrnl.exe

services.exe

userinit.exe

winlogon.exe

wininit.exe

/md5stop

CREATERESTOREPOINT

Clic sur Analyse

une fois le scan terminé , les fichiers OTL.txt et Extras.txt vont s'ouvrir

 

Comment poster les rapports

Copiez/collez tout ou partie des rapports dans un ou plusieurs messages.

Autre solution à privilégier pour un rapport lourd

Aller sur le site :Ci-Joint

Appuyez sur Parcourir et chercher les rapports sur le disque,

Cliquer sur Ouvrir

Cliquer sur Créer le lien CJoint,

>> dans la page suivante --> ,,

une adresse http//.. sera créée

Copier /coller cette adresse dans votre prochain message.

[Syrius]

Bonjour,

 

 

 

Postez les rapports, svp.

 

Télécharger OTL sur le bureau

Double cliquer sur l'icône

 

 

Si la protection en temps réel de Malwarebytes Anti-Malware est activée..

Il faut absolument la désactiver sous peine de plantage dans MBAM version PRO ou dans MBAM version gratuite si la période d'essai (de 14 jours de la version PRO) est en cours

 

Vérifiez que toutes les autres fenêtres sont fermées afin qu'il s'exécute sans interruption.

Cochez]----------------->Tous les utilisateurs (scan all users)

Sous Rapport (output)

Cliquez ----------------------------->Rapport Standard (Standard Output)

Sous Régistre Standard(Standard Registry) cocher Tous(All)

Cochez------------------------------> Lop check et Purity check

 

Dans Pesonnalisation (Custom Scans Fixes) copier_coller le contenu ci dessous, en vert:

 

SAVEMBR:0

NetSvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%SYSTEMDRIVE%\*.exe

%USERPROFILE%\AppData\Local\*.*

%USERPROFILE%\AppData\Roaming\*.*

%systemroot%\system32\*.ini

%systemroot%\Tasks\*.*

%systemroot%\system32\Tasks\*.*

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

afd.sys

ahcix86s.sys

atapi.sys

iaStor.sys

iastorv.sys

ipsec.sys

netbt.sys

tcpip.sys

nvrd32.sys

nvstor.sys

nvstor32.sys

explorer.exe

ntoskrnl.exe

services.exe

userinit.exe

winlogon.exe

wininit.exe

/md5stop

CREATERESTOREPOINT

Clic sur Analyse

une fois le scan terminé , les fichiers OTL.txt et Extras.txt vont s'ouvrir

 

Comment poster les rapports

Copiez/collez tout ou partie des rapports dans un ou plusieurs messages.

Autre solution à privilégier pour un rapport lourd

Aller sur le site :Ci-Joint

Appuyez sur Parcourir et chercher les rapports sur le disque,

Cliquer sur Ouvrir

Cliquer sur Créer le lien CJoint,

>> dans la page suivante --> ,,

une adresse http//.. sera créée

Copier /coller cette adresse dans votre prochain message.

[Syrius]

OTL logfile created on: 15/12/2012 13:00:45 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Didier\Bureau

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

1,99 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,61% Memory free

3,84 Gb Paging File | 3,00 Gb Available in Paging File | 78,04% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232,88 Gb Total Space | 62,99 Gb Free Space | 27,05% Space Free | Partition Type: NTFS

 

Computer Name: PINSON-C3BA1203 | User Name: Didier | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/12/15 12:40:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Didier\Bureau\OTL.scr

PRC - [2012/12/10 08:00:26 | 000,969,104 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe

PRC - [2012/12/09 18:17:57 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012/09/17 12:01:08 | 001,869,152 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe

PRC - [2012/09/17 12:01:06 | 001,699,168 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe

PRC - [2012/08/14 06:15:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2012/08/14 06:15:57 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012/08/14 06:15:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2012/08/14 06:15:57 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe

PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/12/12 11:32:10 | 014,586,296 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll

MOD - [2012/12/09 18:17:57 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2012/08/14 06:15:58 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2012/07/27 21:51:38 | 000,301,056 | ---- | M] () -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA

MOD - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe

MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll

 

 

========== Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012/12/12 11:32:11 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/12/09 18:17:57 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/11/24 16:17:59 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/09/19 13:38:50 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)

SRV - [2012/09/19 13:38:49 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2012/09/17 12:01:06 | 001,699,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2012/08/14 06:15:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012/08/14 06:15:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012/01/18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)

SRV - [2011/12/15 18:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)

SRV - [2011/09/27 03:00:24 | 000,089,160 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)

SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)

SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2005/09/23 06:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)

SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Didier\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (auappi2y)

DRV - [2012/08/29 14:54:24 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2012/08/14 06:15:58 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2012/08/14 06:15:58 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2012/08/02 16:51:34 | 000,473,656 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2012/05/21 17:04:34 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)

DRV - [2012/05/21 17:04:34 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)

DRV - [2012/02/19 16:35:25 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)

DRV - [2012/02/19 16:35:25 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)

DRV - [2011/12/15 18:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)

DRV - [2011/12/01 16:55:28 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010/06/17 13:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)

DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2008/10/21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)

DRV - [2008/10/21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic)

DRV - [2008/10/21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt)

DRV - [2008/10/21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)

DRV - [2008/10/21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus)

DRV - [2008/10/21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5)

DRV - [2008/10/21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)

DRV - [2008/05/19 04:46:04 | 000,108,032 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2008/03/10 13:28:40 | 000,018,560 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vtcdrv.sys -- (vtcdrv)

DRV - [2008/02/14 07:12:02 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)

DRV - [2008/02/14 04:36:34 | 000,222,976 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV - [2008/01/09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)

DRV - [2007/04/27 06:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)

DRV - [2004/08/13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2003/07/16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)

 

 

========== Standard Registry (All) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Hotmail.fr, Messenger, Skype, Actualité, Sport, People, Femmes - MSN France

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = duxet.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Hotmail.fr, Messenger, Skype, Actualité, Sport, People, Femmes - MSN France

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Hotmail.fr, Messenger, Skype, Actualité, Sport, People, Femmes - MSN France

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

 

IE - HKU\S-1-5-21-1659004503-920026266-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-1659004503-920026266-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google

IE - HKU\S-1-5-21-1659004503-920026266-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google

IE - HKU\S-1-5-21-1659004503-920026266-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKU\S-1-5-21-1659004503-920026266-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = Google

IE - HKU\S-1-5-21-1659004503-920026266-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google

IE - HKU\S-1-5-21-1659004503-920026266-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google

IE - HKU\S-1-5-21-1659004503-920026266-725345543-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-1659004503-920026266-725345543-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1659004503-920026266-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing

IE - HKU\S-1-5-21-1659004503-920026266-725345543-1004\..\SearchScopes\{D84C29F6-6944-4BF8-9743-A1332A604E63}: "URL" = {searchTerms} - Recherche Google

IE - HKU\S-1-5-21-1659004503-920026266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.lequipe.fr/"

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.19

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 22:36:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009/11/11 19:39:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/10/20 12:34:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/09 18:17:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/09 18:17:51 | 000,000,000 | ---D | M]

 

[2009/01/11 16:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Didier\Application Data\Mozilla\Extensions

[2009/01/11 16:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Didier\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2012/11/24 14:05:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\hlfyzubj.default\extensions

[2010/07/11 08:47:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\hlfyzubj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/12/12 17:43:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\hlfyzubj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)

[2012/11/24 14:05:28 | 000,804,627 | ---- | M] () (No name found) -- C:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\hlfyzubj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012/12/09 18:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/12/09 18:17:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2012/12/09 18:17:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/09/23 03:29:12 | 000,258,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll

[2009/02/06 12:44:28 | 001,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll

[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL

[2012/07/27 21:51:30 | 000,184,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2012/11/26 18:28:03 | 000,001,729 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml

[2012/10/17 11:44:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/11/26 18:28:03 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml

[2012/11/26 18:28:03 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml

[2010/08/17 20:02:28 | 000,002,198 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-search.xml

[2012/10/17 11:44:35 | 000,003,581 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2012/11/26 18:28:03 | 000,001,639 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml

[2012/11/26 18:28:03 | 000,001,169 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

 

========== Chrome ==========

 

CHR - homepage: Sport : toute l'actualité sportive sur l'EQUIPE (Match en direct, Football, Rugby, Tennis, Nba, F1)

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: Sport : toute l'actualité sportive sur l'EQUIPE (Match en direct, Football, Rugby, Tennis, Nba, F1)

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: EModel scriptable Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll

CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: Google\u00A0Drive = C:\Documents and Settings\Didier\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\

CHR - Extension: YouTube = C:\Documents and Settings\Didier\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Recherche Google = C:\Documents and Settings\Didier\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Gmail = C:\Documents and Settings\Didier\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2011/09/29 07:05:45 | 000,437,703 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 15055 more lines...

O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (Reg Error: Value error.) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1659004503-920026266-725345543-1004\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1659004503-920026266-725345543-1004\..\Toolbar\WebBrowser: (&Liens) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-21-1659004503-920026266-725345543-1004..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)

O4 - HKU\S-1-5-21-1659004503-920026266-725345543-1004..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1659004503-920026266-725345543-1004..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - Startup: C:\Documents and Settings\Didier\Menu Démarrer\Programmes\Démarrage\AutorunsDisabled [2011/11/15 09:45:19 | 000,000,000 | -H-D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Policies = C:\WINDOWS\system32\install\server.exe

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1659004503-920026266-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1659004503-920026266-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1659004503-920026266-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O15 - HKU\S-1-5-21-1659004503-920026266-725345543-1004\..Trusted Domains: baronnerie.com ([webmail] https in Sites de confiance)

O15 - HKU\S-1-5-21-1659004503-920026266-725345543-1004\..Trusted Domains: localhost ([]http in Sites de confiance)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F25289F-0614-4995-A723-ADF6DBE613A9}: DhcpNameServer = 212.27.40.241 212.27.40.240

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Pré-chargeur Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Démon de cache des catégories de composant - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/01/01 16:46:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{9a12d5af-7880-11e0-8a5e-002215fac350}\Shell - "" = AutoRun

O33 - MountPoints2\{9a12d5af-7880-11e0-8a5e-002215fac350}\Shell\AutoRun\command - "" = I:\cdstart.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

 

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Sharedaccess - File not found

NetSvcs: WmdmPmSp - File not found

 

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - File not found

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 0

 

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: procexp90.Sys - Driver

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: procexp90.Sys - Driver

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: SharedAccess - File not found

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: vsmon - Service

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)

ActiveX: {1408A7F0-0F8F-DB8E-92BB-C0756FB5D351} - NetShow

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4AFB8B31-A616-911B-481A-0F334F1BE978} - NetShow

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {72AD53CC-CCC0-3757-8480-9EE176866A7C} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {D849B92E-BB72-5D5A-B446-30A788B1B585} - Internet Explorer

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E794AFD6-FDFA-6332-813F-D36B017BD953} - Java (Sun)

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/12/15 12:40:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Didier\Bureau\OTL.scr

[2012/12/15 10:15:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Didier\Recent

[2012/12/13 22:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware

[2012/12/13 22:41:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012/12/13 22:41:03 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/12/13 22:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/12/13 21:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Didier\Bureau\RK_Quarantine

[2012/12/13 20:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2012/12/13 20:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Wise Installation Wizard

[2012/12/13 19:30:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2012/12/13 19:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2012/12/10 16:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Google Chrome

[2012/12/10 16:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2012/12/09 18:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2012/12/06 13:50:32 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe

[2012/12/06 13:50:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\TuneUp Utilities 2013

[2012/11/29 16:01:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\AVG Secure Search

[2012/11/29 15:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Didier\Bureau\essai

[2012/11/22 08:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013

[2012/11/22 08:27:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

[2012/11/22 08:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Didier\Bureau\Tune

[2012/10/27 07:17:30 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files\Fichiers communs\atimpenc.dll

[2009/06/05 23:03:01 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe149.dll

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/12/15 13:02:18 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[2012/12/15 12:40:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Didier\Bureau\OTL.scr

[2012/12/15 12:30:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/12/15 10:31:34 | 000,002,623 | ---- | M] () -- C:\Documents and Settings\Didier\Bureau\Microsoft Office Outlook 2007.lnk

[2012/12/15 10:14:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/12/13 22:41:07 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk

[2012/12/13 21:31:36 | 000,756,224 | ---- | M] () -- C:\Documents and Settings\Didier\Bureau\RogueKiller.exe

[2012/12/13 17:16:44 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/12/13 17:16:44 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/12/12 21:02:39 | 000,035,980 | ---- | M] () -- C:\Documents and Settings\Didier\Mes documents\attestation CEP 1.pdf

[2012/12/12 11:32:10 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2012/12/12 11:32:10 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2012/12/12 08:21:16 | 000,323,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/12/10 16:24:43 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/12/10 16:07:26 | 000,001,811 | ---- | M] () -- C:\Documents and Settings\Didier\Bureau\Google Chrome.lnk

[2012/12/10 16:07:26 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Didier\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/12/09 12:54:52 | 000,079,481 | ---- | M] () -- C:\Documents and Settings\Didier\Mes documents\facture24056955330-1.pdf

[2012/12/08 10:41:04 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\OpenVPN GUI.lnk

[2012/12/06 13:50:30 | 000,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\TuneUp Maintenance en 1 clic.lnk

[2012/12/06 13:50:30 | 000,001,743 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\TuneUp Utilities 2013.lnk

[2012/12/06 13:50:28 | 000,001,761 | ---- | M] () -- C:\Documents and Settings\Didier\Application Data\Microsoft\Internet Explorer\Quick Launch\TuneUp Utilities 2013.lnk

[2012/12/03 11:42:37 | 001,133,379 | ---- | M] () -- C:\Documents and Settings\Didier\Bureau\Guide_associations_consommateurs_2012.pdf

[2012/12/03 11:39:34 | 000,186,257 | ---- | M] () -- C:\Documents and Settings\Didier\Bureau\actualisation decembre pôle emploi.pdf

[2012/12/03 08:57:44 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk

[2012/12/02 15:42:37 | 013,979,648 | ---- | M] () -- C:\Documents and Settings\Didier\Mes documents\Money.mny

[2012/12/02 15:42:34 | 013,983,438 | R--- | M] () -- C:\Documents and Settings\Didier\Mes documents\Money Sauvegarde.mbf

[2012/12/02 10:08:43 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/11/23 17:12:25 | 000,111,616 | ---- | M] () -- C:\Documents and Settings\Didier\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/11/22 16:16:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\WD.INI

[2012/11/22 10:57:40 | 000,002,589 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\SolidWorks 2012.lnk

[2012/11/16 20:13:30 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Didier\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk

[2012/11/16 09:03:50 | 000,568,506 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat

[2012/11/16 09:03:50 | 000,476,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/11/16 09:03:50 | 000,100,546 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat

[2012/11/16 09:03:50 | 000,077,068 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/12/15 13:02:18 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin

[2012/12/13 22:41:07 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk

[2012/12/13 21:31:35 | 000,756,224 | ---- | C] () -- C:\Documents and Settings\Didier\Bureau\RogueKiller.exe

[2012/12/12 21:02:39 | 000,035,980 | ---- | C] () -- C:\Documents and Settings\Didier\Mes documents\attestation CEP 1.pdf

[2012/12/10 16:07:26 | 000,001,811 | ---- | C] () -- C:\Documents and Settings\Didier\Bureau\Google Chrome.lnk

[2012/12/10 16:07:26 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Didier\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/12/10 16:01:12 | 000,001,056 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/12/10 16:01:12 | 000,001,052 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/12/09 12:54:52 | 000,079,481 | ---- | C] () -- C:\Documents and Settings\Didier\Mes documents\facture24056955330-1.pdf

[2012/12/06 13:50:30 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\TuneUp Maintenance en 1 clic.lnk

[2012/12/06 13:50:30 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\TuneUp Utilities 2013.lnk

[2012/12/06 13:50:28 | 000,001,761 | ---- | C] () -- C:\Documents and Settings\Didier\Application Data\Microsoft\Internet Explorer\Quick Launch\TuneUp Utilities 2013.lnk

[2012/12/06 13:50:28 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\TuneUp Utilities 2013.lnk

[2012/12/03 11:42:37 | 001,133,379 | ---- | C] () -- C:\Documents and Settings\Didier\Bureau\Guide_associations_consommateurs_2012.pdf

[2012/12/03 11:39:34 | 000,186,257 | ---- | C] () -- C:\Documents and Settings\Didier\Bureau\actualisation decembre pôle emploi.pdf

[2012/10/28 18:11:06 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Didier\Application Data\.backup.dm

[2012/09/19 14:08:06 | 000,189,944 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2012/09/19 14:02:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI

[2012/06/07 23:05:23 | 000,328,366 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2012/02/18 22:05:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/11/19 13:38:37 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2011/11/12 15:29:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/11/09 14:07:35 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2011/05/22 12:27:01 | 000,137,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2011/05/22 12:26:58 | 000,268,952 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe

[2011/05/22 12:26:49 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe

[2011/05/13 19:18:20 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI

[2009/01/15 14:22:28 | 000,111,616 | ---- | C] () -- C:\Documents and Settings\Didier\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

========== ZeroAccess Check ==========

 

[2009/01/02 16:38:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

"ThreadingModel" = Both

"" = C:\WINDOWS\system32\shell32.dll -- [2012/06/08 15:25:53 | 008,519,168 | ---- | M] (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 03:33:41 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 11:53:55 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 03:33:48 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== Custom Scans ==========

 

< %SYSTEMDRIVE%\*.exe >

 

< %USERPROFILE%\AppData\Local\*.* >

 

< %USERPROFILE%\AppData\Roaming\*.* >

 

< %systemroot%\system32\*.ini >

[2000/09/08 13:31:38 | 000,000,072 | ---- | M] () -- C:\WINDOWS\system32\epDPE.ini

[2004/08/05 13:00:00 | 001,015,477 | ---- | M] () -- C:\WINDOWS\system32\esentprf.ini

[2007/02/05 14:47:40 | 000,016,042 | ---- | M] () -- C:\WINDOWS\system32\gsrvctr.ini

[2007/02/05 14:47:48 | 000,016,704 | ---- | M] () -- C:\WINDOWS\system32\gthrctr.ini

[2007/02/05 14:47:48 | 000,021,596 | ---- | M] () -- C:\WINDOWS\system32\idxcntrs.ini

[2004/08/05 13:00:00 | 000,003,914 | ---- | M] () -- C:\WINDOWS\system32\msdtcprf.ini

[2004/08/05 13:00:00 | 000,003,030 | ---- | M] () -- C:\WINDOWS\system32\perfci.ini

[2004/08/05 13:00:00 | 000,001,293 | ---- | M] () -- C:\WINDOWS\system32\perffilt.ini

[2012/11/16 09:03:50 | 001,234,594 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI

[2004/08/05 13:00:00 | 000,002,994 | ---- | M] () -- C:\WINDOWS\system32\perfwci.ini

[2004/08/05 13:00:00 | 000,000,367 | ---- | M] () -- C:\WINDOWS\system32\prodspec.ini

[2004/08/05 13:00:00 | 000,014,073 | ---- | M] () -- C:\WINDOWS\system32\pschdprf.ini

[2004/08/05 13:00:00 | 000,006,212 | ---- | M] () -- C:\WINDOWS\system32\rasctrs.ini

[2004/08/05 13:00:00 | 000,015,937 | ---- | M] () -- C:\WINDOWS\system32\rsvp.ini

[2004/08/05 13:00:00 | 000,053,478 | ---- | M] () -- C:\WINDOWS\system32\tcpmon.ini

[2004/08/05 13:00:00 | 000,027,768 | ---- | M] () -- C:\WINDOWS\system32\tslabels.ini

[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %systemroot%\Tasks\*.* >

[2012/12/15 12:30:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

[2012/12/10 16:24:43 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

[2004/08/05 13:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2012/12/13 17:16:44 | 000,001,052 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

[2012/12/13 17:16:44 | 000,001,056 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

[2010/04/15 06:43:08 | 000,000,506 | ---- | M] () -- C:\WINDOWS\Tasks\Install.job

[2012/12/15 10:14:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

 

< %systemroot%\system32\Tasks\*.* >

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s >

"Authentication Packages" = msv1_0 [binary data] -- [2009/09/11 15:18:20 | 000,136,192 | ---- | M] (Microsoft Corporation)

"Bounds" = 0 [binary data]

"Security Packages" = kerberosmsv1_0schannelwdigest [binary data]

"ImpersonatePrivilegeUpgradeToolHasRun" = 1

"LsaPid" = 1940

"SecureBoot" = 1

"auditbaseobjects" = 0

"crashonauditfail" = 0

"disabledomaincreds" = 0

"everyoneincludesanonymous" = 0

"fipsalgorithmpolicy" = 0

"forceguest" = 1

"fullprivilegeauditing" = [binary data]

"limitblankpassworduse" = 1

"lmcompatibilitylevel" = 0

"nodefaultadminowner" = 1

"nolmhash" = 0

"restrictanonymous" = 0

"restrictanonymoussam" = 1

"Notification Packages" = scecli [binary data] -- [2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation)

"enabledcom" = y

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders]

"ProviderOrder" = Windows NT Access Provider [binary data]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders\Windows NT Access Provider]

"ProviderPath" = %SystemRoot%\system32\ntmarta.dll -- [2008/04/14 03:33:36 | 000,119,808 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\PerUserAuditing]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\PerUserAuditing\System]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data]

"Pattern" = 48 5B 49 F2 73 17 0C 8B 7C 4A 06 CA 16 CB C7 B2 35 38 32 64 31 35 62 37 00 FD 07 00 C2 42 00 00 34 FA 07 00 56 82 74 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 2B 4E 27 6E F8 18 2D 64 81 21 B3 58 [binary data]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG]

"GrafBlumGroup" = 25 2D 84 BF 04 7F F0 18 7C [binary data]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD]

"Lookup" = F6 49 59 01 45 18 [binary data]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\msv1_0]

"ntlmminclientsec" = 0

"ntlmminserversec" = 0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1]

"SkewMatrix" = 65 63 9A 27 7F F8 3A 70 82 FB 31 41 21 F0 7A 16 [binary data]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO\Passport1.4]

"SSOURL" = Windows Live ID

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache]

"Time" = 38 E6 C9 27 63 6C C9 01 [binary data]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\digest.dll]

"Name" = Digest

"Comment" = Digest SSPI Authentication Package

"Capabilities" = 16464

"RpcId" = 65535

"Version" = 1

"TokenSize" = 65535

"Time" = 00 85 3E E8 D7 9D C8 01 [binary data]

"Type" = 49

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\msapsspc.dll]

"Name" = DPA

"Comment" = DPA Security Package

"Capabilities" = 55

"RpcId" = 17

"Version" = 1

"TokenSize" = 768

"Time" = 00 39 03 ED D7 9D C8 01 [binary data]

"Type" = 49

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\msnsspc.dll]

"Name" = MSN

"Comment" = MSN Security Package

"Capabilities" = 55

"RpcId" = 18

"Version" = 1

"TokenSize" = 768

"Time" = 00 66 34 EE D7 9D C8 01 [binary data]

"Type" = 49

 

< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >

"AutoRestartShell" = 1

"DefaultDomainName" = PINSON-C3BA1203

"DefaultUserName" = Didier

"LegalNoticeCaption" =

"LegalNoticeText" =

"PowerdownAfterShutdown" = 0

"ReportBootOk" = 1

"Shell" = Explorer.exe -- [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation)

"ShutdownWithoutLogon" = 0

"System" =

"Userinit" = C:\WINDOWS\system32\userinit.exe,

"VmApplet" = rundll32 shell32,Control_RunDLL "sysdm.cpl"

"SfcQuota" = -1

"allocatecdroms" = 0

"allocatedasd" = 0

"allocatefloppies" = 0

"cachedlogonscount" = 10

"forceunlocklogon" = 0

"passwordexpirywarning" = 14

"scremoveoption" = 0

"AllowMultipleTSSessions" = 1

"UIHost" = logonui.exe -- [2008/04/14 03:34:09 | 000,515,584 | ---- | M] (Microsoft Corporation)

"LogonType" = 1

"Background" = 0 0 0

"DebugServerCommand" = no

"SFCDisable" = 0

"WinStationsDisabled" = 0

"HibernationPreviouslyEnabled" = 1

"ShowLogonOptions" = 0

"AltDefaultUserName" = Didier

"AltDefaultDomainName" = PINSON-C3BA1203

"ChangePasswordUseKerberos" = 1

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SCLogon]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials]

 

< MD5 for: AFD.SYS >

[2011/08/17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys

[2011/08/17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys

[2008/04/13 20:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys

[2008/10/16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys

[2008/08/14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys

[2008/08/14 10:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys

[2008/08/14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys

[2011/02/16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys

[2008/06/20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys

[2011/08/17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys

 

< MD5 for: ATAPI.SYS >

[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2009/01/01 21:02:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2009/01/01 21:02:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

 

< MD5 for: EVENTLOG.DLL >

[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

 

< MD5 for: EXPLORER.EXE >

[2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe

[2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

 

< MD5 for: IASTOR.SYS >

[2008/09/08 22:04:29 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\NLDRV\001\iastor.sys

[2008/09/08 22:26:36 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\NLDRV\002\iastor.sys

 

< MD5 for: IPSEC.SYS >

[2008/04/13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys

[2008/04/13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys

 

< MD5 for: NETBT.SYS >

[2008/04/13 20:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys

[2008/04/13 20:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys

 

< MD5 for: NETLOGON.DLL >

[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

 

< MD5 for: NTOSKRNL.EXE >

[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:ntoskrnl.exe

[2009/01/01 21:02:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:ntoskrnl.exe

[2009/01/01 21:02:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:ntoskrnl.exe

[2008/04/14 03:08:03 | 002,191,104 | ---- | M] (Microsoft Corporation) MD5=099D639DA1EF6968D4E41795BB507E6B -- C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe

[2010/02/16 20:00:44 | 002,192,128 | ---- | M] (Microsoft Corporation) MD5=126C8FD13731649A7CD6F0A311CD49B8 -- C:\WINDOWS\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe

[2010/04/28 06:17:40 | 002,192,128 | ---- | M] (Microsoft Corporation) MD5=220EFAF0106119F4A7CA598076EE14E6 -- C:\WINDOWS\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe

[2010/12/09 16:15:06 | 002,194,816 | ---- | M] (Microsoft Corporation) MD5=360612511AA332B8D3AB295ACA0192CD -- C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe

[2011/10/26 11:50:05 | 002,150,912 | ---- | M] (Microsoft Corporation) MD5=42C8A327ADF3B7C86DBCD57DDB8DA661 -- C:\WINDOWS\$NtUninstallKB2676562$\ntoskrnl.exe

[2012/05/05 04:14:12 | 002,194,688 | ---- | M] (Microsoft Corporation) MD5=4905B4A5F06D8F763A03DD66DA6C3683 -- C:\WINDOWS\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe

[2012/04/11 14:51:40 | 002,150,400 | ---- | M] (Microsoft Corporation) MD5=5454C077A8A5FFBB62DB4287B7BD97BD -- C:\WINDOWS\$NtUninstallKB2707511$\ntoskrnl.exe

[2009/08/04 18:22:24 | 002,191,360 | ---- | M] (Microsoft Corporation) MD5=63864AF70CAC631077A6C1223617336B -- C:\WINDOWS\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe

[2012/04/11 14:50:46 | 002,194,688 | ---- | M] (Microsoft Corporation) MD5=87699B2568FF945306864A0FE9E96915 -- C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe

[2009/12/09 15:32:16 | 002,191,360 | ---- | M] (Microsoft Corporation) MD5=9EC870EAB7D08695E59579C7AAC3B23D -- C:\WINDOWS\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe

[2012/05/05 04:15:00 | 002,150,400 | ---- | M] (Microsoft Corporation) MD5=BE38DF03C39AAF7F2339A822D0B6C6BA -- C:\WINDOWS\$NtUninstallKB2724197$\ntoskrnl.exe

[2009/02/10 18:16:44 | 002,191,232 | ---- | M] (Microsoft Corporation) MD5=BEF458B8424553279E95E250D1E0CE7E -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[2008/08/14 14:39:11 | 002,188,032 | ---- | M] (Microsoft Corporation) MD5=C6649255E51F145B6E15C505AB68E459 -- C:\WINDOWS\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe

[2008/08/14 14:23:49 | 002,191,232 | ---- | M] (Microsoft Corporation) MD5=C8D4D5974F9671DA0A37175650912960 -- C:\WINDOWS\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe

[2012/08/23 07:27:09 | 002,150,912 | ---- | M] (Microsoft Corporation) MD5=C96C7D21DE09D8B880966E3A05B338DE -- C:\WINDOWS\system32\ntoskrnl.exe

[2008/08/14 19:26:02 | 002,191,232 | ---- | M] (Microsoft Corporation) MD5=D79210549BBF09B7638E860440504299 -- C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

[2012/08/23 07:26:13 | 002,195,072 | ---- | M] (Microsoft Corporation) MD5=DC5C04F4AEB100C37B636E56F12C36FD -- C:\WINDOWS\$hf_mig$\KB2724197\SP3QFE\ntoskrnl.exe

[2010/12/09 16:14:10 | 002,150,912 | ---- | M] (Microsoft Corporation) MD5=E8DE6CA43363B663645AE4639F2F41D6 -- C:\WINDOWS\$NtUninstallKB2633171$\ntoskrnl.exe

[2012/08/23 07:27:12 | 002,194,944 | ---- | M] (Microsoft Corporation) MD5=EE6D856BAC0CA37026116D925616C248 -- C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

[2012/08/23 07:27:12 | 002,194,944 | ---- | M] (Microsoft Corporation) MD5=EE6D856BAC0CA37026116D925616C248 -- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

[2011/10/26 11:49:20 | 002,194,816 | ---- | M] (Microsoft Corporation) MD5=F19BB8B35EB140558EDDB3CCA9241DF9 -- C:\WINDOWS\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe

 

< MD5 for: SCECLI.DLL >

[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

 

< MD5 for: SERVICES.EXE >

[2008/04/14 03:34:20 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=54CB50058851D95E56EC70D09F70857F -- C:\WINDOWS\ServicePackFiles\i386\services.exe

[2009/02/09 12:16:53 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=62789101F9C2401ED598AA2CDE7450C0 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe

[2009/02/09 12:23:48 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C3FB1D70CB88722267949694BA51759E -- C:\WINDOWS\system32\dllcache\services.exe

[2009/02/09 12:23:48 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C3FB1D70CB88722267949694BA51759E -- C:\WINDOWS\system32\services.exe

 

< MD5 for: TCPIP.SYS >

[2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys

[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys

[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys

[2008/06/20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

[2008/06/20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

 

< MD5 for: USERINIT.EXE >

[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

 

< MD5 for: WINLOGON.EXE >

[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0757AAB

 

< End of report >

[pear]

Je vous ai demandé les rapports Rogue killer et Mbam.

[Syrius]

Oups pardon

 

Voici le rapport de Rogue Killer :

 

RogueKiller V8.4.0 [Dec 12 2012] par Tigzy

mail : tigzyRK<at>gmail<dot>com

Remontees : [RogueKiller] Remontées

Site Web : RogueKiller

Blog : tigzy-RK

 

Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Demarrage : Mode normal

Utilisateur : Didier [Droits d'admin]

Mode : Recherche -- Date : 14/12/2012 08:23:02

 

¤¤¤ Processus malicieux : 0 ¤¤¤

 

¤¤¤ Entrees de registre : 0 ¤¤¤

 

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

 

¤¤¤ Driver : [CHARGE] ¤¤¤

SSDT[25] : NtClose @ 0x805BC538 -> HOOKED (Unknown @ 0xBA720314)

SSDT[41] : NtCreateKey @ 0x806240F6 -> HOOKED (Unknown @ 0xBA7202CE)

SSDT[50] : NtCreateSection @ 0x805AB3D0 -> HOOKED (Unknown @ 0xBA72031E)

SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0xBA7202C4)

SSDT[63] : NtDeleteKey @ 0x80624592 -> HOOKED (Unknown @ 0xBA7202D3)

SSDT[65] : NtDeleteValueKey @ 0x80624762 -> HOOKED (Unknown @ 0xBA7202DD)

SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0xBA72030F)

SSDT[98] : NtLoadKey @ 0x8062631A -> HOOKED (Unknown @ 0xBA7202E2)

SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0xBA7202B0)

SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0xBA7202B5)

SSDT[177] : NtQueryValueKey @ 0x8062231A -> HOOKED (Unknown @ 0xBA720337)

SSDT[193] : NtReplaceKey @ 0x806261CA -> HOOKED (Unknown @ 0xBA7202EC)

SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D7E -> HOOKED (Unknown @ 0xBA720328)

SSDT[204] : NtRestoreKey @ 0x80625AD6 -> HOOKED (Unknown @ 0xBA7202E7)

SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0xBA720323)

SSDT[237] : NtSetSecurityObject @ 0x805C0636 -> HOOKED (Unknown @ 0xBA72032D)

SSDT[247] : NtSetValueKey @ 0x80622668 -> HOOKED (Unknown @ 0xBA7202D8)

SSDT[255] : NtSystemDebugControl @ 0x806180CA -> HOOKED (Unknown @ 0xBA720332)

SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0xBA7202BF)

S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xBA720346)

S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xBA72034B)

 

¤¤¤ Fichier HOSTS: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

 

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1001namen.com

127.0.0.1 1001namen.com

127.0.0.1 www.100888290cs.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100sexlinks.com

[...]

 

 

¤¤¤ MBR Verif: ¤¤¤

 

+++++ PhysicalDrive0: ST3250824AS +++++

--- User ---

[MBR] cea6392e92acd1aa46de129e646f9523

[bSP] b68aa0c19ecfae6990ea1fbd7d1c1caf : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Termine : << RKreport[7]_S_14122012_082302.txt >>

RKreport[1]_S_13122012_213543.txt ; RKreport[2]_D_13122012_213743.txt ; RKreport[3]_S_13122012_214449.txt ; RKreport[4]_D_13122012_221301.txt ; RKreport[5]_D_13122012_222200.txt ;

RKreport[6]_S_13122012_222712.txt ; RKreport[7]_S_14122012_082302.txt

 

Et pour Mbam, j'ai été obligé de refaire un scan car j'avais effacé le rapport :

 

Malwarebytes' Anti-Malware 1.41

Version de la base de données: 2775

Windows 5.1.2600 Service Pack 3

 

15/12/2012 18:53:21

mbam-log-2012-12-15 (18-53-21).txt

 

Type de recherche: Examen complet (C:\|)

Eléments examinés: 282475

Temps écoulé: 1 hour(s), 52 minute(s), 15 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 1

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\System Volume Information\_restore{2591F6DA-7069-461A-A8C2-C8C9354B037E}\RP1096\A0230207.exe (Adware.NaviPromo) -> Quarantined and deleted successfully.

[pear]

Relancez Otl

 

Sous Custom scan Files ou Personnalisation

Copiez Collez

:OTL

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Policies = C:\WINDOWS\system32\install\server.exe

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = duxet.com

[2012/12/13 17:16:44 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/12/13 17:16:44 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/12/10 16:01:12 | 000,001,056 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/12/10 16:01:12 | 000,001,052 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/12/13 17:16:44 | 000,001,052 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

[2012/12/13 17:16:44 | 000,001,056 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

[2012/11/22 08:27:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0757AAB

 

:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]

""=""%1" %*"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

 

[purity]

[emptytemp]

[resethosts]

-------->Cliquer Runfix ou Correction

 

OTL redémarrera le système automatiquement.

Postez le rapport.

[Syrius]

Voici le rapport après la manip :

 

All processes killed

========== OTL ==========

Error: No service named esgiguard was found to stop!

Service\Driver key esgiguard not found.

File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found.

Use Chrome's Settings page to remove the default_search_provider items.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\Policies not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

File C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job not found.

File C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job not found.

File C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job not found.

File C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job not found.

File C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job not found.

File C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job not found.

Folder C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}\ not found.

Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:D0757AAB .

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\WINDOWS\\system32\\userinit.exe," /E : value set successfully!

 

OTL by OldTimer - Version 3.2.69.0 log created on 12162012_095607

 

Files\Folders moved on Reboot...

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

[pear]

Autre chose ?

[Syrius]

J'ai refait la manip et le rapport ne me donne que cela :

 

All processes killed

========== OTL ==========

Error: No service named esgiguard was found to stop!

Service\Driver key esgiguard not found.

File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found.

Use Chrome's Settings page to remove the default_search_provider items.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\Policies not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

File C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job not found.

File C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job not found.

File C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job not found.

File C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job not found.

File C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job not found.

File C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job not found.

Folder C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}\ not found.

Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:D0757AAB .

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\WINDOWS\\system32\\userinit.exe," /E : value set successfully!

 

OTL by OldTimer - Version 3.2.69.0 log created on 12162012_133402

 

Files\Folders moved on Reboot...

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...