Bonjour,
Début janvier je galèrais avec un virus W. 32 ALUREON EU que j'ai réussi grace à vous, à neutraliser.
Depuis hier je n'arrête pas d'avoir des alertes avast me signalant la présence de ce virus qui a changé de nom
W.32 ALUREON FR dans le fichier C:\WINDOWS\system32\drivers\atapi.sys.
En faisant un scan approfondi AVAST il ne trouve rien, SECUSER.COM ne trouve rien, MBAM ne trouve rien non plus, idem pour spybot. Par contre je n'arrive pas à redémarrer en mode sans échec, hier pour redémarrer le pc j'ai du prendre l'option de la dernière bonne configuration, depuis, je n'ose plus l'éteindre.
Faut il que je refasse tout ce qui m'a été conseillé le 2 janvier ?
Si je supprime la centaine d'alertes qui se trouvent depuis hier en quarantaine dans AVAST mon pc va t'il redémarrer ?
Merci A+
Il y a actuellement 291 visiteurs
Mercredi 08 Mai 2024
       |
Win 32 alureon le retour
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...), veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...), veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel
19 messages
• Page 1 sur 2 • 1, 2
Win 32 alureon le retour
le 09 Mar 2010 10:50
- calimero67
- Apprenti(e)
- Messages: 35
- Inscription: 02 Jan 2010 17:57
Re: Win 32 alureon le retour
le 09 Mar 2010 20:53
Bonsoir
He pas chance il tant veux celui-la
Télécharge ComboFix <ICI>>
Pour les Utilisateurs de VISTA: Clic-droit et choisis "Exécuter en tant qu'administrateur".
Pour VISTA : pas d'installation de la console de récupération.
>> Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée.
Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir préinstallée sur votre PC avant toute suppression de nuisibles.
Elle permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.
Suis les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela est demandé, accepte le Contrat de Licence Utilisateur Final pour l'installer.
>> Une fois sur ton bureau double clique dessus pour le lancer.
Note importante : Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.
Lorsque le scan sera complet, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
>>Ne pas cliquer dans la fenêtre de Combofix durant l’analyse, ceci provoquerait le gel du programme
He pas chance il tant veux celui-la
Télécharge ComboFix <ICI>>
Pour les Utilisateurs de VISTA: Clic-droit et choisis "Exécuter en tant qu'administrateur".
Pour VISTA : pas d'installation de la console de récupération.
>> Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée.
Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir préinstallée sur votre PC avant toute suppression de nuisibles.
Elle permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.
Suis les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela est demandé, accepte le Contrat de Licence Utilisateur Final pour l'installer.
>> Une fois sur ton bureau double clique dessus pour le lancer.
Note importante : Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.
Lorsque le scan sera complet, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
>>Ne pas cliquer dans la fenêtre de Combofix durant l’analyse, ceci provoquerait le gel du programme
-
bernard53 - PC-Infopraticien
- Messages: 12778
- Inscription: 08 Déc 2009 19:51
Re: Win 32 alureon le retour
le 10 Mar 2010 09:31
Salut, désolé pour le retard, je suis tributaire du téléphone....
voici le rapport combofix
ComboFix 10-03-09.06 - seppi 10/03/2010 9:18.2.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.597 [GMT 1:00]
Lancé depuis: c:\documents and settings\seppi\Bureau\Calimero.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users.\documents\settings
C:\LOG.TXT
c:\windows\system32\Drivers\yckbtc.sys
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-10 au 2010-03-10 ))))))))))))))))))))))))))))))))))))
.
2010-03-06 16:20 . 2010-03-06 16:24 -------- d-----w- c:\documents and settings\seppi\Application Data\FreeFLVConverter
2010-03-05 14:43 . 2010-03-05 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-03-05 06:49 . 2010-03-05 06:49 -------- d-----w- c:\documents and settings\seppi\GLUCOFACTS Express
2010-03-05 06:49 . 2010-03-05 06:49 -------- d-----w- c:\documents and settings\seppi\Dancer
2010-03-04 10:15 . 2010-03-07 10:18 -------- d-----w- c:\documents and settings\seppi\Local Settings\Application Data\WMTools Downloaded Files
2010-03-01 21:50 . 2010-03-01 22:07 -------- d-----w- C:\ToolBar SD
2010-03-01 21:22 . 2010-03-01 21:25 -------- d-----w- C:\rsit
2010-03-01 11:49 . 2010-03-01 11:49 10752 ----a-w- c:\windows\DCEBoot.exe
2010-02-28 08:24 . 2010-02-28 08:24 -------- d-----w- c:\program files\Trend Micro
2010-02-27 18:14 . 2010-02-27 18:14 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2010-02-27 13:29 . 2010-02-27 13:29 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-27 07:31 . 2010-02-27 07:45 -------- d-----w- c:\program files\réparation fichier rar
2010-02-21 08:04 . 2006-11-29 03:11 667648 ----a-w- c:\windows\InZU31.exe
2010-02-21 08:04 . 2005-06-29 00:38 15172 ----a-w- c:\windows\system32\drivers\PzWDM.sys
2010-02-21 08:04 . 2010-02-21 08:04 -------- d-----w- c:\program files\ONES Trial (F)
2010-02-21 08:04 . 2010-02-21 08:04 -------- d-----w- c:\program files\ones
2010-02-17 16:34 . 2010-02-17 16:34 -------- d-----w- c:\documents and settings\seppi\Saved Games
2010-02-17 16:32 . 2010-02-17 16:32 -------- d-----w- c:\documents and settings\seppi\Local Settings\Application Data\Oberon Games
2010-02-17 16:28 . 2010-02-17 16:28 -------- d-----w- c:\documents and settings\seppi\Application Data\Big Fish Games
2010-02-17 16:27 . 2010-02-17 16:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-17 16:26 . 2010-02-17 16:26 -------- d-----w- c:\program files\Fichiers communs\Oberon Media
2010-02-17 16:26 . 2010-02-17 16:26 -------- d-----w- c:\program files\orange
2010-02-17 16:22 . 2010-02-17 16:26 -------- d-----w- c:\program files\jeux
2010-02-09 07:36 . 2010-02-27 12:10 -------- d-----w- c:\program files\FamilySearch
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-10 07:49 . 2009-12-14 14:01 -------- d-----w- c:\program files\FlashGet
2010-03-09 11:24 . 2009-12-13 19:25 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2009-12-13 19:26 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2009-12-13 19:26 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2009-12-13 19:26 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2009-12-13 19:26 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2009-12-13 19:26 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2009-12-13 19:26 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2009-12-13 19:26 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-08 18:49 . 2010-01-02 17:22 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-08 18:49 . 2010-01-02 17:22 96512 ----a-w- c:\windows\system32\drivers\atapi.svs
2010-03-08 16:46 . 2009-12-31 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-08 16:43 . 2010-02-01 16:14 -------- d-----w- c:\documents and settings\seppi\Application Data\FrostWire
2010-03-08 16:37 . 2009-12-26 12:41 -------- d-----w- c:\program files\eMule
2010-03-08 15:52 . 2010-01-20 14:38 -------- d-----w- c:\documents and settings\seppi\Application Data\vlc
2010-03-08 15:18 . 2009-12-15 12:36 1 ----a-w- c:\documents and settings\seppi\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-08 09:17 . 2009-12-15 08:12 -------- d-----w- c:\documents and settings\seppi\Application Data\Azureus
2010-03-07 08:09 . 2009-12-29 10:11 -------- d-----w- c:\documents and settings\seppi\Application Data\gtk-2.0
2010-03-06 16:20 . 2010-02-05 07:14 -------- d-----w- c:\program files\Free FLV Converter
2010-03-05 06:47 . 2010-01-12 16:05 -------- d-----w- c:\program files\Bayer® HealthCare
2010-03-04 08:10 . 2009-12-20 16:02 -------- d-----w- c:\documents and settings\seppi\Application Data\dvdcss
2010-02-27 12:10 . 2009-12-21 08:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-26 17:02 . 2009-12-14 14:05 -------- d-----w- c:\program files\CCleaner
2010-02-25 20:50 . 2010-02-05 07:15 315392 ----a-w- c:\windows\system32\TubeFinder.exe
2010-02-20 15:19 . 2009-12-26 10:45 -------- d-----w- c:\program files\Easy CD-DA Extractor 8
2010-02-17 16:26 . 2009-12-15 12:33 -------- d-----w- c:\program files\JRE
2010-02-11 18:53 . 2009-12-13 19:26 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-05 07:15 . 2010-02-05 07:15 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2010-02-05 07:15 . 2010-02-05 07:15 -------- d-----w- c:\program files\Application Updater
2010-02-03 07:49 . 2010-02-01 16:34 4506256 ----a-w- c:\documents and settings\seppi\Application Data\FrostWire\.NetworkShare\LimeWireWin4.16.6.exe
2010-02-03 07:34 . 2009-12-13 19:25 -------- d-----w- c:\program files\Alwil Software
2010-02-03 07:32 . 2010-02-03 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-01 16:16 . 2010-02-01 16:13 -------- d-----w- c:\program files\FrostWire
2010-01-21 07:29 . 2010-01-21 07:29 3481968 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2010-01-21 07:29 . 2010-01-21 07:29 -------- d-----w- c:\program files\FLV Player
2010-01-20 16:19 . 2010-01-20 16:19 -------- d-----w- c:\documents and settings\seppi\Application Data\Apple Computer
2010-01-20 16:17 . 2009-12-15 08:12 127600 ----a-w- c:\documents and settings\seppi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-20 15:11 . 2010-01-20 15:09 -------- d-----w- c:\program files\QuickTime
2010-01-20 15:09 . 2010-01-20 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-20 15:08 . 2010-01-20 15:08 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-01-20 15:07 . 2010-01-20 15:07 -------- d-----w- c:\program files\Apple Software Update
2010-01-20 15:07 . 2010-01-20 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-20 14:17 . 2010-01-20 14:13 -------- d-----w- c:\documents and settings\seppi\Application Data\Python-Eggs
2010-01-19 14:37 . 2010-01-19 10:55 -------- d-----w- c:\program files\Amazon
2010-01-19 08:02 . 2010-01-19 08:02 -------- d-----w- c:\program files\Ares
2010-01-15 16:49 . 2010-01-15 08:07 -------- d-----w- c:\program files\VirtualDubMOD
2010-01-15 15:43 . 2010-01-15 15:43 -------- d-----w- c:\program files\AviSynth 2.5
2010-01-15 13:39 . 2009-12-14 14:50 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-01-15 09:24 . 2010-01-15 09:24 -------- d-----w- c:\program files\ESET
2010-01-15 08:07 . 2010-01-15 08:07 -------- d-----w- c:\program files\eRightSoft
2010-01-14 16:53 . 2010-01-14 16:53 -------- d-----w- c:\documents and settings\seppi\Application Data\Canneverbe_Limited
2010-01-14 10:11 . 2010-01-14 10:11 -------- d-----w- c:\program files\CDBurnerXP
2010-01-14 10:11 . 2010-01-14 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-01-14 10:11 . 2010-01-14 10:10 6479872 ----a-w- c:\program files\cdbxp_setup_4.2.7.1849.msi
2010-01-13 17:10 . 2009-12-16 11:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 17:10 . 2010-01-07 10:15 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 15:07 . 2009-12-16 11:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-12-16 11:40 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 15:31 . 2008-04-14 12:00 544876 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-04 15:31 . 2008-04-14 12:00 100734 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 14:01 . 2009-12-30 14:01 128 ----a-w- c:\documents and settings\seppi\Local Settings\Application Data\fusioncache.dat
2009-12-21 19:07 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 20:03 . 2010-01-08 10:53 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2009-12-17 19:56 . 2010-01-08 10:53 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-17 07:41 . 2009-12-12 16:48 347648 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 09:07 . 2009-12-16 09:07 177024 ----a-w- c:\documents and settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\FlashGot.exe
2009-12-15 16:45 . 2009-12-15 16:45 152576 ----a-w- c:\documents and settings\seppi\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-15 16:45 . 2009-12-15 16:45 79488 ----a-w- c:\documents and settings\seppi\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-15 12:12 . 2009-12-15 12:12 10686001 ----a-w- c:\documents and settings\seppi\Application Data\Azureus\plugins\azump\mplayer.exe
2009-12-14 07:09 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-13 19:19 . 2009-12-13 19:19 0 ----a-w- c:\windows\nsreg.dat
2009-12-13 17:01 . 2009-12-12 16:52 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-12 16:49 . 2009-12-12 16:49 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-10 18:00 . 2009-12-14 14:04 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2006-05-03 10:06 . 2010-01-15 08:08 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-01-15 08:08 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-01-15 08:08 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2010-01-09 955392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Event Reminder.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pense-bête.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Pense-bête.lnk
backup=c:\windows\pss\Pense-bête.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2010-01-09 21:01 955392 ----a-w- c:\program files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-07-04 13:01 148776 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
2007-09-25 08:10 2007088 ----a-w- c:\program files\FlashGet\flashget.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 11:49 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-07-04 13:20 161064 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2002-10-16 10:24 47104 ----a-r- c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [21/02/2010 09:04 15172]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13/12/2009 20:26 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/12/2009 20:26 19024]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17/12/2009 21:00 1044808]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064]
S2 quszqgmn;VIA Rhine Family Fast Ethernet Adapter Monitor;c:\windows\System32\svchost.exe -k netsvcs [14/04/2008 13:00 14336]
S3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [26/12/2009 10:07 9856]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [16/12/2009 17:38 375296]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
quszqgmn
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
2010-03-10 c:\windows\Tasks\Recherche de problèmes automatique.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-17 20:07]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
FF - ProfilePath - c:\documents and settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\
FF - component: c:\documents and settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - plugin: c:\documents and settings\seppi\Local Settings\Application Data\Yahoo!\BrowserPlus\2.5.1\Plugins\npybrowserplus_2.5.1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
Notify-kcmrfkxo - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-10 09:24
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2010-03-10 09:27:30
ComboFix-quarantined-files.txt 2010-03-10 08:27
Avant-CF: 40 455 516 160 octets libres
Après-CF: 40 745 615 360 octets libres
Current=1 Default=1 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 00D1144BB087EF42860EF739DD64A901
voici le rapport combofix
ComboFix 10-03-09.06 - seppi 10/03/2010 9:18.2.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.597 [GMT 1:00]
Lancé depuis: c:\documents and settings\seppi\Bureau\Calimero.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users.\documents\settings
C:\LOG.TXT
c:\windows\system32\Drivers\yckbtc.sys
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-10 au 2010-03-10 ))))))))))))))))))))))))))))))))))))
.
2010-03-06 16:20 . 2010-03-06 16:24 -------- d-----w- c:\documents and settings\seppi\Application Data\FreeFLVConverter
2010-03-05 14:43 . 2010-03-05 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-03-05 06:49 . 2010-03-05 06:49 -------- d-----w- c:\documents and settings\seppi\GLUCOFACTS Express
2010-03-05 06:49 . 2010-03-05 06:49 -------- d-----w- c:\documents and settings\seppi\Dancer
2010-03-04 10:15 . 2010-03-07 10:18 -------- d-----w- c:\documents and settings\seppi\Local Settings\Application Data\WMTools Downloaded Files
2010-03-01 21:50 . 2010-03-01 22:07 -------- d-----w- C:\ToolBar SD
2010-03-01 21:22 . 2010-03-01 21:25 -------- d-----w- C:\rsit
2010-03-01 11:49 . 2010-03-01 11:49 10752 ----a-w- c:\windows\DCEBoot.exe
2010-02-28 08:24 . 2010-02-28 08:24 -------- d-----w- c:\program files\Trend Micro
2010-02-27 18:14 . 2010-02-27 18:14 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2010-02-27 13:29 . 2010-02-27 13:29 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-27 07:31 . 2010-02-27 07:45 -------- d-----w- c:\program files\réparation fichier rar
2010-02-21 08:04 . 2006-11-29 03:11 667648 ----a-w- c:\windows\InZU31.exe
2010-02-21 08:04 . 2005-06-29 00:38 15172 ----a-w- c:\windows\system32\drivers\PzWDM.sys
2010-02-21 08:04 . 2010-02-21 08:04 -------- d-----w- c:\program files\ONES Trial (F)
2010-02-21 08:04 . 2010-02-21 08:04 -------- d-----w- c:\program files\ones
2010-02-17 16:34 . 2010-02-17 16:34 -------- d-----w- c:\documents and settings\seppi\Saved Games
2010-02-17 16:32 . 2010-02-17 16:32 -------- d-----w- c:\documents and settings\seppi\Local Settings\Application Data\Oberon Games
2010-02-17 16:28 . 2010-02-17 16:28 -------- d-----w- c:\documents and settings\seppi\Application Data\Big Fish Games
2010-02-17 16:27 . 2010-02-17 16:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-17 16:26 . 2010-02-17 16:26 -------- d-----w- c:\program files\Fichiers communs\Oberon Media
2010-02-17 16:26 . 2010-02-17 16:26 -------- d-----w- c:\program files\orange
2010-02-17 16:22 . 2010-02-17 16:26 -------- d-----w- c:\program files\jeux
2010-02-09 07:36 . 2010-02-27 12:10 -------- d-----w- c:\program files\FamilySearch
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-10 07:49 . 2009-12-14 14:01 -------- d-----w- c:\program files\FlashGet
2010-03-09 11:24 . 2009-12-13 19:25 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2009-12-13 19:26 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2009-12-13 19:26 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2009-12-13 19:26 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2009-12-13 19:26 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2009-12-13 19:26 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2009-12-13 19:26 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2009-12-13 19:26 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-08 18:49 . 2010-01-02 17:22 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-08 18:49 . 2010-01-02 17:22 96512 ----a-w- c:\windows\system32\drivers\atapi.svs
2010-03-08 16:46 . 2009-12-31 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-08 16:43 . 2010-02-01 16:14 -------- d-----w- c:\documents and settings\seppi\Application Data\FrostWire
2010-03-08 16:37 . 2009-12-26 12:41 -------- d-----w- c:\program files\eMule
2010-03-08 15:52 . 2010-01-20 14:38 -------- d-----w- c:\documents and settings\seppi\Application Data\vlc
2010-03-08 15:18 . 2009-12-15 12:36 1 ----a-w- c:\documents and settings\seppi\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-08 09:17 . 2009-12-15 08:12 -------- d-----w- c:\documents and settings\seppi\Application Data\Azureus
2010-03-07 08:09 . 2009-12-29 10:11 -------- d-----w- c:\documents and settings\seppi\Application Data\gtk-2.0
2010-03-06 16:20 . 2010-02-05 07:14 -------- d-----w- c:\program files\Free FLV Converter
2010-03-05 06:47 . 2010-01-12 16:05 -------- d-----w- c:\program files\Bayer® HealthCare
2010-03-04 08:10 . 2009-12-20 16:02 -------- d-----w- c:\documents and settings\seppi\Application Data\dvdcss
2010-02-27 12:10 . 2009-12-21 08:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-26 17:02 . 2009-12-14 14:05 -------- d-----w- c:\program files\CCleaner
2010-02-25 20:50 . 2010-02-05 07:15 315392 ----a-w- c:\windows\system32\TubeFinder.exe
2010-02-20 15:19 . 2009-12-26 10:45 -------- d-----w- c:\program files\Easy CD-DA Extractor 8
2010-02-17 16:26 . 2009-12-15 12:33 -------- d-----w- c:\program files\JRE
2010-02-11 18:53 . 2009-12-13 19:26 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-05 07:15 . 2010-02-05 07:15 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2010-02-05 07:15 . 2010-02-05 07:15 -------- d-----w- c:\program files\Application Updater
2010-02-03 07:49 . 2010-02-01 16:34 4506256 ----a-w- c:\documents and settings\seppi\Application Data\FrostWire\.NetworkShare\LimeWireWin4.16.6.exe
2010-02-03 07:34 . 2009-12-13 19:25 -------- d-----w- c:\program files\Alwil Software
2010-02-03 07:32 . 2010-02-03 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-01 16:16 . 2010-02-01 16:13 -------- d-----w- c:\program files\FrostWire
2010-01-21 07:29 . 2010-01-21 07:29 3481968 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2010-01-21 07:29 . 2010-01-21 07:29 -------- d-----w- c:\program files\FLV Player
2010-01-20 16:19 . 2010-01-20 16:19 -------- d-----w- c:\documents and settings\seppi\Application Data\Apple Computer
2010-01-20 16:17 . 2009-12-15 08:12 127600 ----a-w- c:\documents and settings\seppi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-20 15:11 . 2010-01-20 15:09 -------- d-----w- c:\program files\QuickTime
2010-01-20 15:09 . 2010-01-20 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-20 15:08 . 2010-01-20 15:08 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-01-20 15:07 . 2010-01-20 15:07 -------- d-----w- c:\program files\Apple Software Update
2010-01-20 15:07 . 2010-01-20 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-20 14:17 . 2010-01-20 14:13 -------- d-----w- c:\documents and settings\seppi\Application Data\Python-Eggs
2010-01-19 14:37 . 2010-01-19 10:55 -------- d-----w- c:\program files\Amazon
2010-01-19 08:02 . 2010-01-19 08:02 -------- d-----w- c:\program files\Ares
2010-01-15 16:49 . 2010-01-15 08:07 -------- d-----w- c:\program files\VirtualDubMOD
2010-01-15 15:43 . 2010-01-15 15:43 -------- d-----w- c:\program files\AviSynth 2.5
2010-01-15 13:39 . 2009-12-14 14:50 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-01-15 09:24 . 2010-01-15 09:24 -------- d-----w- c:\program files\ESET
2010-01-15 08:07 . 2010-01-15 08:07 -------- d-----w- c:\program files\eRightSoft
2010-01-14 16:53 . 2010-01-14 16:53 -------- d-----w- c:\documents and settings\seppi\Application Data\Canneverbe_Limited
2010-01-14 10:11 . 2010-01-14 10:11 -------- d-----w- c:\program files\CDBurnerXP
2010-01-14 10:11 . 2010-01-14 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-01-14 10:11 . 2010-01-14 10:10 6479872 ----a-w- c:\program files\cdbxp_setup_4.2.7.1849.msi
2010-01-13 17:10 . 2009-12-16 11:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 17:10 . 2010-01-07 10:15 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 15:07 . 2009-12-16 11:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-12-16 11:40 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 15:31 . 2008-04-14 12:00 544876 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-04 15:31 . 2008-04-14 12:00 100734 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 14:01 . 2009-12-30 14:01 128 ----a-w- c:\documents and settings\seppi\Local Settings\Application Data\fusioncache.dat
2009-12-21 19:07 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 20:03 . 2010-01-08 10:53 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2009-12-17 19:56 . 2010-01-08 10:53 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-17 07:41 . 2009-12-12 16:48 347648 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 09:07 . 2009-12-16 09:07 177024 ----a-w- c:\documents and settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\FlashGot.exe
2009-12-15 16:45 . 2009-12-15 16:45 152576 ----a-w- c:\documents and settings\seppi\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-15 16:45 . 2009-12-15 16:45 79488 ----a-w- c:\documents and settings\seppi\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-15 12:12 . 2009-12-15 12:12 10686001 ----a-w- c:\documents and settings\seppi\Application Data\Azureus\plugins\azump\mplayer.exe
2009-12-14 07:09 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-13 19:19 . 2009-12-13 19:19 0 ----a-w- c:\windows\nsreg.dat
2009-12-13 17:01 . 2009-12-12 16:52 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-12 16:49 . 2009-12-12 16:49 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-10 18:00 . 2009-12-14 14:04 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2006-05-03 10:06 . 2010-01-15 08:08 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-01-15 08:08 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-01-15 08:08 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2010-01-09 955392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Event Reminder.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pense-bête.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Pense-bête.lnk
backup=c:\windows\pss\Pense-bête.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2010-01-09 21:01 955392 ----a-w- c:\program files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-07-04 13:01 148776 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
2007-09-25 08:10 2007088 ----a-w- c:\program files\FlashGet\flashget.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 11:49 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-07-04 13:20 161064 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2002-10-16 10:24 47104 ----a-r- c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [21/02/2010 09:04 15172]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13/12/2009 20:26 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/12/2009 20:26 19024]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17/12/2009 21:00 1044808]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064]
S2 quszqgmn;VIA Rhine Family Fast Ethernet Adapter Monitor;c:\windows\System32\svchost.exe -k netsvcs [14/04/2008 13:00 14336]
S3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [26/12/2009 10:07 9856]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [16/12/2009 17:38 375296]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
quszqgmn
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
2010-03-10 c:\windows\Tasks\Recherche de problèmes automatique.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-17 20:07]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
FF - ProfilePath - c:\documents and settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\
FF - component: c:\documents and settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - plugin: c:\documents and settings\seppi\Local Settings\Application Data\Yahoo!\BrowserPlus\2.5.1\Plugins\npybrowserplus_2.5.1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
Notify-kcmrfkxo - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-10 09:24
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2010-03-10 09:27:30
ComboFix-quarantined-files.txt 2010-03-10 08:27
Avant-CF: 40 455 516 160 octets libres
Après-CF: 40 745 615 360 octets libres
Current=1 Default=1 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 00D1144BB087EF42860EF739DD64A901
- calimero67
- Apprenti(e)
- Messages: 35
- Inscription: 02 Jan 2010 17:57
Re: Win 32 alureon le retour
le 10 Mar 2010 12:52
Ouvre le Menu Démarrer > Exécuter (Touche Windows+ R : en raccourci)
Dans la boîte de dialogue, copie/colle tout ce qui est en citation ci-dessous :
Puis valide
2/ Ouvre CFScript.txt (sur ton Bureau) . > copie dedans cette nouvelle citation :
Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture:
Une fenêtre bleue va apparaître et ComboFix vas de nouveau faire une analyse.
Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Ensuite fait analyser ce fichier. c:\windows\system32\drivers\atapi.svs
Ici: http://www.virustotal.com/fr/
Clique sur Parcourir et choisi ce dossier :
Ensuite ceci.
Installe Malewarebytes' Antimalware,
Téléchargement et tuto
*** Met-le à jour puis choisi, Exécuter un examen complet
*** Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection
Poste le rapport final.
*** il est conseillé de désactivé Tea-Timer si tu as Spybot-S&D juste le temps du scan.
Dans la boîte de dialogue, copie/colle tout ce qui est en citation ci-dessous :
fsutil file createnew "%userprofile%\bureau\CFScript.txt" 0
Puis valide
2/ Ouvre CFScript.txt (sur ton Bureau) . > copie dedans cette nouvelle citation :
File::
c:\windows\DCEBoot.exe
Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture:
Une fenêtre bleue va apparaître et ComboFix vas de nouveau faire une analyse.
Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Ensuite fait analyser ce fichier. c:\windows\system32\drivers\atapi.svs
Ici: http://www.virustotal.com/fr/
Clique sur Parcourir et choisi ce dossier :
Ensuite ceci.
Installe Malewarebytes' Antimalware,
Téléchargement et tuto
*** Met-le à jour puis choisi, Exécuter un examen complet
*** Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection
Poste le rapport final.
*** il est conseillé de désactivé Tea-Timer si tu as Spybot-S&D juste le temps du scan.
Voici comment faire: Lancez Spybot-S&D, passez en Mode avancé via le Menu Mode (en haut) → cliquez sur Oui--> choisissez Outils dans la barre de navigation sur la gauche -->Résident et là vous pouvez décocher les cases situées devant les deux outils.
-
bernard53 - PC-Infopraticien
- Messages: 12778
- Inscription: 08 Déc 2009 19:51
Re: Win 32 alureon le retour
le 10 Mar 2010 18:36
Voici mon rapport combofix de ce soir
ComboFix 10-03-09.08 - seppi 10/03/2010 17:37:37.3.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.627 [GMT 1:00]
Lancé depuis: c:\documents and settings\seppi\Bureau\Calimero.exe
Commutateurs utilisés :: c:\documents and settings\seppi\Bureau\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\DCEBoot.exe"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\DCEBoot.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-10 au 2010-03-10 ))))))))))))))))))))))))))))))))))))
.
2010-03-06 16:20 . 2010-03-06 16:24 -------- d-----w- c:\documents and settings\seppi\Application Data\FreeFLVConverter
2010-03-05 14:43 . 2010-03-05 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-03-05 06:49 . 2010-03-05 06:49 -------- d-----w- c:\documents and settings\seppi\GLUCOFACTS Express
2010-03-05 06:49 . 2010-03-05 06:49 -------- d-----w- c:\documents and settings\seppi\Dancer
2010-03-04 10:15 . 2010-03-07 10:18 -------- d-----w- c:\documents and settings\seppi\Local Settings\Application Data\WMTools Downloaded Files
2010-03-01 21:50 . 2010-03-01 22:07 -------- d-----w- C:\ToolBar SD
2010-03-01 21:22 . 2010-03-01 21:25 -------- d-----w- C:\rsit
2010-02-28 08:24 . 2010-02-28 08:24 -------- d-----w- c:\program files\Trend Micro
2010-02-27 18:14 . 2010-02-27 18:14 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2010-02-27 13:29 . 2010-02-27 13:29 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-27 07:31 . 2010-02-27 07:45 -------- d-----w- c:\program files\réparation fichier rar
2010-02-21 08:04 . 2006-11-29 03:11 667648 ----a-w- c:\windows\InZU31.exe
2010-02-21 08:04 . 2005-06-29 00:38 15172 ----a-w- c:\windows\system32\drivers\PzWDM.sys
2010-02-21 08:04 . 2010-02-21 08:04 -------- d-----w- c:\program files\ONES Trial (F)
2010-02-21 08:04 . 2010-02-21 08:04 -------- d-----w- c:\program files\ones
2010-02-17 16:34 . 2010-02-17 16:34 -------- d-----w- c:\documents and settings\seppi\Saved Games
2010-02-17 16:32 . 2010-02-17 16:32 -------- d-----w- c:\documents and settings\seppi\Local Settings\Application Data\Oberon Games
2010-02-17 16:28 . 2010-02-17 16:28 -------- d-----w- c:\documents and settings\seppi\Application Data\Big Fish Games
2010-02-17 16:27 . 2010-02-17 16:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-17 16:26 . 2010-02-17 16:26 -------- d-----w- c:\program files\Fichiers communs\Oberon Media
2010-02-17 16:26 . 2010-02-17 16:26 -------- d-----w- c:\program files\orange
2010-02-17 16:22 . 2010-02-17 16:26 -------- d-----w- c:\program files\jeux
2010-02-09 07:36 . 2010-02-27 12:10 -------- d-----w- c:\program files\FamilySearch
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-10 15:09 . 2009-12-14 14:01 -------- d-----w- c:\program files\FlashGet
2010-03-09 11:24 . 2009-12-13 19:25 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2009-12-13 19:26 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2009-12-13 19:26 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2009-12-13 19:26 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2009-12-13 19:26 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2009-12-13 19:26 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2009-12-13 19:26 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2009-12-13 19:26 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-08 18:49 . 2010-01-02 17:22 96512 ----a-w- c:\windows\system32\drivers\atapi.svs
2010-03-08 18:49 . 2010-01-02 17:22 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-03-08 16:46 . 2009-12-31 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-08 16:43 . 2010-02-01 16:14 -------- d-----w- c:\documents and settings\seppi\Application Data\FrostWire
2010-03-08 16:37 . 2009-12-26 12:41 -------- d-----w- c:\program files\eMule
2010-03-08 15:52 . 2010-01-20 14:38 -------- d-----w- c:\documents and settings\seppi\Application Data\vlc
2010-03-08 15:18 . 2009-12-15 12:36 1 ----a-w- c:\documents and settings\seppi\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-08 09:17 . 2009-12-15 08:12 -------- d-----w- c:\documents and settings\seppi\Application Data\Azureus
2010-03-07 08:09 . 2009-12-29 10:11 -------- d-----w- c:\documents and settings\seppi\Application Data\gtk-2.0
2010-03-06 16:20 . 2010-02-05 07:14 -------- d-----w- c:\program files\Free FLV Converter
2010-03-05 06:47 . 2010-01-12 16:05 -------- d-----w- c:\program files\Bayer® HealthCare
2010-03-04 08:10 . 2009-12-20 16:02 -------- d-----w- c:\documents and settings\seppi\Application Data\dvdcss
2010-02-27 12:10 . 2009-12-21 08:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-26 17:02 . 2009-12-14 14:05 -------- d-----w- c:\program files\CCleaner
2010-02-25 20:50 . 2010-02-05 07:15 315392 ----a-w- c:\windows\system32\TubeFinder.exe
2010-02-20 15:19 . 2009-12-26 10:45 -------- d-----w- c:\program files\Easy CD-DA Extractor 8
2010-02-17 16:26 . 2009-12-15 12:33 -------- d-----w- c:\program files\JRE
2010-02-11 18:53 . 2009-12-13 19:26 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-05 07:15 . 2010-02-05 07:15 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2010-02-05 07:15 . 2010-02-05 07:15 -------- d-----w- c:\program files\Application Updater
2010-02-03 07:49 . 2010-02-01 16:34 4506256 ----a-w- c:\documents and settings\seppi\Application Data\FrostWire\.NetworkShare\LimeWireWin4.16.6.exe
2010-02-03 07:34 . 2009-12-13 19:25 -------- d-----w- c:\program files\Alwil Software
2010-02-03 07:32 . 2010-02-03 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-01 16:16 . 2010-02-01 16:13 -------- d-----w- c:\program files\FrostWire
2010-01-21 07:29 . 2010-01-21 07:29 3481968 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2010-01-21 07:29 . 2010-01-21 07:29 -------- d-----w- c:\program files\FLV Player
2010-01-20 16:19 . 2010-01-20 16:19 -------- d-----w- c:\documents and settings\seppi\Application Data\Apple Computer
2010-01-20 16:17 . 2009-12-15 08:12 127600 ----a-w- c:\documents and settings\seppi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-20 15:11 . 2010-01-20 15:09 -------- d-----w- c:\program files\QuickTime
2010-01-20 15:09 . 2010-01-20 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-20 15:08 . 2010-01-20 15:08 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-01-20 15:07 . 2010-01-20 15:07 -------- d-----w- c:\program files\Apple Software Update
2010-01-20 15:07 . 2010-01-20 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-20 14:17 . 2010-01-20 14:13 -------- d-----w- c:\documents and settings\seppi\Application Data\Python-Eggs
2010-01-19 14:37 . 2010-01-19 10:55 -------- d-----w- c:\program files\Amazon
2010-01-19 08:02 . 2010-01-19 08:02 -------- d-----w- c:\program files\Ares
2010-01-15 16:49 . 2010-01-15 08:07 -------- d-----w- c:\program files\VirtualDubMOD
2010-01-15 15:43 . 2010-01-15 15:43 -------- d-----w- c:\program files\AviSynth 2.5
2010-01-15 13:39 . 2009-12-14 14:50 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-01-15 09:24 . 2010-01-15 09:24 -------- d-----w- c:\program files\ESET
2010-01-15 08:07 . 2010-01-15 08:07 -------- d-----w- c:\program files\eRightSoft
2010-01-14 16:53 . 2010-01-14 16:53 -------- d-----w- c:\documents and settings\seppi\Application Data\Canneverbe_Limited
2010-01-14 10:11 . 2010-01-14 10:11 -------- d-----w- c:\program files\CDBurnerXP
2010-01-14 10:11 . 2010-01-14 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-01-14 10:11 . 2010-01-14 10:10 6479872 ----a-w- c:\program files\cdbxp_setup_4.2.7.1849.msi
2010-01-13 17:10 . 2009-12-16 11:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 17:10 . 2010-01-07 10:15 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 15:07 . 2009-12-16 11:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-12-16 11:40 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 15:31 . 2008-04-14 12:00 544876 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-04 15:31 . 2008-04-14 12:00 100734 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 14:01 . 2009-12-30 14:01 128 ----a-w- c:\documents and settings\seppi\Local Settings\Application Data\fusioncache.dat
2009-12-21 19:07 . 2008-04-14 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 20:03 . 2010-01-08 10:53 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2009-12-17 19:56 . 2010-01-08 10:53 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-17 07:41 . 2009-12-12 16:48 347648 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 09:07 . 2009-12-16 09:07 177024 ----a-w- c:\documents and settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\FlashGot.exe
2009-12-15 16:45 . 2009-12-15 16:45 152576 ----a-w- c:\documents and settings\seppi\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-15 16:45 . 2009-12-15 16:45 79488 ----a-w- c:\documents and settings\seppi\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-15 12:12 . 2009-12-15 12:12 10686001 ----a-w- c:\documents and settings\seppi\Application Data\Azureus\plugins\azump\mplayer.exe
2009-12-14 07:09 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-13 19:19 . 2009-12-13 19:19 0 ----a-w- c:\windows\nsreg.dat
2009-12-13 17:01 . 2009-12-12 16:52 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-12 16:49 . 2009-12-12 16:49 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-10 18:00 . 2009-12-14 14:04 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2006-05-03 10:06 . 2010-01-15 08:08 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-01-15 08:08 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-01-15 08:08 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2010-01-09 955392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-09-25 2007088]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Event Reminder.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pense-bête.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Pense-bête.lnk
backup=c:\windows\pss\Pense-bête.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2010-01-09 21:01 955392 ----a-w- c:\program files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-07-04 13:01 148776 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
2007-09-25 08:10 2007088 ----a-w- c:\program files\FlashGet\flashget.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 11:49 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-07-04 13:20 161064 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2002-10-16 10:24 47104 ----a-r- c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [21/02/2010 09:04 15172]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13/12/2009 20:26 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/12/2009 20:26 19024]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17/12/2009 21:00 1044808]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064]
S2 quszqgmn;VIA Rhine Family Fast Ethernet Adapter Monitor;c:\windows\System32\svchost.exe -k netsvcs [14/04/2008 13:00 14336]
S3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [26/12/2009 10:07 9856]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [16/12/2009 17:38 375296]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
quszqgmn
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
2010-03-10 c:\windows\Tasks\Recherche de problèmes automatique.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-17 20:07]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
FF - ProfilePath - c:\documents and settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\
FF - component: c:\documents and settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - plugin: c:\documents and settings\seppi\Local Settings\Application Data\Yahoo!\BrowserPlus\2.5.1\Plugins\npybrowserplus_2.5.1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-10 17:43
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2010-03-10 17:45:57
ComboFix-quarantined-files.txt 2010-03-10 16:45
ComboFix2.txt 2010-03-10 08:27
Avant-CF: 36 133 728 256 octets libres
Après-CF: 36 161 589 248 octets libres
Current=1 Default=1 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - DED5E870013B35FF27E3EF17EAF93C55
Malwarebyte n'a rien trouvé par contre pendant le scan de Malwarebyte le programme avast a trouvé un fichier c:\qoobox\quarantinec:\windows\systeme32\drivers\atapi W32ALUREON FR ?? Ce fichier qoobox existe depuis aujourdhui.
Virus total a répondu : e safe: w32 Rootkit.
Je viens aussi de voir que j'ai deux fichiers ...système\drivers\atapi ???
Est ce que je vide tout ce qui est dans la quarantaine de AVAST ?
Je m'absente en début de soirée pour les urgences mais vous pouvez me répondre
A+
ComboFix 10-03-09.08 - seppi 10/03/2010 17:37:37.3.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.627 [GMT 1:00]
Lancé depuis: c:\documents and settings\seppi\Bureau\Calimero.exe
Commutateurs utilisés :: c:\documents and settings\seppi\Bureau\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\DCEBoot.exe"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\DCEBoot.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-10 au 2010-03-10 ))))))))))))))))))))))))))))))))))))
.
2010-03-06 16:20 . 2010-03-06 16:24 -------- d-----w- c:\documents and settings\seppi\Application Data\FreeFLVConverter
2010-03-05 14:43 . 2010-03-05 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-03-05 06:49 . 2010-03-05 06:49 -------- d-----w- c:\documents and settings\seppi\GLUCOFACTS Express
2010-03-05 06:49 . 2010-03-05 06:49 -------- d-----w- c:\documents and settings\seppi\Dancer
2010-03-04 10:15 . 2010-03-07 10:18 -------- d-----w- c:\documents and settings\seppi\Local Settings\Application Data\WMTools Downloaded Files
2010-03-01 21:50 . 2010-03-01 22:07 -------- d-----w- C:\ToolBar SD
2010-03-01 21:22 . 2010-03-01 21:25 -------- d-----w- C:\rsit
2010-02-28 08:24 . 2010-02-28 08:24 -------- d-----w- c:\program files\Trend Micro
2010-02-27 18:14 . 2010-02-27 18:14 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2010-02-27 13:29 . 2010-02-27 13:29 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-27 07:31 . 2010-02-27 07:45 -------- d-----w- c:\program files\réparation fichier rar
2010-02-21 08:04 . 2006-11-29 03:11 667648 ----a-w- c:\windows\InZU31.exe
2010-02-21 08:04 . 2005-06-29 00:38 15172 ----a-w- c:\windows\system32\drivers\PzWDM.sys
2010-02-21 08:04 . 2010-02-21 08:04 -------- d-----w- c:\program files\ONES Trial (F)
2010-02-21 08:04 . 2010-02-21 08:04 -------- d-----w- c:\program files\ones
2010-02-17 16:34 . 2010-02-17 16:34 -------- d-----w- c:\documents and settings\seppi\Saved Games
2010-02-17 16:32 . 2010-02-17 16:32 -------- d-----w- c:\documents and settings\seppi\Local Settings\Application Data\Oberon Games
2010-02-17 16:28 . 2010-02-17 16:28 -------- d-----w- c:\documents and settings\seppi\Application Data\Big Fish Games
2010-02-17 16:27 . 2010-02-17 16:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-17 16:26 . 2010-02-17 16:26 -------- d-----w- c:\program files\Fichiers communs\Oberon Media
2010-02-17 16:26 . 2010-02-17 16:26 -------- d-----w- c:\program files\orange
2010-02-17 16:22 . 2010-02-17 16:26 -------- d-----w- c:\program files\jeux
2010-02-09 07:36 . 2010-02-27 12:10 -------- d-----w- c:\program files\FamilySearch
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-10 15:09 . 2009-12-14 14:01 -------- d-----w- c:\program files\FlashGet
2010-03-09 11:24 . 2009-12-13 19:25 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2009-12-13 19:26 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2009-12-13 19:26 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2009-12-13 19:26 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2009-12-13 19:26 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2009-12-13 19:26 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2009-12-13 19:26 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2009-12-13 19:26 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-08 18:49 . 2010-01-02 17:22 96512 ----a-w- c:\windows\system32\drivers\atapi.svs
2010-03-08 18:49 . 2010-01-02 17:22 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-03-08 16:46 . 2009-12-31 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-08 16:43 . 2010-02-01 16:14 -------- d-----w- c:\documents and settings\seppi\Application Data\FrostWire
2010-03-08 16:37 . 2009-12-26 12:41 -------- d-----w- c:\program files\eMule
2010-03-08 15:52 . 2010-01-20 14:38 -------- d-----w- c:\documents and settings\seppi\Application Data\vlc
2010-03-08 15:18 . 2009-12-15 12:36 1 ----a-w- c:\documents and settings\seppi\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-08 09:17 . 2009-12-15 08:12 -------- d-----w- c:\documents and settings\seppi\Application Data\Azureus
2010-03-07 08:09 . 2009-12-29 10:11 -------- d-----w- c:\documents and settings\seppi\Application Data\gtk-2.0
2010-03-06 16:20 . 2010-02-05 07:14 -------- d-----w- c:\program files\Free FLV Converter
2010-03-05 06:47 . 2010-01-12 16:05 -------- d-----w- c:\program files\Bayer® HealthCare
2010-03-04 08:10 . 2009-12-20 16:02 -------- d-----w- c:\documents and settings\seppi\Application Data\dvdcss
2010-02-27 12:10 . 2009-12-21 08:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-26 17:02 . 2009-12-14 14:05 -------- d-----w- c:\program files\CCleaner
2010-02-25 20:50 . 2010-02-05 07:15 315392 ----a-w- c:\windows\system32\TubeFinder.exe
2010-02-20 15:19 . 2009-12-26 10:45 -------- d-----w- c:\program files\Easy CD-DA Extractor 8
2010-02-17 16:26 . 2009-12-15 12:33 -------- d-----w- c:\program files\JRE
2010-02-11 18:53 . 2009-12-13 19:26 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-05 07:15 . 2010-02-05 07:15 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2010-02-05 07:15 . 2010-02-05 07:15 -------- d-----w- c:\program files\Application Updater
2010-02-03 07:49 . 2010-02-01 16:34 4506256 ----a-w- c:\documents and settings\seppi\Application Data\FrostWire\.NetworkShare\LimeWireWin4.16.6.exe
2010-02-03 07:34 . 2009-12-13 19:25 -------- d-----w- c:\program files\Alwil Software
2010-02-03 07:32 . 2010-02-03 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-01 16:16 . 2010-02-01 16:13 -------- d-----w- c:\program files\FrostWire
2010-01-21 07:29 . 2010-01-21 07:29 3481968 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2010-01-21 07:29 . 2010-01-21 07:29 -------- d-----w- c:\program files\FLV Player
2010-01-20 16:19 . 2010-01-20 16:19 -------- d-----w- c:\documents and settings\seppi\Application Data\Apple Computer
2010-01-20 16:17 . 2009-12-15 08:12 127600 ----a-w- c:\documents and settings\seppi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-20 15:11 . 2010-01-20 15:09 -------- d-----w- c:\program files\QuickTime
2010-01-20 15:09 . 2010-01-20 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-20 15:08 . 2010-01-20 15:08 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-01-20 15:07 . 2010-01-20 15:07 -------- d-----w- c:\program files\Apple Software Update
2010-01-20 15:07 . 2010-01-20 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-20 14:17 . 2010-01-20 14:13 -------- d-----w- c:\documents and settings\seppi\Application Data\Python-Eggs
2010-01-19 14:37 . 2010-01-19 10:55 -------- d-----w- c:\program files\Amazon
2010-01-19 08:02 . 2010-01-19 08:02 -------- d-----w- c:\program files\Ares
2010-01-15 16:49 . 2010-01-15 08:07 -------- d-----w- c:\program files\VirtualDubMOD
2010-01-15 15:43 . 2010-01-15 15:43 -------- d-----w- c:\program files\AviSynth 2.5
2010-01-15 13:39 . 2009-12-14 14:50 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-01-15 09:24 . 2010-01-15 09:24 -------- d-----w- c:\program files\ESET
2010-01-15 08:07 . 2010-01-15 08:07 -------- d-----w- c:\program files\eRightSoft
2010-01-14 16:53 . 2010-01-14 16:53 -------- d-----w- c:\documents and settings\seppi\Application Data\Canneverbe_Limited
2010-01-14 10:11 . 2010-01-14 10:11 -------- d-----w- c:\program files\CDBurnerXP
2010-01-14 10:11 . 2010-01-14 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-01-14 10:11 . 2010-01-14 10:10 6479872 ----a-w- c:\program files\cdbxp_setup_4.2.7.1849.msi
2010-01-13 17:10 . 2009-12-16 11:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 17:10 . 2010-01-07 10:15 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 15:07 . 2009-12-16 11:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-12-16 11:40 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 15:31 . 2008-04-14 12:00 544876 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-04 15:31 . 2008-04-14 12:00 100734 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 14:01 . 2009-12-30 14:01 128 ----a-w- c:\documents and settings\seppi\Local Settings\Application Data\fusioncache.dat
2009-12-21 19:07 . 2008-04-14 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 20:03 . 2010-01-08 10:53 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2009-12-17 19:56 . 2010-01-08 10:53 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-17 07:41 . 2009-12-12 16:48 347648 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 09:07 . 2009-12-16 09:07 177024 ----a-w- c:\documents and settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\FlashGot.exe
2009-12-15 16:45 . 2009-12-15 16:45 152576 ----a-w- c:\documents and settings\seppi\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-15 16:45 . 2009-12-15 16:45 79488 ----a-w- c:\documents and settings\seppi\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-15 12:12 . 2009-12-15 12:12 10686001 ----a-w- c:\documents and settings\seppi\Application Data\Azureus\plugins\azump\mplayer.exe
2009-12-14 07:09 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-13 19:19 . 2009-12-13 19:19 0 ----a-w- c:\windows\nsreg.dat
2009-12-13 17:01 . 2009-12-12 16:52 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-12 16:49 . 2009-12-12 16:49 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-10 18:00 . 2009-12-14 14:04 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2006-05-03 10:06 . 2010-01-15 08:08 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-01-15 08:08 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-01-15 08:08 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2010-01-09 955392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-09-25 2007088]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Event Reminder.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pense-bête.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Pense-bête.lnk
backup=c:\windows\pss\Pense-bête.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2010-01-09 21:01 955392 ----a-w- c:\program files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-07-04 13:01 148776 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
2007-09-25 08:10 2007088 ----a-w- c:\program files\FlashGet\flashget.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 11:49 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-07-04 13:20 161064 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2002-10-16 10:24 47104 ----a-r- c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [21/02/2010 09:04 15172]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13/12/2009 20:26 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/12/2009 20:26 19024]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17/12/2009 21:00 1044808]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064]
S2 quszqgmn;VIA Rhine Family Fast Ethernet Adapter Monitor;c:\windows\System32\svchost.exe -k netsvcs [14/04/2008 13:00 14336]
S3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [26/12/2009 10:07 9856]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [16/12/2009 17:38 375296]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
quszqgmn
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
2010-03-10 c:\windows\Tasks\Recherche de problèmes automatique.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-17 20:07]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
FF - ProfilePath - c:\documents and settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\
FF - component: c:\documents and settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - plugin: c:\documents and settings\seppi\Local Settings\Application Data\Yahoo!\BrowserPlus\2.5.1\Plugins\npybrowserplus_2.5.1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-10 17:43
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2010-03-10 17:45:57
ComboFix-quarantined-files.txt 2010-03-10 16:45
ComboFix2.txt 2010-03-10 08:27
Avant-CF: 36 133 728 256 octets libres
Après-CF: 36 161 589 248 octets libres
Current=1 Default=1 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - DED5E870013B35FF27E3EF17EAF93C55
Malwarebyte n'a rien trouvé par contre pendant le scan de Malwarebyte le programme avast a trouvé un fichier c:\qoobox\quarantinec:\windows\systeme32\drivers\atapi W32ALUREON FR ?? Ce fichier qoobox existe depuis aujourdhui.
Virus total a répondu : e safe: w32 Rootkit.
Je viens aussi de voir que j'ai deux fichiers ...système\drivers\atapi ???
Est ce que je vide tout ce qui est dans la quarantaine de AVAST ?
Je m'absente en début de soirée pour les urgences mais vous pouvez me répondre
A+
- calimero67
- Apprenti(e)
- Messages: 35
- Inscription: 02 Jan 2010 17:57
Re: Win 32 alureon le retour
le 10 Mar 2010 19:51
Supprimes ce dossier c:\qoobox
Ensuite tu vois deux fichier "atapi " mais il n'ont pas la même extension.
Fait ceci pour faire apparaitre les extensions qui vont te permettre de choisir le bon fichier à analyser.
Tu fait ceci en plus s.t.p
* Télécharge >> OTL <<sur ton bureau.
* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"
* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.
* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Output" (en haut à droite) la case "minimal Output" soit cochée.
* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Custom scan/fixes"
* Cliques sur l'icône "Run Scan" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Ensuite tu vois deux fichier "atapi " mais il n'ont pas la même extension.
Fait ceci pour faire apparaitre les extensions qui vont te permettre de choisir le bon fichier à analyser.
Ouvrir un dossier, n'importe lequel. Aller dans :
Outils/Options des dossiers/Affichage et
- décocher "masquer les extensions des fichiers dont le type est connu".
- décocher masquer les fichiers protégés du système d'exploitation (recommandé)"
"appliquer" et "ok"
Tu fait ceci en plus s.t.p
* Télécharge >> OTL <<sur ton bureau.
* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"
* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.
* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Output" (en haut à droite) la case "minimal Output" soit cochée.
* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Custom scan/fixes"
%SYSTEMDRIVE%\cdrom.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\ACPI.sys /s /md5
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
* Cliques sur l'icône "Run Scan" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
-
bernard53 - PC-Infopraticien
- Messages: 12778
- Inscription: 08 Déc 2009 19:51
Re: Win 32 alureon le retour
le 11 Mar 2010 16:00
Salut,
Alors j'ai supprimé ce c\qoobox
J'ai repéré les 2 fichiers atapi ils ont la même taille, sont du 8.3.2010 le premier est un atapi.svs le second un atapi.sys
qu'est ce que j'en fait ?
Voici le rapport OTL
OTL logfile created on: 11/03/2010 15:46:31 - Run 2
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\seppi\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
1 023,00 Mb Total Physical Memory | 658,00 Mb Available Physical Memory | 64,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60,00 Gb Total Space | 33,62 Gb Free Space | 56,02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 89,04 Gb Total Space | 15,19 Gb Free Space | 17,06% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AS-SEPPI
Current User Name: seppi
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Documents and Settings\seppi\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\seppi\Bureau\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (NMIndexingService) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (LightScribeService) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
========== Driver Services (SafeList) ==========
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (StarOpen) -- C:\WINDOWS\system32\StarOpen.sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (PzWDM) -- C:\WINDOWS\system32\Drivers\PzWDM.sys (Prassi Technology)
DRV - (Amusbprt) -- C:\WINDOWS\system32\drivers\Amusbprt.sys ((Standard Mouse Types))
DRV - (Amps2prt) -- C:\WINDOWS\system32\drivers\Amps2prt.sys ((Standard Mouse Types))
DRV - (Amfilter) -- C:\WINDOWS\system32\drivers\Amfilter.sys ((Standard Mouse Types))
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.1
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:1.9.98
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/19 11:14:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/04 19:03:02 | 000,000,000 | ---D | M]
[2009/12/16 14:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\seppi\Application Data\Mozilla\Extensions
[2010/03/09 17:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions
[2010/01/12 08:50:26 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/03/03 14:47:08 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/01/01 11:51:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/07 12:46:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/03/03 08:51:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/05 08:49:45 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2010/03/02 13:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\artur.dubovoy@gmail.com
[2010/03/09 17:38:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/22 04:51:01 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2009/12/22 04:51:01 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/12/22 04:51:01 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/12/22 04:51:01 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2009/12/22 04:51:01 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2010/02/08 18:16:52 | 000,377,780 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13044 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://ushousecall02.trendmicro.com/hou ... hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan ... stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/12 17:53:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/03/11 15:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\Aacd v3
[2010/03/10 18:42:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/08 17:46:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\seppi\Recent
[2010/03/08 10:01:49 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\seppi\Bureau\WinsockxpFix.exe
[2010/03/08 00:12:09 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\seppi\Bureau\OTL.exe
[2010/03/06 17:20:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Application Data\FreeFLVConverter
[2010/03/05 15:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2010/03/05 07:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\GLUCOFACTS Express
[2010/03/05 07:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Dancer
[2010/03/04 20:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Bureau\7digital_Downloads_04-03-2010
[2010/03/04 19:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Mes documents\2010-03-04
[2010/03/04 14:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/03/04 11:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Local Settings\Application Data\WMTools Downloaded Files
[2010/03/04 11:08:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\seppi\Mes documents\Mes vidéos
[2010/03/03 13:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Mes documents\Téléchargements
[2010/03/02 19:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/03/02 18:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/03/01 22:50:12 | 000,000,000 | ---D | C] -- C:\ToolBar SD
[2010/03/01 22:22:25 | 000,000,000 | ---D | C] -- C:\rsit
[2010/03/01 14:37:16 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\seppi\Bureau\TFC.exe
[2010/03/01 12:35:01 | 001,840,232 | ---- | C] (Trend Micro) -- C:\Documents and Settings\seppi\Mes documents\HousecallLauncher.exe
[2010/02/28 18:38:15 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\seppi\Bureau\ATF-Cleaner.exe
[2010/02/28 15:34:12 | 001,415,173 | ---- | C] (Nicolas Coolman ) -- C:\Documents and Settings\seppi\Bureau\ZHPDiag_1.25.12.exe
[2010/02/28 09:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/27 22:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/27 18:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Mes documents\2010-02-27
[2010/02/27 14:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/27 14:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/02/27 08:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\réparation fichier rar
[2010/02/21 09:04:51 | 000,667,648 | ---- | C] (Prassi Software) -- C:\WINDOWS\InZU31.exe
[2010/02/21 09:04:49 | 000,015,172 | ---- | C] (Prassi Technology) -- C:\WINDOWS\System32\drivers\PzWDM.sys
[2010/02/21 09:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\ONES Trial (F)
[2010/02/21 09:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\ones
[2010/02/20 13:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Mes documents\Sauvegarde de la licence
[2010/02/17 17:34:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Saved Games
[2010/02/17 17:32:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Local Settings\Application Data\Oberon Games
[2010/02/17 17:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Application Data\Big Fish Games
[2010/02/17 17:27:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/17 17:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Oberon Media
[2010/02/17 17:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\orange
[2010/02/17 17:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\jeux
[2010/02/16 12:58:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Mes documents\NeroVision
[2009/12/12 17:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/12 17:52:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/12 17:52:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
========== Files - Modified Within 30 Days ==========
[2010/03/11 15:25:22 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\seppi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/11 15:22:38 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\seppi\NTUSER.DAT
[2010/03/11 14:11:54 | 000,000,516 | ---- | M] () -- C:\WINDOWS\tasks\Recherche de problèmes automatique.job
[2010/03/11 09:35:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/11 09:35:19 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/11 09:35:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/11 09:35:10 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/11 01:12:12 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\seppi\ntuser.ini
[2010/03/10 18:03:54 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/10 17:43:40 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/10 17:36:05 | 003,885,368 | R--- | M] () -- C:\Documents and Settings\seppi\Bureau\Calimero.exe
[2010/03/10 15:29:24 | 067,086,336 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Flippers_-_Alles_La_Paloma__2005_.AVI
[2010/03/10 15:28:25 | 044,301,824 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Flippers_-_Auf_deiner_Mailbox_sind_drei_Kuesse_von_mir__2005_.AVI
[2010/03/10 08:41:46 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/09 17:35:17 | 000,013,357 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\a5xv5c1om8hy9d1a30joe.jpg
[2010/03/09 12:24:05 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/03/09 12:12:54 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/03/09 12:12:33 | 000,162,640 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/03/09 12:09:08 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/03/09 12:08:41 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/03/09 12:08:38 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/03/09 12:08:30 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/03/09 12:08:15 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/03/08 19:49:28 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/03/08 19:49:28 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.svs
[2010/03/08 16:21:24 | 001,260,379 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\ebook.odt
[2010/03/08 16:20:59 | 000,000,127 | -H-- | M] () -- C:\Documents and Settings\seppi\Mes documents\.~lock.ebook.odt#
[2010/03/08 12:31:54 | 000,015,208 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\impots.odt
[2010/03/08 12:31:43 | 000,011,660 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\lettre impots residence second.odt
[2010/03/08 11:14:14 | 000,162,198 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\instruction_5f610_28012010_frais_reels_interets_emprunt_salarie_achat_titres_actions_entreprise.pdf
[2010/03/08 10:12:13 | 000,017,234 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\alureon2.odt
[2010/03/08 10:11:41 | 000,016,346 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\alureon.odt
[2010/03/08 10:08:08 | 001,376,066 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\findykill.exe
[2010/03/08 10:04:28 | 000,845,916 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\Load_tdsskiller.exe
[2010/03/08 10:01:49 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\seppi\Bureau\WinsockxpFix.exe
[2010/03/08 00:12:09 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\seppi\Bureau\OTL.exe
[2010/03/07 13:13:38 | 049,953,965 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\212.Belsy.zip
[2010/03/07 13:11:24 | 000,836,580 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\226.Die_Superoldies.zip
[2010/03/07 13:05:34 | 089,597,377 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\313.Die_Edlseer.zip
[2010/03/07 13:05:20 | 067,335,781 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\317.Die_Edlseer.zip
[2010/03/07 09:09:27 | 000,005,386 | ---- | M] () -- C:\Documents and Settings\seppi\.recently-used.xbel
[2010/03/06 16:03:54 | 000,068,112 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\cc_20100306_160348.reg
[2010/03/06 11:58:55 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\Raccourci vers My Shared Folder.lnk
[2010/03/05 07:51:58 | 000,062,745 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\glycemie fevrier 2010.pdf
[2010/03/05 07:49:00 | 000,001,798 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\GLUCOFACTS Express 1.10.00.lnk
[2010/03/04 15:23:59 | 004,607,668 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\bredelers - bombom stand.mp3
[2010/03/03 16:08:12 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\FlashGet.lnk
[2010/03/03 12:47:13 | 000,262,796 | -H-- | M] () -- C:\Documents and Settings\seppi\Local Settings\Application Data\IconCache.db
[2010/03/03 07:47:15 | 007,677,440 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Les_Bleus-Blancs-Rouges pa7.6 rené.pps
[2010/03/01 14:37:16 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\seppi\Bureau\TFC.exe
[2010/03/01 12:35:08 | 001,840,232 | ---- | M] (Trend Micro) -- C:\Documents and Settings\seppi\Mes documents\HousecallLauncher.exe
[2010/02/28 18:38:16 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\seppi\Bureau\ATF-Cleaner.exe
[2010/02/28 15:34:15 | 001,415,173 | ---- | M] (Nicolas Coolman ) -- C:\Documents and Settings\seppi\Bureau\ZHPDiag_1.25.12.exe
[2010/02/28 09:24:16 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\HijackThis.lnk
[2010/02/27 17:22:47 | 000,075,620 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Alerte Météo.odt
[2010/02/27 14:21:30 | 000,000,550 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/27 14:21:30 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/02/27 13:10:21 | 000,001,649 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\PAF 4 Deutsch.lnk
[2010/02/27 13:10:20 | 000,001,649 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\PAF 4 Français.lnk
[2010/02/27 13:07:39 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\spahn.paf
[2010/02/27 12:54:47 | 000,000,343 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Spahn.lst
[2010/02/27 12:50:34 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\spahn2.paf
[2010/02/26 18:02:25 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\CCleaner.lnk
[2010/02/26 16:31:07 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Lettre pour papi à l'assurance.doc
[2010/02/26 16:22:21 | 000,020,767 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Lettre pour papi à l'assurance.odt
[2010/02/26 13:40:02 | 001,303,552 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\classification_of_child_s_behaviour_in_dental_clinic__pedo_.ppt
[2010/02/26 09:02:32 | 001,109,504 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Wunder der Natur.pps
[2010/02/25 21:50:50 | 000,315,392 | ---- | M] (Koyote Soft - http://www.koyotesoft.com) -- C:\WINDOWS\System32\TubeFinder.exe
[2010/02/20 14:02:43 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\eMule.lnk
[2010/02/18 13:45:34 | 000,016,597 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\lettre REDOUTE.odt
[2010/02/17 17:34:37 | 000,001,111 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\Raccourci vers DreamDayFirstHome.lnk
[2010/02/17 17:26:47 | 000,001,693 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\Azada.lnk
[2010/02/17 17:26:47 | 000,001,256 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\Jeux sur Orange.fr.lnk
[2010/02/17 14:19:58 | 002,727,923 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\021419_072758edab925b4b931e8c35efdf045b_uaaqgl.png
[2010/02/17 09:27:55 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/02/16 19:48:17 | 000,016,698 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Menu anniversaire.odt
[2010/02/11 19:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/11 17:44:08 | 000,185,550 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Flippi.jpg
[2010/02/09 19:52:25 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
========== Files Created - No Company Name ==========
[2010/03/10 15:26:46 | 044,301,824 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Flippers_-_Auf_deiner_Mailbox_sind_drei_Kuesse_von_mir__2005_.AVI
[2010/03/10 15:26:06 | 067,086,336 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Flippers_-_Alles_La_Paloma__2005_.AVI
[2010/03/10 08:53:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/09 17:35:17 | 000,013,357 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\a5xv5c1om8hy9d1a30joe.jpg
[2010/03/08 16:21:24 | 001,260,379 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\ebook.odt
[2010/03/08 16:20:59 | 000,000,127 | -H-- | C] () -- C:\Documents and Settings\seppi\Mes documents\.~lock.ebook.odt#
[2010/03/08 12:31:53 | 000,015,208 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\impots.odt
[2010/03/08 12:31:43 | 000,011,660 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\lettre impots residence second.odt
[2010/03/08 11:14:14 | 000,162,198 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\instruction_5f610_28012010_frais_reels_interets_emprunt_salarie_achat_titres_actions_entreprise.pdf
[2010/03/08 10:12:11 | 000,017,234 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\alureon2.odt
[2010/03/08 10:11:38 | 000,016,346 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\alureon.odt
[2010/03/08 10:08:08 | 001,376,066 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\findykill.exe
[2010/03/08 10:04:28 | 000,845,916 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\Load_tdsskiller.exe
[2010/03/08 05:17:18 | 003,885,368 | R--- | C] () -- C:\Documents and Settings\seppi\Bureau\Calimero.exe
[2010/03/07 13:13:36 | 049,953,965 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\212.Belsy.zip
[2010/03/07 13:11:23 | 000,836,580 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\226.Die_Superoldies.zip
[2010/03/07 13:05:23 | 089,597,377 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\313.Die_Edlseer.zip
[2010/03/07 13:05:11 | 067,335,781 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\317.Die_Edlseer.zip
[2010/03/07 09:09:27 | 000,005,386 | ---- | C] () -- C:\Documents and Settings\seppi\.recently-used.xbel
[2010/03/06 16:03:51 | 000,068,112 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\cc_20100306_160348.reg
[2010/03/06 11:58:55 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\Raccourci vers My Shared Folder.lnk
[2010/03/05 07:51:56 | 000,062,745 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\glycemie fevrier 2010.pdf
[2010/03/04 15:19:50 | 004,607,668 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\bredelers - bombom stand.mp3
[2010/03/03 16:08:11 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\FlashGet.lnk
[2010/03/03 07:47:02 | 007,677,440 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Les_Bleus-Blancs-Rouges pa7.6 rené.pps
[2010/03/01 12:50:11 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/28 09:24:16 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\HijackThis.lnk
[2010/02/27 17:22:42 | 000,075,620 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Alerte Météo.odt
[2010/02/27 16:58:43 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\devill.doc
[2010/02/27 16:58:38 | 000,155,648 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\123456.doc
[2010/02/27 16:58:28 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\INDEX MP3 1er aout 2009.xls
[2010/02/27 13:10:21 | 000,001,649 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\PAF 4 Deutsch.lnk
[2010/02/27 13:10:20 | 000,001,649 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\PAF 4 Français.lnk
[2010/02/26 16:30:57 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Lettre pour papi à l'assurance.doc
[2010/02/26 16:17:35 | 000,020,767 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Lettre pour papi à l'assurance.odt
[2010/02/26 13:40:01 | 001,303,552 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\classification_of_child_s_behaviour_in_dental_clinic__pedo_.ppt
[2010/02/26 09:02:27 | 001,109,504 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Wunder der Natur.pps
[2010/02/20 14:02:43 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\eMule.lnk
[2010/02/18 13:39:07 | 000,016,597 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\lettre REDOUTE.odt
[2010/02/17 17:34:37 | 000,001,111 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\Raccourci vers DreamDayFirstHome.lnk
[2010/02/17 17:26:47 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\Azada.lnk
[2010/02/17 17:26:47 | 000,001,256 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\Jeux sur Orange.fr.lnk
[2010/02/17 14:20:09 | 002,727,923 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\021419_072758edab925b4b931e8c35efdf045b_uaaqgl.png
[2010/02/16 13:58:07 | 000,016,698 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Menu anniversaire.odt
[2010/02/11 17:44:04 | 000,185,550 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Flippi.jpg
[2010/02/09 19:52:07 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/01/21 08:29:48 | 003,481,968 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2010/01/15 16:43:32 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/01/14 16:41:16 | 000,000,087 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/01/14 11:10:58 | 006,479,872 | ---- | C] () -- C:\Program Files\cdbxp_setup_4.2.7.1849.msi
[2010/01/13 08:47:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/01/01 06:49:17 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\seppi\Local Settings\Application Data\housecall.guid.cache
[2009/12/30 15:01:46 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\seppi\Local Settings\Application Data\fusioncache.dat
[2009/12/29 09:51:04 | 000,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2009/12/26 11:48:17 | 000,000,083 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2009/12/26 10:07:37 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\Amsample.dll
[2009/12/26 10:07:36 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\Amoucplx.dll
[2009/12/26 10:07:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Amoures.dll
[2009/12/26 10:07:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Amhooker.dll
[2009/12/21 15:00:46 | 000,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2009/12/21 09:08:34 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2009/12/16 14:40:40 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/15 13:12:50 | 000,117,760 | ---- | C] () -- C:\Documents and Settings\seppi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/15 10:03:36 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3w.DLL
[2009/12/14 15:18:41 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2009/12/14 15:04:12 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/14 15:04:12 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/12/14 15:04:09 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/14 15:04:09 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/14 15:04:08 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/12/14 15:04:05 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/12/14 15:04:04 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/12 13:48:58 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\StarOpen.sys
[2006/05/13 12:35:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\iAACDPlugin.dll
[2005/10/05 10:06:40 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\jlvtool.dll
[2005/03/14 14:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/11/07 01:50:00 | 000,076,288 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2003/11/18 02:37:20 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
========== Custom Scans ==========
< %SYSTEMDRIVE%\cdrom.sys /s /md5 >
[2008/04/14 13:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2010/03/08 19:49:28 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2010/03/08 19:49:28 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2010/03/08 19:49:28 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< %SYSTEMDRIVE%\ACPI.sys /s /md5 >
[2008/04/14 13:00:00 | 000,188,672 | ---- | M] (Microsoft Corporation) MD5=E5E6DBFC41EA8AAD005CB9A57A96B43B -- C:\WINDOWS\system32\drivers\acpi.sys
< %SYSTEMDRIVE%\*.exe >
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008/04/13 12:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2008/04/13 12:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >
========== Alternate Data Streams ==========
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:861A898F
< End of report >
Alors j'ai supprimé ce c\qoobox
J'ai repéré les 2 fichiers atapi ils ont la même taille, sont du 8.3.2010 le premier est un atapi.svs le second un atapi.sys
qu'est ce que j'en fait ?
Voici le rapport OTL
OTL logfile created on: 11/03/2010 15:46:31 - Run 2
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\seppi\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
1 023,00 Mb Total Physical Memory | 658,00 Mb Available Physical Memory | 64,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60,00 Gb Total Space | 33,62 Gb Free Space | 56,02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 89,04 Gb Total Space | 15,19 Gb Free Space | 17,06% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AS-SEPPI
Current User Name: seppi
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Documents and Settings\seppi\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\seppi\Bureau\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (NMIndexingService) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (LightScribeService) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
========== Driver Services (SafeList) ==========
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (StarOpen) -- C:\WINDOWS\system32\StarOpen.sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (PzWDM) -- C:\WINDOWS\system32\Drivers\PzWDM.sys (Prassi Technology)
DRV - (Amusbprt) -- C:\WINDOWS\system32\drivers\Amusbprt.sys ((Standard Mouse Types))
DRV - (Amps2prt) -- C:\WINDOWS\system32\drivers\Amps2prt.sys ((Standard Mouse Types))
DRV - (Amfilter) -- C:\WINDOWS\system32\drivers\Amfilter.sys ((Standard Mouse Types))
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.1
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:1.9.98
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/19 11:14:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/04 19:03:02 | 000,000,000 | ---D | M]
[2009/12/16 14:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\seppi\Application Data\Mozilla\Extensions
[2010/03/09 17:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions
[2010/01/12 08:50:26 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/03/03 14:47:08 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/01/01 11:51:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/07 12:46:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/03/03 08:51:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/05 08:49:45 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2010/03/02 13:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\artur.dubovoy@gmail.com
[2010/03/09 17:38:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/22 04:51:01 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2009/12/22 04:51:01 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/12/22 04:51:01 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/12/22 04:51:01 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2009/12/22 04:51:01 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2010/02/08 18:16:52 | 000,377,780 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13044 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://ushousecall02.trendmicro.com/hou ... hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan ... stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/12 17:53:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/03/11 15:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\Aacd v3
[2010/03/10 18:42:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/08 17:46:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\seppi\Recent
[2010/03/08 10:01:49 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\seppi\Bureau\WinsockxpFix.exe
[2010/03/08 00:12:09 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\seppi\Bureau\OTL.exe
[2010/03/06 17:20:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Application Data\FreeFLVConverter
[2010/03/05 15:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2010/03/05 07:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\GLUCOFACTS Express
[2010/03/05 07:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Dancer
[2010/03/04 20:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Bureau\7digital_Downloads_04-03-2010
[2010/03/04 19:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Mes documents\2010-03-04
[2010/03/04 14:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/03/04 11:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Local Settings\Application Data\WMTools Downloaded Files
[2010/03/04 11:08:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\seppi\Mes documents\Mes vidéos
[2010/03/03 13:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Mes documents\Téléchargements
[2010/03/02 19:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/03/02 18:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/03/01 22:50:12 | 000,000,000 | ---D | C] -- C:\ToolBar SD
[2010/03/01 22:22:25 | 000,000,000 | ---D | C] -- C:\rsit
[2010/03/01 14:37:16 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\seppi\Bureau\TFC.exe
[2010/03/01 12:35:01 | 001,840,232 | ---- | C] (Trend Micro) -- C:\Documents and Settings\seppi\Mes documents\HousecallLauncher.exe
[2010/02/28 18:38:15 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\seppi\Bureau\ATF-Cleaner.exe
[2010/02/28 15:34:12 | 001,415,173 | ---- | C] (Nicolas Coolman ) -- C:\Documents and Settings\seppi\Bureau\ZHPDiag_1.25.12.exe
[2010/02/28 09:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/27 22:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/27 18:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Mes documents\2010-02-27
[2010/02/27 14:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/27 14:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/02/27 08:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\réparation fichier rar
[2010/02/21 09:04:51 | 000,667,648 | ---- | C] (Prassi Software) -- C:\WINDOWS\InZU31.exe
[2010/02/21 09:04:49 | 000,015,172 | ---- | C] (Prassi Technology) -- C:\WINDOWS\System32\drivers\PzWDM.sys
[2010/02/21 09:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\ONES Trial (F)
[2010/02/21 09:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\ones
[2010/02/20 13:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Mes documents\Sauvegarde de la licence
[2010/02/17 17:34:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Saved Games
[2010/02/17 17:32:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Local Settings\Application Data\Oberon Games
[2010/02/17 17:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Application Data\Big Fish Games
[2010/02/17 17:27:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/17 17:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Oberon Media
[2010/02/17 17:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\orange
[2010/02/17 17:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\jeux
[2010/02/16 12:58:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Mes documents\NeroVision
[2009/12/12 17:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/12 17:52:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/12 17:52:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
========== Files - Modified Within 30 Days ==========
[2010/03/11 15:25:22 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\seppi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/11 15:22:38 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\seppi\NTUSER.DAT
[2010/03/11 14:11:54 | 000,000,516 | ---- | M] () -- C:\WINDOWS\tasks\Recherche de problèmes automatique.job
[2010/03/11 09:35:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/11 09:35:19 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/11 09:35:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/11 09:35:10 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/11 01:12:12 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\seppi\ntuser.ini
[2010/03/10 18:03:54 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/10 17:43:40 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/10 17:36:05 | 003,885,368 | R--- | M] () -- C:\Documents and Settings\seppi\Bureau\Calimero.exe
[2010/03/10 15:29:24 | 067,086,336 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Flippers_-_Alles_La_Paloma__2005_.AVI
[2010/03/10 15:28:25 | 044,301,824 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Flippers_-_Auf_deiner_Mailbox_sind_drei_Kuesse_von_mir__2005_.AVI
[2010/03/10 08:41:46 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/09 17:35:17 | 000,013,357 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\a5xv5c1om8hy9d1a30joe.jpg
[2010/03/09 12:24:05 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/03/09 12:12:54 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/03/09 12:12:33 | 000,162,640 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/03/09 12:09:08 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/03/09 12:08:41 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/03/09 12:08:38 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/03/09 12:08:30 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/03/09 12:08:15 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/03/08 19:49:28 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/03/08 19:49:28 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.svs
[2010/03/08 16:21:24 | 001,260,379 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\ebook.odt
[2010/03/08 16:20:59 | 000,000,127 | -H-- | M] () -- C:\Documents and Settings\seppi\Mes documents\.~lock.ebook.odt#
[2010/03/08 12:31:54 | 000,015,208 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\impots.odt
[2010/03/08 12:31:43 | 000,011,660 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\lettre impots residence second.odt
[2010/03/08 11:14:14 | 000,162,198 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\instruction_5f610_28012010_frais_reels_interets_emprunt_salarie_achat_titres_actions_entreprise.pdf
[2010/03/08 10:12:13 | 000,017,234 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\alureon2.odt
[2010/03/08 10:11:41 | 000,016,346 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\alureon.odt
[2010/03/08 10:08:08 | 001,376,066 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\findykill.exe
[2010/03/08 10:04:28 | 000,845,916 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\Load_tdsskiller.exe
[2010/03/08 10:01:49 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\seppi\Bureau\WinsockxpFix.exe
[2010/03/08 00:12:09 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\seppi\Bureau\OTL.exe
[2010/03/07 13:13:38 | 049,953,965 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\212.Belsy.zip
[2010/03/07 13:11:24 | 000,836,580 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\226.Die_Superoldies.zip
[2010/03/07 13:05:34 | 089,597,377 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\313.Die_Edlseer.zip
[2010/03/07 13:05:20 | 067,335,781 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\317.Die_Edlseer.zip
[2010/03/07 09:09:27 | 000,005,386 | ---- | M] () -- C:\Documents and Settings\seppi\.recently-used.xbel
[2010/03/06 16:03:54 | 000,068,112 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\cc_20100306_160348.reg
[2010/03/06 11:58:55 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\Raccourci vers My Shared Folder.lnk
[2010/03/05 07:51:58 | 000,062,745 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\glycemie fevrier 2010.pdf
[2010/03/05 07:49:00 | 000,001,798 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\GLUCOFACTS Express 1.10.00.lnk
[2010/03/04 15:23:59 | 004,607,668 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\bredelers - bombom stand.mp3
[2010/03/03 16:08:12 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\FlashGet.lnk
[2010/03/03 12:47:13 | 000,262,796 | -H-- | M] () -- C:\Documents and Settings\seppi\Local Settings\Application Data\IconCache.db
[2010/03/03 07:47:15 | 007,677,440 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Les_Bleus-Blancs-Rouges pa7.6 rené.pps
[2010/03/01 14:37:16 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\seppi\Bureau\TFC.exe
[2010/03/01 12:35:08 | 001,840,232 | ---- | M] (Trend Micro) -- C:\Documents and Settings\seppi\Mes documents\HousecallLauncher.exe
[2010/02/28 18:38:16 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\seppi\Bureau\ATF-Cleaner.exe
[2010/02/28 15:34:15 | 001,415,173 | ---- | M] (Nicolas Coolman ) -- C:\Documents and Settings\seppi\Bureau\ZHPDiag_1.25.12.exe
[2010/02/28 09:24:16 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\HijackThis.lnk
[2010/02/27 17:22:47 | 000,075,620 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Alerte Météo.odt
[2010/02/27 14:21:30 | 000,000,550 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/27 14:21:30 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/02/27 13:10:21 | 000,001,649 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\PAF 4 Deutsch.lnk
[2010/02/27 13:10:20 | 000,001,649 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\PAF 4 Français.lnk
[2010/02/27 13:07:39 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\spahn.paf
[2010/02/27 12:54:47 | 000,000,343 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Spahn.lst
[2010/02/27 12:50:34 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\spahn2.paf
[2010/02/26 18:02:25 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\CCleaner.lnk
[2010/02/26 16:31:07 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Lettre pour papi à l'assurance.doc
[2010/02/26 16:22:21 | 000,020,767 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Lettre pour papi à l'assurance.odt
[2010/02/26 13:40:02 | 001,303,552 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\classification_of_child_s_behaviour_in_dental_clinic__pedo_.ppt
[2010/02/26 09:02:32 | 001,109,504 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Wunder der Natur.pps
[2010/02/25 21:50:50 | 000,315,392 | ---- | M] (Koyote Soft - http://www.koyotesoft.com) -- C:\WINDOWS\System32\TubeFinder.exe
[2010/02/20 14:02:43 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\eMule.lnk
[2010/02/18 13:45:34 | 000,016,597 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\lettre REDOUTE.odt
[2010/02/17 17:34:37 | 000,001,111 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\Raccourci vers DreamDayFirstHome.lnk
[2010/02/17 17:26:47 | 000,001,693 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\Azada.lnk
[2010/02/17 17:26:47 | 000,001,256 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\Jeux sur Orange.fr.lnk
[2010/02/17 14:19:58 | 002,727,923 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\021419_072758edab925b4b931e8c35efdf045b_uaaqgl.png
[2010/02/17 09:27:55 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/02/16 19:48:17 | 000,016,698 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Menu anniversaire.odt
[2010/02/11 19:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/11 17:44:08 | 000,185,550 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Flippi.jpg
[2010/02/09 19:52:25 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
========== Files Created - No Company Name ==========
[2010/03/10 15:26:46 | 044,301,824 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Flippers_-_Auf_deiner_Mailbox_sind_drei_Kuesse_von_mir__2005_.AVI
[2010/03/10 15:26:06 | 067,086,336 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Flippers_-_Alles_La_Paloma__2005_.AVI
[2010/03/10 08:53:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/09 17:35:17 | 000,013,357 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\a5xv5c1om8hy9d1a30joe.jpg
[2010/03/08 16:21:24 | 001,260,379 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\ebook.odt
[2010/03/08 16:20:59 | 000,000,127 | -H-- | C] () -- C:\Documents and Settings\seppi\Mes documents\.~lock.ebook.odt#
[2010/03/08 12:31:53 | 000,015,208 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\impots.odt
[2010/03/08 12:31:43 | 000,011,660 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\lettre impots residence second.odt
[2010/03/08 11:14:14 | 000,162,198 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\instruction_5f610_28012010_frais_reels_interets_emprunt_salarie_achat_titres_actions_entreprise.pdf
[2010/03/08 10:12:11 | 000,017,234 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\alureon2.odt
[2010/03/08 10:11:38 | 000,016,346 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\alureon.odt
[2010/03/08 10:08:08 | 001,376,066 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\findykill.exe
[2010/03/08 10:04:28 | 000,845,916 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\Load_tdsskiller.exe
[2010/03/08 05:17:18 | 003,885,368 | R--- | C] () -- C:\Documents and Settings\seppi\Bureau\Calimero.exe
[2010/03/07 13:13:36 | 049,953,965 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\212.Belsy.zip
[2010/03/07 13:11:23 | 000,836,580 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\226.Die_Superoldies.zip
[2010/03/07 13:05:23 | 089,597,377 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\313.Die_Edlseer.zip
[2010/03/07 13:05:11 | 067,335,781 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\317.Die_Edlseer.zip
[2010/03/07 09:09:27 | 000,005,386 | ---- | C] () -- C:\Documents and Settings\seppi\.recently-used.xbel
[2010/03/06 16:03:51 | 000,068,112 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\cc_20100306_160348.reg
[2010/03/06 11:58:55 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\Raccourci vers My Shared Folder.lnk
[2010/03/05 07:51:56 | 000,062,745 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\glycemie fevrier 2010.pdf
[2010/03/04 15:19:50 | 004,607,668 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\bredelers - bombom stand.mp3
[2010/03/03 16:08:11 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\FlashGet.lnk
[2010/03/03 07:47:02 | 007,677,440 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Les_Bleus-Blancs-Rouges pa7.6 rené.pps
[2010/03/01 12:50:11 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/28 09:24:16 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\HijackThis.lnk
[2010/02/27 17:22:42 | 000,075,620 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Alerte Météo.odt
[2010/02/27 16:58:43 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\devill.doc
[2010/02/27 16:58:38 | 000,155,648 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\123456.doc
[2010/02/27 16:58:28 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\INDEX MP3 1er aout 2009.xls
[2010/02/27 13:10:21 | 000,001,649 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\PAF 4 Deutsch.lnk
[2010/02/27 13:10:20 | 000,001,649 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\PAF 4 Français.lnk
[2010/02/26 16:30:57 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Lettre pour papi à l'assurance.doc
[2010/02/26 16:17:35 | 000,020,767 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Lettre pour papi à l'assurance.odt
[2010/02/26 13:40:01 | 001,303,552 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\classification_of_child_s_behaviour_in_dental_clinic__pedo_.ppt
[2010/02/26 09:02:27 | 001,109,504 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Wunder der Natur.pps
[2010/02/20 14:02:43 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\eMule.lnk
[2010/02/18 13:39:07 | 000,016,597 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\lettre REDOUTE.odt
[2010/02/17 17:34:37 | 000,001,111 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\Raccourci vers DreamDayFirstHome.lnk
[2010/02/17 17:26:47 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\Azada.lnk
[2010/02/17 17:26:47 | 000,001,256 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\Jeux sur Orange.fr.lnk
[2010/02/17 14:20:09 | 002,727,923 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\021419_072758edab925b4b931e8c35efdf045b_uaaqgl.png
[2010/02/16 13:58:07 | 000,016,698 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Menu anniversaire.odt
[2010/02/11 17:44:04 | 000,185,550 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Flippi.jpg
[2010/02/09 19:52:07 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/01/21 08:29:48 | 003,481,968 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2010/01/15 16:43:32 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/01/14 16:41:16 | 000,000,087 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/01/14 11:10:58 | 006,479,872 | ---- | C] () -- C:\Program Files\cdbxp_setup_4.2.7.1849.msi
[2010/01/13 08:47:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/01/01 06:49:17 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\seppi\Local Settings\Application Data\housecall.guid.cache
[2009/12/30 15:01:46 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\seppi\Local Settings\Application Data\fusioncache.dat
[2009/12/29 09:51:04 | 000,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2009/12/26 11:48:17 | 000,000,083 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2009/12/26 10:07:37 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\Amsample.dll
[2009/12/26 10:07:36 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\Amoucplx.dll
[2009/12/26 10:07:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Amoures.dll
[2009/12/26 10:07:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Amhooker.dll
[2009/12/21 15:00:46 | 000,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2009/12/21 09:08:34 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2009/12/16 14:40:40 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/15 13:12:50 | 000,117,760 | ---- | C] () -- C:\Documents and Settings\seppi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/15 10:03:36 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3w.DLL
[2009/12/14 15:18:41 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2009/12/14 15:04:12 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/14 15:04:12 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/12/14 15:04:09 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/14 15:04:09 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/14 15:04:08 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/12/14 15:04:05 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/12/14 15:04:04 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/12 13:48:58 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\StarOpen.sys
[2006/05/13 12:35:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\iAACDPlugin.dll
[2005/10/05 10:06:40 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\jlvtool.dll
[2005/03/14 14:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/11/07 01:50:00 | 000,076,288 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2003/11/18 02:37:20 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
========== Custom Scans ==========
< %SYSTEMDRIVE%\cdrom.sys /s /md5 >
[2008/04/14 13:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2010/03/08 19:49:28 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2010/03/08 19:49:28 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2010/03/08 19:49:28 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< %SYSTEMDRIVE%\ACPI.sys /s /md5 >
[2008/04/14 13:00:00 | 000,188,672 | ---- | M] (Microsoft Corporation) MD5=E5E6DBFC41EA8AAD005CB9A57A96B43B -- C:\WINDOWS\system32\drivers\acpi.sys
< %SYSTEMDRIVE%\*.exe >
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008/04/13 12:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2008/04/13 12:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >
========== Alternate Data Streams ==========
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:861A898F
< End of report >
- calimero67
- Apprenti(e)
- Messages: 35
- Inscription: 02 Jan 2010 17:57
Re: Win 32 alureon le retour
le 11 Mar 2010 19:48
bon on va vérifier si un autre fichier atapi n'est pas sur le pc.
refait ceci.
* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"
* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.
* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Output" (en haut à droite) la case "minimal Output" soit cochée.
* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Custom scan/fixes"
* Cliques sur l'icône "Run Scan" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
refait ceci.
* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"
* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.
* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Output" (en haut à droite) la case "minimal Output" soit cochée.
* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Custom scan/fixes"
%systemdrive%\atapi.* /s /md5
* Cliques sur l'icône "Run Scan" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
-
bernard53 - PC-Infopraticien
- Messages: 12778
- Inscription: 08 Déc 2009 19:51
Re: Win 32 alureon le retour
le 11 Mar 2010 22:04
OTL logfile created on: 11/03/2010 22:00:23 - Run 3
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\seppi\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
1 023,00 Mb Total Physical Memory | 568,00 Mb Available Physical Memory | 55,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60,00 Gb Total Space | 38,60 Gb Free Space | 64,33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 89,04 Gb Total Space | 19,11 Gb Free Space | 21,46% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AS-SEPPI
Current User Name: seppi
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Documents and Settings\seppi\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\seppi\Bureau\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (NMIndexingService) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (LightScribeService) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
========== Driver Services (SafeList) ==========
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (StarOpen) -- C:\WINDOWS\system32\StarOpen.sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (PzWDM) -- C:\WINDOWS\system32\Drivers\PzWDM.sys (Prassi Technology)
DRV - (Amusbprt) -- C:\WINDOWS\system32\drivers\Amusbprt.sys ((Standard Mouse Types))
DRV - (Amps2prt) -- C:\WINDOWS\system32\drivers\Amps2prt.sys ((Standard Mouse Types))
DRV - (Amfilter) -- C:\WINDOWS\system32\drivers\Amfilter.sys ((Standard Mouse Types))
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.1
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:1.9.98
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/19 11:14:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/04 19:03:02 | 000,000,000 | ---D | M]
[2009/12/16 14:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\seppi\Application Data\Mozilla\Extensions
[2010/03/09 17:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions
[2010/01/12 08:50:26 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/03/03 14:47:08 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/01/01 11:51:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/07 12:46:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/03/03 08:51:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/05 08:49:45 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2010/03/02 13:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\artur.dubovoy@gmail.com
[2010/03/09 17:38:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/22 04:51:01 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2009/12/22 04:51:01 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/12/22 04:51:01 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/12/22 04:51:01 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2009/12/22 04:51:01 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2010/02/08 18:16:52 | 000,377,780 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13044 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://ushousecall02.trendmicro.com/hou ... hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan ... stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/12 17:53:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/03/11 18:50:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\seppi\Recent
[2010/03/11 15:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\Aacd v3
[2010/03/10 18:42:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/08 10:01:49 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\seppi\Bureau\WinsockxpFix.exe
[2010/03/08 00:12:09 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\seppi\Bureau\OTL.exe
[2010/03/06 17:20:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Application Data\FreeFLVConverter
[2010/03/05 15:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2010/03/05 07:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\GLUCOFACTS Express
[2010/03/05 07:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Dancer
[2010/03/04 20:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Bureau\7digital_Downloads_04-03-2010
[2010/03/04 19:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Mes documents\2010-03-04
[2010/03/04 14:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/03/04 11:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Local Settings\Application Data\WMTools Downloaded Files
[2010/03/04 11:08:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\seppi\Mes documents\Mes vidéos
[2010/03/03 13:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Mes documents\Téléchargements
[2010/03/02 19:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/03/02 18:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/03/01 22:50:12 | 000,000,000 | ---D | C] -- C:\ToolBar SD
[2010/03/01 22:22:25 | 000,000,000 | ---D | C] -- C:\rsit
[2010/03/01 14:37:16 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\seppi\Bureau\TFC.exe
[2010/03/01 12:35:01 | 001,840,232 | ---- | C] (Trend Micro) -- C:\Documents and Settings\seppi\Mes documents\HousecallLauncher.exe
[2010/02/28 18:38:15 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\seppi\Bureau\ATF-Cleaner.exe
[2010/02/28 15:34:12 | 001,415,173 | ---- | C] (Nicolas Coolman ) -- C:\Documents and Settings\seppi\Bureau\ZHPDiag_1.25.12.exe
[2010/02/28 09:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/27 22:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/27 18:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Mes documents\2010-02-27
[2010/02/27 14:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/27 14:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/02/27 08:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\réparation fichier rar
[2010/02/21 09:04:51 | 000,667,648 | ---- | C] (Prassi Software) -- C:\WINDOWS\InZU31.exe
[2010/02/21 09:04:49 | 000,015,172 | ---- | C] (Prassi Technology) -- C:\WINDOWS\System32\drivers\PzWDM.sys
[2010/02/21 09:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\ONES Trial (F)
[2010/02/21 09:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\ones
[2010/02/20 13:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Mes documents\Sauvegarde de la licence
[2010/02/17 17:34:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Saved Games
[2010/02/17 17:32:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Local Settings\Application Data\Oberon Games
[2010/02/17 17:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Application Data\Big Fish Games
[2010/02/17 17:27:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/17 17:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Oberon Media
[2010/02/17 17:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\orange
[2010/02/17 17:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\jeux
[2010/02/16 12:58:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Mes documents\NeroVision
[2009/12/12 17:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/12 17:52:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/12 17:52:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
========== Files - Modified Within 30 Days ==========
[2010/03/11 20:00:03 | 000,000,516 | ---- | M] () -- C:\WINDOWS\tasks\Recherche de problèmes automatique.job
[2010/03/11 18:46:11 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\seppi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/11 18:44:57 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/11 17:35:34 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\seppi\NTUSER.DAT
[2010/03/11 09:35:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/11 09:35:19 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/11 09:35:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/11 09:35:10 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/11 01:12:12 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\seppi\ntuser.ini
[2010/03/10 17:43:40 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/10 17:36:05 | 003,885,368 | R--- | M] () -- C:\Documents and Settings\seppi\Bureau\Calimero.exe
[2010/03/10 08:41:46 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/09 17:35:17 | 000,013,357 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\a5xv5c1om8hy9d1a30joe.jpg
[2010/03/09 12:24:05 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/03/09 12:12:54 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/03/09 12:12:33 | 000,162,640 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/03/09 12:09:08 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/03/09 12:08:41 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/03/09 12:08:38 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/03/09 12:08:30 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/03/09 12:08:15 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/03/08 19:49:28 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/03/08 19:49:28 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.svs
[2010/03/08 16:21:24 | 001,260,379 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\ebook.odt
[2010/03/08 16:20:59 | 000,000,127 | -H-- | M] () -- C:\Documents and Settings\seppi\Mes documents\.~lock.ebook.odt#
[2010/03/08 12:31:54 | 000,015,208 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\impots.odt
[2010/03/08 12:31:43 | 000,011,660 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\lettre impots residence second.odt
[2010/03/08 11:14:14 | 000,162,198 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\instruction_5f610_28012010_frais_reels_interets_emprunt_salarie_achat_titres_actions_entreprise.pdf
[2010/03/08 10:12:13 | 000,017,234 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\alureon2.odt
[2010/03/08 10:11:41 | 000,016,346 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\alureon.odt
[2010/03/08 10:08:08 | 001,376,066 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\findykill.exe
[2010/03/08 10:04:28 | 000,845,916 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\Load_tdsskiller.exe
[2010/03/08 10:01:49 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\seppi\Bureau\WinsockxpFix.exe
[2010/03/08 00:12:09 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\seppi\Bureau\OTL.exe
[2010/03/07 09:09:27 | 000,005,386 | ---- | M] () -- C:\Documents and Settings\seppi\.recently-used.xbel
[2010/03/06 16:03:54 | 000,068,112 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\cc_20100306_160348.reg
[2010/03/06 11:58:55 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\Raccourci vers My Shared Folder.lnk
[2010/03/05 07:51:58 | 000,062,745 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\glycemie fevrier 2010.pdf
[2010/03/05 07:49:00 | 000,001,798 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\GLUCOFACTS Express 1.10.00.lnk
[2010/03/04 15:23:59 | 004,607,668 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\bredelers - bombom stand.mp3
[2010/03/03 16:08:12 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\FlashGet.lnk
[2010/03/03 12:47:13 | 000,262,796 | -H-- | M] () -- C:\Documents and Settings\seppi\Local Settings\Application Data\IconCache.db
[2010/03/03 07:47:15 | 007,677,440 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Les_Bleus-Blancs-Rouges pa7.6 rené.pps
[2010/03/01 19:54:50 | 000,074,240 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\convocation servais2.doc
[2010/03/01 19:54:28 | 000,087,765 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\convocation servais2.odt
[2010/03/01 14:37:16 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\seppi\Bureau\TFC.exe
[2010/03/01 12:35:08 | 001,840,232 | ---- | M] (Trend Micro) -- C:\Documents and Settings\seppi\Mes documents\HousecallLauncher.exe
[2010/02/28 18:38:16 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\seppi\Bureau\ATF-Cleaner.exe
[2010/02/28 15:34:15 | 001,415,173 | ---- | M] (Nicolas Coolman ) -- C:\Documents and Settings\seppi\Bureau\ZHPDiag_1.25.12.exe
[2010/02/28 09:24:16 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\HijackThis.lnk
[2010/02/27 17:22:47 | 000,075,620 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Alerte Météo.odt
[2010/02/27 14:21:30 | 000,000,550 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/27 14:21:30 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/02/27 13:22:39 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\SPAHN Bernard.paf
[2010/02/27 13:10:21 | 000,001,649 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\PAF 4 Deutsch.lnk
[2010/02/27 13:10:20 | 000,001,649 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\PAF 4 Français.lnk
[2010/02/27 13:07:39 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\spahn.paf
[2010/02/27 12:54:47 | 000,000,343 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Spahn.lst
[2010/02/27 12:50:34 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\spahn2.paf
[2010/02/26 18:02:25 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\CCleaner.lnk
[2010/02/26 16:31:07 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Lettre pour papi à l'assurance.doc
[2010/02/26 16:22:21 | 000,020,767 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Lettre pour papi à l'assurance.odt
[2010/02/26 13:40:02 | 001,303,552 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\classification_of_child_s_behaviour_in_dental_clinic__pedo_.ppt
[2010/02/26 09:02:32 | 001,109,504 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Wunder der Natur.pps
[2010/02/25 21:50:50 | 000,315,392 | ---- | M] (Koyote Soft - http://www.koyotesoft.com) -- C:\WINDOWS\System32\TubeFinder.exe
[2010/02/20 14:02:43 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\eMule.lnk
[2010/02/18 13:45:34 | 000,016,597 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\lettre REDOUTE.odt
[2010/02/17 17:34:37 | 000,001,111 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\Raccourci vers DreamDayFirstHome.lnk
[2010/02/17 17:26:47 | 000,001,693 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\Azada.lnk
[2010/02/17 17:26:47 | 000,001,256 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\Jeux sur Orange.fr.lnk
[2010/02/17 14:19:58 | 002,727,923 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\021419_072758edab925b4b931e8c35efdf045b_uaaqgl.png
[2010/02/17 09:27:55 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/02/16 19:48:17 | 000,016,698 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Menu anniversaire.odt
[2010/02/11 19:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/11 17:44:08 | 000,185,550 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Flippi.jpg
========== Files Created - No Company Name ==========
[2010/03/10 08:53:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/09 17:35:17 | 000,013,357 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\a5xv5c1om8hy9d1a30joe.jpg
[2010/03/08 16:21:24 | 001,260,379 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\ebook.odt
[2010/03/08 16:20:59 | 000,000,127 | -H-- | C] () -- C:\Documents and Settings\seppi\Mes documents\.~lock.ebook.odt#
[2010/03/08 12:31:53 | 000,015,208 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\impots.odt
[2010/03/08 12:31:43 | 000,011,660 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\lettre impots residence second.odt
[2010/03/08 11:14:14 | 000,162,198 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\instruction_5f610_28012010_frais_reels_interets_emprunt_salarie_achat_titres_actions_entreprise.pdf
[2010/03/08 10:12:11 | 000,017,234 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\alureon2.odt
[2010/03/08 10:11:38 | 000,016,346 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\alureon.odt
[2010/03/08 10:08:08 | 001,376,066 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\findykill.exe
[2010/03/08 10:04:28 | 000,845,916 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\Load_tdsskiller.exe
[2010/03/08 05:17:18 | 003,885,368 | R--- | C] () -- C:\Documents and Settings\seppi\Bureau\Calimero.exe
[2010/03/07 09:09:27 | 000,005,386 | ---- | C] () -- C:\Documents and Settings\seppi\.recently-used.xbel
[2010/03/06 16:03:51 | 000,068,112 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\cc_20100306_160348.reg
[2010/03/06 11:58:55 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\Raccourci vers My Shared Folder.lnk
[2010/03/05 07:51:56 | 000,062,745 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\glycemie fevrier 2010.pdf
[2010/03/04 15:19:50 | 004,607,668 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\bredelers - bombom stand.mp3
[2010/03/03 16:08:11 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\FlashGet.lnk
[2010/03/03 07:47:02 | 007,677,440 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Les_Bleus-Blancs-Rouges pa7.6 rené.pps
[2010/03/01 19:58:46 | 000,087,765 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\convocation servais2.odt
[2010/03/01 19:58:23 | 000,074,240 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\convocation servais2.doc
[2010/03/01 12:50:11 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/28 09:24:16 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\HijackThis.lnk
[2010/02/27 17:22:42 | 000,075,620 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Alerte Météo.odt
[2010/02/27 16:58:43 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\devill.doc
[2010/02/27 16:58:38 | 000,155,648 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\123456.doc
[2010/02/27 16:58:28 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\INDEX MP3 1er aout 2009.xls
[2010/02/27 16:58:17 | 000,557,568 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Die Nachbarin.doc
[2010/02/27 13:10:57 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\SPAHN Bernard.paf
[2010/02/27 13:10:21 | 000,001,649 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\PAF 4 Deutsch.lnk
[2010/02/27 13:10:20 | 000,001,649 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\PAF 4 Français.lnk
[2010/02/27 12:53:44 | 000,118,784 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\spahn.paf
[2010/02/26 16:30:57 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Lettre pour papi à l'assurance.doc
[2010/02/26 16:17:35 | 000,020,767 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Lettre pour papi à l'assurance.odt
[2010/02/26 13:40:01 | 001,303,552 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\classification_of_child_s_behaviour_in_dental_clinic__pedo_.ppt
[2010/02/26 09:02:27 | 001,109,504 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Wunder der Natur.pps
[2010/02/20 14:02:43 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\eMule.lnk
[2010/02/18 13:39:07 | 000,016,597 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\lettre REDOUTE.odt
[2010/02/17 17:34:37 | 000,001,111 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\Raccourci vers DreamDayFirstHome.lnk
[2010/02/17 17:26:47 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\Azada.lnk
[2010/02/17 17:26:47 | 000,001,256 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\Jeux sur Orange.fr.lnk
[2010/02/17 14:20:09 | 002,727,923 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\021419_072758edab925b4b931e8c35efdf045b_uaaqgl.png
[2010/02/16 13:58:07 | 000,016,698 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Menu anniversaire.odt
[2010/02/11 17:44:04 | 000,185,550 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Flippi.jpg
[2010/02/09 19:52:07 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/01/21 08:29:48 | 003,481,968 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2010/01/15 16:43:32 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/01/14 16:41:16 | 000,000,087 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/01/14 11:10:58 | 006,479,872 | ---- | C] () -- C:\Program Files\cdbxp_setup_4.2.7.1849.msi
[2010/01/13 08:47:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/01/01 06:49:17 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\seppi\Local Settings\Application Data\housecall.guid.cache
[2009/12/30 15:01:46 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\seppi\Local Settings\Application Data\fusioncache.dat
[2009/12/29 09:51:04 | 000,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2009/12/26 11:48:17 | 000,000,083 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2009/12/26 10:07:37 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\Amsample.dll
[2009/12/26 10:07:36 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\Amoucplx.dll
[2009/12/26 10:07:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Amoures.dll
[2009/12/26 10:07:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Amhooker.dll
[2009/12/21 15:00:46 | 000,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2009/12/21 09:08:34 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2009/12/16 14:40:40 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/15 13:12:50 | 000,126,976 | ---- | C] () -- C:\Documents and Settings\seppi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/15 10:03:36 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3w.DLL
[2009/12/14 15:18:41 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2009/12/14 15:04:12 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/14 15:04:12 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/12/14 15:04:09 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/14 15:04:09 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/14 15:04:08 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/12/14 15:04:05 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/12/14 15:04:04 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/12 13:48:58 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\StarOpen.sys
[2006/05/13 12:35:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\iAACDPlugin.dll
[2005/10/05 10:06:40 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\jlvtool.dll
[2005/03/14 14:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/11/07 01:50:00 | 000,076,288 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2003/11/18 02:37:20 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
========== Custom Scans ==========
< %systemdrive%\atapi.* /s /md5 >
[2004/08/03 22:59:44 | 000,049,558 | ---- | M] () MD5=28541D14647BB58502D09D1CEAEE6684 -- C:\cmdcons\ATAPI.SY_
[2010/03/08 19:49:28 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2010/03/08 19:49:28 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2010/03/08 19:49:28 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.svs
[2010/03/08 19:49:28 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
========== Alternate Data Streams ==========
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:861A898F
< End of report >
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\seppi\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
1 023,00 Mb Total Physical Memory | 568,00 Mb Available Physical Memory | 55,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60,00 Gb Total Space | 38,60 Gb Free Space | 64,33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 89,04 Gb Total Space | 19,11 Gb Free Space | 21,46% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AS-SEPPI
Current User Name: seppi
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Documents and Settings\seppi\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\seppi\Bureau\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (NMIndexingService) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (LightScribeService) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
========== Driver Services (SafeList) ==========
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (StarOpen) -- C:\WINDOWS\system32\StarOpen.sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (PzWDM) -- C:\WINDOWS\system32\Drivers\PzWDM.sys (Prassi Technology)
DRV - (Amusbprt) -- C:\WINDOWS\system32\drivers\Amusbprt.sys ((Standard Mouse Types))
DRV - (Amps2prt) -- C:\WINDOWS\system32\drivers\Amps2prt.sys ((Standard Mouse Types))
DRV - (Amfilter) -- C:\WINDOWS\system32\drivers\Amfilter.sys ((Standard Mouse Types))
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.1
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:1.9.98
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/19 11:14:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/04 19:03:02 | 000,000,000 | ---D | M]
[2009/12/16 14:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\seppi\Application Data\Mozilla\Extensions
[2010/03/09 17:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions
[2010/01/12 08:50:26 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/03/03 14:47:08 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/01/01 11:51:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/07 12:46:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/03/03 08:51:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/05 08:49:45 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2010/03/02 13:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\artur.dubovoy@gmail.com
[2010/03/09 17:38:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/22 04:51:01 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2009/12/22 04:51:01 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/12/22 04:51:01 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/12/22 04:51:01 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2009/12/22 04:51:01 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2010/02/08 18:16:52 | 000,377,780 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13044 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://ushousecall02.trendmicro.com/hou ... hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan ... stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/12 17:53:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/03/11 18:50:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\seppi\Recent
[2010/03/11 15:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\Aacd v3
[2010/03/10 18:42:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/08 10:01:49 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\seppi\Bureau\WinsockxpFix.exe
[2010/03/08 00:12:09 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\seppi\Bureau\OTL.exe
[2010/03/06 17:20:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Application Data\FreeFLVConverter
[2010/03/05 15:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2010/03/05 07:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\GLUCOFACTS Express
[2010/03/05 07:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Dancer
[2010/03/04 20:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Bureau\7digital_Downloads_04-03-2010
[2010/03/04 19:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Mes documents\2010-03-04
[2010/03/04 14:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/03/04 11:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Local Settings\Application Data\WMTools Downloaded Files
[2010/03/04 11:08:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\seppi\Mes documents\Mes vidéos
[2010/03/03 13:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Mes documents\Téléchargements
[2010/03/02 19:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/03/02 18:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/03/01 22:50:12 | 000,000,000 | ---D | C] -- C:\ToolBar SD
[2010/03/01 22:22:25 | 000,000,000 | ---D | C] -- C:\rsit
[2010/03/01 14:37:16 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\seppi\Bureau\TFC.exe
[2010/03/01 12:35:01 | 001,840,232 | ---- | C] (Trend Micro) -- C:\Documents and Settings\seppi\Mes documents\HousecallLauncher.exe
[2010/02/28 18:38:15 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\seppi\Bureau\ATF-Cleaner.exe
[2010/02/28 15:34:12 | 001,415,173 | ---- | C] (Nicolas Coolman ) -- C:\Documents and Settings\seppi\Bureau\ZHPDiag_1.25.12.exe
[2010/02/28 09:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/27 22:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/27 18:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Mes documents\2010-02-27
[2010/02/27 14:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/27 14:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/02/27 08:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\réparation fichier rar
[2010/02/21 09:04:51 | 000,667,648 | ---- | C] (Prassi Software) -- C:\WINDOWS\InZU31.exe
[2010/02/21 09:04:49 | 000,015,172 | ---- | C] (Prassi Technology) -- C:\WINDOWS\System32\drivers\PzWDM.sys
[2010/02/21 09:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\ONES Trial (F)
[2010/02/21 09:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\ones
[2010/02/20 13:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Mes documents\Sauvegarde de la licence
[2010/02/17 17:34:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Saved Games
[2010/02/17 17:32:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Local Settings\Application Data\Oberon Games
[2010/02/17 17:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Application Data\Big Fish Games
[2010/02/17 17:27:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/17 17:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Oberon Media
[2010/02/17 17:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\orange
[2010/02/17 17:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\jeux
[2010/02/16 12:58:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\seppi\Mes documents\NeroVision
[2009/12/12 17:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/12 17:52:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/12 17:52:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
========== Files - Modified Within 30 Days ==========
[2010/03/11 20:00:03 | 000,000,516 | ---- | M] () -- C:\WINDOWS\tasks\Recherche de problèmes automatique.job
[2010/03/11 18:46:11 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\seppi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/11 18:44:57 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/11 17:35:34 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\seppi\NTUSER.DAT
[2010/03/11 09:35:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/11 09:35:19 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/11 09:35:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/11 09:35:10 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/11 01:12:12 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\seppi\ntuser.ini
[2010/03/10 17:43:40 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/10 17:36:05 | 003,885,368 | R--- | M] () -- C:\Documents and Settings\seppi\Bureau\Calimero.exe
[2010/03/10 08:41:46 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/09 17:35:17 | 000,013,357 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\a5xv5c1om8hy9d1a30joe.jpg
[2010/03/09 12:24:05 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/03/09 12:12:54 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/03/09 12:12:33 | 000,162,640 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/03/09 12:09:08 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/03/09 12:08:41 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/03/09 12:08:38 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/03/09 12:08:30 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/03/09 12:08:15 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/03/08 19:49:28 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/03/08 19:49:28 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.svs
[2010/03/08 16:21:24 | 001,260,379 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\ebook.odt
[2010/03/08 16:20:59 | 000,000,127 | -H-- | M] () -- C:\Documents and Settings\seppi\Mes documents\.~lock.ebook.odt#
[2010/03/08 12:31:54 | 000,015,208 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\impots.odt
[2010/03/08 12:31:43 | 000,011,660 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\lettre impots residence second.odt
[2010/03/08 11:14:14 | 000,162,198 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\instruction_5f610_28012010_frais_reels_interets_emprunt_salarie_achat_titres_actions_entreprise.pdf
[2010/03/08 10:12:13 | 000,017,234 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\alureon2.odt
[2010/03/08 10:11:41 | 000,016,346 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\alureon.odt
[2010/03/08 10:08:08 | 001,376,066 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\findykill.exe
[2010/03/08 10:04:28 | 000,845,916 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\Load_tdsskiller.exe
[2010/03/08 10:01:49 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\seppi\Bureau\WinsockxpFix.exe
[2010/03/08 00:12:09 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\seppi\Bureau\OTL.exe
[2010/03/07 09:09:27 | 000,005,386 | ---- | M] () -- C:\Documents and Settings\seppi\.recently-used.xbel
[2010/03/06 16:03:54 | 000,068,112 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\cc_20100306_160348.reg
[2010/03/06 11:58:55 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\Raccourci vers My Shared Folder.lnk
[2010/03/05 07:51:58 | 000,062,745 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\glycemie fevrier 2010.pdf
[2010/03/05 07:49:00 | 000,001,798 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\GLUCOFACTS Express 1.10.00.lnk
[2010/03/04 15:23:59 | 004,607,668 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\bredelers - bombom stand.mp3
[2010/03/03 16:08:12 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\FlashGet.lnk
[2010/03/03 12:47:13 | 000,262,796 | -H-- | M] () -- C:\Documents and Settings\seppi\Local Settings\Application Data\IconCache.db
[2010/03/03 07:47:15 | 007,677,440 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Les_Bleus-Blancs-Rouges pa7.6 rené.pps
[2010/03/01 19:54:50 | 000,074,240 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\convocation servais2.doc
[2010/03/01 19:54:28 | 000,087,765 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\convocation servais2.odt
[2010/03/01 14:37:16 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\seppi\Bureau\TFC.exe
[2010/03/01 12:35:08 | 001,840,232 | ---- | M] (Trend Micro) -- C:\Documents and Settings\seppi\Mes documents\HousecallLauncher.exe
[2010/02/28 18:38:16 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\seppi\Bureau\ATF-Cleaner.exe
[2010/02/28 15:34:15 | 001,415,173 | ---- | M] (Nicolas Coolman ) -- C:\Documents and Settings\seppi\Bureau\ZHPDiag_1.25.12.exe
[2010/02/28 09:24:16 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\HijackThis.lnk
[2010/02/27 17:22:47 | 000,075,620 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Alerte Météo.odt
[2010/02/27 14:21:30 | 000,000,550 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/27 14:21:30 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/02/27 13:22:39 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\SPAHN Bernard.paf
[2010/02/27 13:10:21 | 000,001,649 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\PAF 4 Deutsch.lnk
[2010/02/27 13:10:20 | 000,001,649 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\PAF 4 Français.lnk
[2010/02/27 13:07:39 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\spahn.paf
[2010/02/27 12:54:47 | 000,000,343 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Spahn.lst
[2010/02/27 12:50:34 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\spahn2.paf
[2010/02/26 18:02:25 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\CCleaner.lnk
[2010/02/26 16:31:07 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Lettre pour papi à l'assurance.doc
[2010/02/26 16:22:21 | 000,020,767 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Lettre pour papi à l'assurance.odt
[2010/02/26 13:40:02 | 001,303,552 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\classification_of_child_s_behaviour_in_dental_clinic__pedo_.ppt
[2010/02/26 09:02:32 | 001,109,504 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Wunder der Natur.pps
[2010/02/25 21:50:50 | 000,315,392 | ---- | M] (Koyote Soft - http://www.koyotesoft.com) -- C:\WINDOWS\System32\TubeFinder.exe
[2010/02/20 14:02:43 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\eMule.lnk
[2010/02/18 13:45:34 | 000,016,597 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\lettre REDOUTE.odt
[2010/02/17 17:34:37 | 000,001,111 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\Raccourci vers DreamDayFirstHome.lnk
[2010/02/17 17:26:47 | 000,001,693 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\Azada.lnk
[2010/02/17 17:26:47 | 000,001,256 | ---- | M] () -- C:\Documents and Settings\seppi\Bureau\Jeux sur Orange.fr.lnk
[2010/02/17 14:19:58 | 002,727,923 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\021419_072758edab925b4b931e8c35efdf045b_uaaqgl.png
[2010/02/17 09:27:55 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/02/16 19:48:17 | 000,016,698 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Menu anniversaire.odt
[2010/02/11 19:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/11 17:44:08 | 000,185,550 | ---- | M] () -- C:\Documents and Settings\seppi\Mes documents\Flippi.jpg
========== Files Created - No Company Name ==========
[2010/03/10 08:53:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/09 17:35:17 | 000,013,357 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\a5xv5c1om8hy9d1a30joe.jpg
[2010/03/08 16:21:24 | 001,260,379 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\ebook.odt
[2010/03/08 16:20:59 | 000,000,127 | -H-- | C] () -- C:\Documents and Settings\seppi\Mes documents\.~lock.ebook.odt#
[2010/03/08 12:31:53 | 000,015,208 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\impots.odt
[2010/03/08 12:31:43 | 000,011,660 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\lettre impots residence second.odt
[2010/03/08 11:14:14 | 000,162,198 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\instruction_5f610_28012010_frais_reels_interets_emprunt_salarie_achat_titres_actions_entreprise.pdf
[2010/03/08 10:12:11 | 000,017,234 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\alureon2.odt
[2010/03/08 10:11:38 | 000,016,346 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\alureon.odt
[2010/03/08 10:08:08 | 001,376,066 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\findykill.exe
[2010/03/08 10:04:28 | 000,845,916 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\Load_tdsskiller.exe
[2010/03/08 05:17:18 | 003,885,368 | R--- | C] () -- C:\Documents and Settings\seppi\Bureau\Calimero.exe
[2010/03/07 09:09:27 | 000,005,386 | ---- | C] () -- C:\Documents and Settings\seppi\.recently-used.xbel
[2010/03/06 16:03:51 | 000,068,112 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\cc_20100306_160348.reg
[2010/03/06 11:58:55 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\Raccourci vers My Shared Folder.lnk
[2010/03/05 07:51:56 | 000,062,745 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\glycemie fevrier 2010.pdf
[2010/03/04 15:19:50 | 004,607,668 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\bredelers - bombom stand.mp3
[2010/03/03 16:08:11 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\FlashGet.lnk
[2010/03/03 07:47:02 | 007,677,440 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Les_Bleus-Blancs-Rouges pa7.6 rené.pps
[2010/03/01 19:58:46 | 000,087,765 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\convocation servais2.odt
[2010/03/01 19:58:23 | 000,074,240 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\convocation servais2.doc
[2010/03/01 12:50:11 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/28 09:24:16 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\HijackThis.lnk
[2010/02/27 17:22:42 | 000,075,620 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Alerte Météo.odt
[2010/02/27 16:58:43 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\devill.doc
[2010/02/27 16:58:38 | 000,155,648 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\123456.doc
[2010/02/27 16:58:28 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\INDEX MP3 1er aout 2009.xls
[2010/02/27 16:58:17 | 000,557,568 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Die Nachbarin.doc
[2010/02/27 13:10:57 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\SPAHN Bernard.paf
[2010/02/27 13:10:21 | 000,001,649 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\PAF 4 Deutsch.lnk
[2010/02/27 13:10:20 | 000,001,649 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\PAF 4 Français.lnk
[2010/02/27 12:53:44 | 000,118,784 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\spahn.paf
[2010/02/26 16:30:57 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Lettre pour papi à l'assurance.doc
[2010/02/26 16:17:35 | 000,020,767 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Lettre pour papi à l'assurance.odt
[2010/02/26 13:40:01 | 001,303,552 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\classification_of_child_s_behaviour_in_dental_clinic__pedo_.ppt
[2010/02/26 09:02:27 | 001,109,504 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Wunder der Natur.pps
[2010/02/20 14:02:43 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\eMule.lnk
[2010/02/18 13:39:07 | 000,016,597 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\lettre REDOUTE.odt
[2010/02/17 17:34:37 | 000,001,111 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\Raccourci vers DreamDayFirstHome.lnk
[2010/02/17 17:26:47 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\Azada.lnk
[2010/02/17 17:26:47 | 000,001,256 | ---- | C] () -- C:\Documents and Settings\seppi\Bureau\Jeux sur Orange.fr.lnk
[2010/02/17 14:20:09 | 002,727,923 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\021419_072758edab925b4b931e8c35efdf045b_uaaqgl.png
[2010/02/16 13:58:07 | 000,016,698 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Menu anniversaire.odt
[2010/02/11 17:44:04 | 000,185,550 | ---- | C] () -- C:\Documents and Settings\seppi\Mes documents\Flippi.jpg
[2010/02/09 19:52:07 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/01/21 08:29:48 | 003,481,968 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2010/01/15 16:43:32 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/01/14 16:41:16 | 000,000,087 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/01/14 11:10:58 | 006,479,872 | ---- | C] () -- C:\Program Files\cdbxp_setup_4.2.7.1849.msi
[2010/01/13 08:47:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/01/01 06:49:17 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\seppi\Local Settings\Application Data\housecall.guid.cache
[2009/12/30 15:01:46 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\seppi\Local Settings\Application Data\fusioncache.dat
[2009/12/29 09:51:04 | 000,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2009/12/26 11:48:17 | 000,000,083 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2009/12/26 10:07:37 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\Amsample.dll
[2009/12/26 10:07:36 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\Amoucplx.dll
[2009/12/26 10:07:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Amoures.dll
[2009/12/26 10:07:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Amhooker.dll
[2009/12/21 15:00:46 | 000,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2009/12/21 09:08:34 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2009/12/16 14:40:40 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/15 13:12:50 | 000,126,976 | ---- | C] () -- C:\Documents and Settings\seppi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/15 10:03:36 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3w.DLL
[2009/12/14 15:18:41 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2009/12/14 15:04:12 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/14 15:04:12 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/12/14 15:04:09 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/14 15:04:09 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/14 15:04:08 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/12/14 15:04:05 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/12/14 15:04:04 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/12 13:48:58 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\StarOpen.sys
[2006/05/13 12:35:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\iAACDPlugin.dll
[2005/10/05 10:06:40 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\jlvtool.dll
[2005/03/14 14:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/11/07 01:50:00 | 000,076,288 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2003/11/18 02:37:20 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
========== Custom Scans ==========
< %systemdrive%\atapi.* /s /md5 >
[2004/08/03 22:59:44 | 000,049,558 | ---- | M] () MD5=28541D14647BB58502D09D1CEAEE6684 -- C:\cmdcons\ATAPI.SY_
[2010/03/08 19:49:28 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2010/03/08 19:49:28 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2010/03/08 19:49:28 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.svs
[2010/03/08 19:49:28 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
========== Alternate Data Streams ==========
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:861A898F
< End of report >
- calimero67
- Apprenti(e)
- Messages: 35
- Inscription: 02 Jan 2010 17:57
Re: Win 32 alureon le retour
le 12 Mar 2010 12:35
OK fait ceci qui doit cette fois de débarrasser de cet intrus.
Ouvre le Menu Démarrer > Exécuter (Touche Windows+ R : en raccourci)
Dans la boîte de dialogue, copie/colle tout ce qui est en citation ci-dessous :
Puis valide
2/ Ouvre CFScript.txt (sur ton Bureau) . > copie dedans cette nouvelle citation :
Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture:
Une fenêtre bleue va apparaître et ComboFix vas de nouveau faire une analyse.
Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Ouvre le Menu Démarrer > Exécuter (Touche Windows+ R : en raccourci)
Dans la boîte de dialogue, copie/colle tout ce qui est en citation ci-dessous :
fsutil file createnew "%userprofile%\bureau\CFScript.txt" 0
Puis valide
2/ Ouvre CFScript.txt (sur ton Bureau) . > copie dedans cette nouvelle citation :
File::
C:\cmdcons\ATAPI.SY_
Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture:
Une fenêtre bleue va apparaître et ComboFix vas de nouveau faire une analyse.
Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
-
bernard53 - PC-Infopraticien
- Messages: 12778
- Inscription: 08 Déc 2009 19:51
Re: Win 32 alureon le retour
le 12 Mar 2010 18:11
ComboFix 10-03-11.06 - seppi 12/03/2010 17:59:35.4.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.711 [GMT 1:00]
Lancé depuis: c:\documents and settings\seppi\Bureau\Calimero.exe
Commutateurs utilisés :: c:\documents and settings\seppi\Bureau\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\cmdcons\ATAPI.SY_"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\cmdcons\ATAPI.SY_
c:\windows\system32\Ijl11.dll
c:\windows\system32\zip32.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-12 au 2010-03-12 ))))))))))))))))))))))))))))))))))))
.
2010-03-11 14:22 . 2010-03-11 14:43 -------- d-----w- c:\program files\Aacd v3
2010-03-06 16:20 . 2010-03-06 16:24 -------- d-----w- c:\documents and settings\seppi\Application Data\FreeFLVConverter
2010-03-05 14:43 . 2010-03-05 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-03-05 06:49 . 2010-03-05 06:49 -------- d-----w- c:\documents and settings\seppi\GLUCOFACTS Express
2010-03-05 06:49 . 2010-03-05 06:49 -------- d-----w- c:\documents and settings\seppi\Dancer
2010-03-04 10:15 . 2010-03-07 10:18 -------- d-----w- c:\documents and settings\seppi\Local Settings\Application Data\WMTools Downloaded Files
2010-03-01 21:50 . 2010-03-01 22:07 -------- d-----w- C:\ToolBar SD
2010-03-01 21:22 . 2010-03-01 21:25 -------- d-----w- C:\rsit
2010-02-28 08:24 . 2010-02-28 08:24 -------- d-----w- c:\program files\Trend Micro
2010-02-27 18:14 . 2010-02-27 18:14 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2010-02-27 13:29 . 2010-02-27 13:29 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-27 07:31 . 2010-02-27 07:45 -------- d-----w- c:\program files\réparation fichier rar
2010-02-21 08:04 . 2006-11-29 03:11 667648 ----a-w- c:\windows\InZU31.exe
2010-02-21 08:04 . 2005-06-29 00:38 15172 ----a-w- c:\windows\system32\drivers\PzWDM.sys
2010-02-21 08:04 . 2010-02-21 08:04 -------- d-----w- c:\program files\ONES Trial (F)
2010-02-21 08:04 . 2010-02-21 08:04 -------- d-----w- c:\program files\ones
2010-02-17 16:34 . 2010-02-17 16:34 -------- d-----w- c:\documents and settings\seppi\Saved Games
2010-02-17 16:32 . 2010-02-17 16:32 -------- d-----w- c:\documents and settings\seppi\Local Settings\Application Data\Oberon Games
2010-02-17 16:28 . 2010-02-17 16:28 -------- d-----w- c:\documents and settings\seppi\Application Data\Big Fish Games
2010-02-17 16:27 . 2010-02-17 16:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-17 16:26 . 2010-02-17 16:26 -------- d-----w- c:\program files\Fichiers communs\Oberon Media
2010-02-17 16:26 . 2010-02-17 16:26 -------- d-----w- c:\program files\orange
2010-02-17 16:22 . 2010-02-17 16:26 -------- d-----w- c:\program files\jeux
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-12 16:55 . 2009-12-15 08:12 -------- d-----w- c:\documents and settings\seppi\Application Data\Azureus
2010-03-12 12:27 . 2009-12-14 14:01 -------- d-----w- c:\program files\FlashGet
2010-03-11 17:50 . 2009-12-31 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-11 14:29 . 2009-12-15 12:36 1 ----a-w- c:\documents and settings\seppi\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-09 11:24 . 2009-12-13 19:25 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2009-12-13 19:26 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2009-12-13 19:26 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2009-12-13 19:26 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2009-12-13 19:26 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2009-12-13 19:26 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2009-12-13 19:26 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2009-12-13 19:26 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-08 18:49 . 2010-01-02 17:22 96512 ----a-w- c:\windows\system32\drivers\atapi.svs
2010-03-08 18:49 . 2010-01-02 17:22 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-03-08 16:43 . 2010-02-01 16:14 -------- d-----w- c:\documents and settings\seppi\Application Data\FrostWire
2010-03-08 16:37 . 2009-12-26 12:41 -------- d-----w- c:\program files\eMule
2010-03-08 15:52 . 2010-01-20 14:38 -------- d-----w- c:\documents and settings\seppi\Application Data\vlc
2010-03-07 08:09 . 2009-12-29 10:11 -------- d-----w- c:\documents and settings\seppi\Application Data\gtk-2.0
2010-03-06 16:20 . 2010-02-05 07:14 -------- d-----w- c:\program files\Free FLV Converter
2010-03-05 06:47 . 2010-01-12 16:05 -------- d-----w- c:\program files\Bayer® HealthCare
2010-03-04 08:10 . 2009-12-20 16:02 -------- d-----w- c:\documents and settings\seppi\Application Data\dvdcss
2010-02-27 12:10 . 2010-02-09 07:36 -------- d-----w- c:\program files\FamilySearch
2010-02-27 12:10 . 2009-12-21 08:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-26 17:02 . 2009-12-14 14:05 -------- d-----w- c:\program files\CCleaner
2010-02-25 20:50 . 2010-02-05 07:15 315392 ----a-w- c:\windows\system32\TubeFinder.exe
2010-02-20 15:19 . 2009-12-26 10:45 -------- d-----w- c:\program files\Easy CD-DA Extractor 8
2010-02-17 16:26 . 2009-12-15 12:33 -------- d-----w- c:\program files\JRE
2010-02-11 18:53 . 2009-12-13 19:26 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-05 07:15 . 2010-02-05 07:15 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2010-02-05 07:15 . 2010-02-05 07:15 -------- d-----w- c:\program files\Application Updater
2010-02-03 07:49 . 2010-02-01 16:34 4506256 ----a-w- c:\documents and settings\seppi\Application Data\FrostWire\.NetworkShare\LimeWireWin4.16.6.exe
2010-02-03 07:34 . 2009-12-13 19:25 -------- d-----w- c:\program files\Alwil Software
2010-02-03 07:32 . 2010-02-03 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-01 16:16 . 2010-02-01 16:13 -------- d-----w- c:\program files\FrostWire
2010-01-21 07:29 . 2010-01-21 07:29 3481968 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2010-01-21 07:29 . 2010-01-21 07:29 -------- d-----w- c:\program files\FLV Player
2010-01-20 16:19 . 2010-01-20 16:19 -------- d-----w- c:\documents and settings\seppi\Application Data\Apple Computer
2010-01-20 16:17 . 2009-12-15 08:12 127600 ----a-w- c:\documents and settings\seppi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-20 15:11 . 2010-01-20 15:09 -------- d-----w- c:\program files\QuickTime
2010-01-20 15:09 . 2010-01-20 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-20 15:08 . 2010-01-20 15:08 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-01-20 15:07 . 2010-01-20 15:07 -------- d-----w- c:\program files\Apple Software Update
2010-01-20 15:07 . 2010-01-20 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-20 14:17 . 2010-01-20 14:13 -------- d-----w- c:\documents and settings\seppi\Application Data\Python-Eggs
2010-01-19 14:37 . 2010-01-19 10:55 -------- d-----w- c:\program files\Amazon
2010-01-19 08:02 . 2010-01-19 08:02 -------- d-----w- c:\program files\Ares
2010-01-15 16:49 . 2010-01-15 08:07 -------- d-----w- c:\program files\VirtualDubMOD
2010-01-15 15:43 . 2010-01-15 15:43 -------- d-----w- c:\program files\AviSynth 2.5
2010-01-15 13:39 . 2009-12-14 14:50 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-01-15 09:24 . 2010-01-15 09:24 -------- d-----w- c:\program files\ESET
2010-01-15 08:07 . 2010-01-15 08:07 -------- d-----w- c:\program files\eRightSoft
2010-01-14 16:53 . 2010-01-14 16:53 -------- d-----w- c:\documents and settings\seppi\Application Data\Canneverbe_Limited
2010-01-14 10:11 . 2010-01-14 10:11 -------- d-----w- c:\program files\CDBurnerXP
2010-01-14 10:11 . 2010-01-14 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-01-14 10:11 . 2010-01-14 10:10 6479872 ----a-w- c:\program files\cdbxp_setup_4.2.7.1849.msi
2010-01-13 17:10 . 2009-12-16 11:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 17:10 . 2010-01-07 10:15 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 15:07 . 2009-12-16 11:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-12-16 11:40 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 15:31 . 2008-04-14 12:00 544876 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-04 15:31 . 2008-04-14 12:00 100734 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 14:01 . 2009-12-30 14:01 128 ----a-w- c:\documents and settings\seppi\Local Settings\Application Data\fusioncache.dat
2009-12-21 19:07 . 2008-04-14 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 20:03 . 2010-01-08 10:53 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2009-12-17 19:56 . 2010-01-08 10:53 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-17 07:41 . 2009-12-12 16:48 347648 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 09:07 . 2009-12-16 09:07 177024 ----a-w- c:\documents and settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\FlashGot.exe
2009-12-15 16:45 . 2009-12-15 16:45 152576 ----a-w- c:\documents and settings\seppi\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-15 16:45 . 2009-12-15 16:45 79488 ----a-w- c:\documents and settings\seppi\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-15 12:12 . 2009-12-15 12:12 10686001 ----a-w- c:\documents and settings\seppi\Application Data\Azureus\plugins\azump\mplayer.exe
2009-12-14 07:09 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-13 19:19 . 2009-12-13 19:19 0 ----a-w- c:\windows\nsreg.dat
2009-12-13 17:01 . 2009-12-12 16:52 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2006-05-03 10:06 . 2010-01-15 08:08 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-01-15 08:08 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-01-15 08:08 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2010-01-09 955392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-09-25 2007088]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Event Reminder.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pense-bête.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Pense-bête.lnk
backup=c:\windows\pss\Pense-bête.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2010-01-09 21:01 955392 ----a-w- c:\program files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-07-04 13:01 148776 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
2007-09-25 08:10 2007088 ----a-w- c:\program files\FlashGet\flashget.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 11:49 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-07-04 13:20 161064 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2002-10-16 10:24 47104 ----a-r- c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [21/02/2010 09:04 15172]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13/12/2009 20:26 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/12/2009 20:26 19024]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17/12/2009 21:00 1044808]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064]
S2 quszqgmn;VIA Rhine Family Fast Ethernet Adapter Monitor;c:\windows\System32\svchost.exe -k netsvcs [14/04/2008 13:00 14336]
S3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [26/12/2009 10:07 9856]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [16/12/2009 17:38 375296]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
quszqgmn
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
2010-03-12 c:\windows\Tasks\Recherche de problèmes automatique.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-17 20:07]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
FF - ProfilePath - c:\documents and settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\
FF - component: c:\documents and settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - plugin: c:\documents and settings\seppi\Local Settings\Application Data\Yahoo!\BrowserPlus\2.5.1\Plugins\npybrowserplus_2.5.1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-12 18:05
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2010-03-12 18:08:12
ComboFix-quarantined-files.txt 2010-03-12 17:08
ComboFix2.txt 2010-03-10 16:45
Avant-CF: 34 446 331 904 octets libres
Après-CF: 34 461 122 560 octets libres
Current=1 Default=1 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - E43F05C802B706B022A9613F0C34BF3B
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.711 [GMT 1:00]
Lancé depuis: c:\documents and settings\seppi\Bureau\Calimero.exe
Commutateurs utilisés :: c:\documents and settings\seppi\Bureau\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\cmdcons\ATAPI.SY_"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\cmdcons\ATAPI.SY_
c:\windows\system32\Ijl11.dll
c:\windows\system32\zip32.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-12 au 2010-03-12 ))))))))))))))))))))))))))))))))))))
.
2010-03-11 14:22 . 2010-03-11 14:43 -------- d-----w- c:\program files\Aacd v3
2010-03-06 16:20 . 2010-03-06 16:24 -------- d-----w- c:\documents and settings\seppi\Application Data\FreeFLVConverter
2010-03-05 14:43 . 2010-03-05 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-03-05 06:49 . 2010-03-05 06:49 -------- d-----w- c:\documents and settings\seppi\GLUCOFACTS Express
2010-03-05 06:49 . 2010-03-05 06:49 -------- d-----w- c:\documents and settings\seppi\Dancer
2010-03-04 10:15 . 2010-03-07 10:18 -------- d-----w- c:\documents and settings\seppi\Local Settings\Application Data\WMTools Downloaded Files
2010-03-01 21:50 . 2010-03-01 22:07 -------- d-----w- C:\ToolBar SD
2010-03-01 21:22 . 2010-03-01 21:25 -------- d-----w- C:\rsit
2010-02-28 08:24 . 2010-02-28 08:24 -------- d-----w- c:\program files\Trend Micro
2010-02-27 18:14 . 2010-02-27 18:14 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2010-02-27 13:29 . 2010-02-27 13:29 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-27 07:31 . 2010-02-27 07:45 -------- d-----w- c:\program files\réparation fichier rar
2010-02-21 08:04 . 2006-11-29 03:11 667648 ----a-w- c:\windows\InZU31.exe
2010-02-21 08:04 . 2005-06-29 00:38 15172 ----a-w- c:\windows\system32\drivers\PzWDM.sys
2010-02-21 08:04 . 2010-02-21 08:04 -------- d-----w- c:\program files\ONES Trial (F)
2010-02-21 08:04 . 2010-02-21 08:04 -------- d-----w- c:\program files\ones
2010-02-17 16:34 . 2010-02-17 16:34 -------- d-----w- c:\documents and settings\seppi\Saved Games
2010-02-17 16:32 . 2010-02-17 16:32 -------- d-----w- c:\documents and settings\seppi\Local Settings\Application Data\Oberon Games
2010-02-17 16:28 . 2010-02-17 16:28 -------- d-----w- c:\documents and settings\seppi\Application Data\Big Fish Games
2010-02-17 16:27 . 2010-02-17 16:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-17 16:26 . 2010-02-17 16:26 -------- d-----w- c:\program files\Fichiers communs\Oberon Media
2010-02-17 16:26 . 2010-02-17 16:26 -------- d-----w- c:\program files\orange
2010-02-17 16:22 . 2010-02-17 16:26 -------- d-----w- c:\program files\jeux
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-12 16:55 . 2009-12-15 08:12 -------- d-----w- c:\documents and settings\seppi\Application Data\Azureus
2010-03-12 12:27 . 2009-12-14 14:01 -------- d-----w- c:\program files\FlashGet
2010-03-11 17:50 . 2009-12-31 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-11 14:29 . 2009-12-15 12:36 1 ----a-w- c:\documents and settings\seppi\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-09 11:24 . 2009-12-13 19:25 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2009-12-13 19:26 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2009-12-13 19:26 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2009-12-13 19:26 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2009-12-13 19:26 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2009-12-13 19:26 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2009-12-13 19:26 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2009-12-13 19:26 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-08 18:49 . 2010-01-02 17:22 96512 ----a-w- c:\windows\system32\drivers\atapi.svs
2010-03-08 18:49 . 2010-01-02 17:22 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-03-08 16:43 . 2010-02-01 16:14 -------- d-----w- c:\documents and settings\seppi\Application Data\FrostWire
2010-03-08 16:37 . 2009-12-26 12:41 -------- d-----w- c:\program files\eMule
2010-03-08 15:52 . 2010-01-20 14:38 -------- d-----w- c:\documents and settings\seppi\Application Data\vlc
2010-03-07 08:09 . 2009-12-29 10:11 -------- d-----w- c:\documents and settings\seppi\Application Data\gtk-2.0
2010-03-06 16:20 . 2010-02-05 07:14 -------- d-----w- c:\program files\Free FLV Converter
2010-03-05 06:47 . 2010-01-12 16:05 -------- d-----w- c:\program files\Bayer® HealthCare
2010-03-04 08:10 . 2009-12-20 16:02 -------- d-----w- c:\documents and settings\seppi\Application Data\dvdcss
2010-02-27 12:10 . 2010-02-09 07:36 -------- d-----w- c:\program files\FamilySearch
2010-02-27 12:10 . 2009-12-21 08:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-26 17:02 . 2009-12-14 14:05 -------- d-----w- c:\program files\CCleaner
2010-02-25 20:50 . 2010-02-05 07:15 315392 ----a-w- c:\windows\system32\TubeFinder.exe
2010-02-20 15:19 . 2009-12-26 10:45 -------- d-----w- c:\program files\Easy CD-DA Extractor 8
2010-02-17 16:26 . 2009-12-15 12:33 -------- d-----w- c:\program files\JRE
2010-02-11 18:53 . 2009-12-13 19:26 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-05 07:15 . 2010-02-05 07:15 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2010-02-05 07:15 . 2010-02-05 07:15 -------- d-----w- c:\program files\Application Updater
2010-02-03 07:49 . 2010-02-01 16:34 4506256 ----a-w- c:\documents and settings\seppi\Application Data\FrostWire\.NetworkShare\LimeWireWin4.16.6.exe
2010-02-03 07:34 . 2009-12-13 19:25 -------- d-----w- c:\program files\Alwil Software
2010-02-03 07:32 . 2010-02-03 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-01 16:16 . 2010-02-01 16:13 -------- d-----w- c:\program files\FrostWire
2010-01-21 07:29 . 2010-01-21 07:29 3481968 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2010-01-21 07:29 . 2010-01-21 07:29 -------- d-----w- c:\program files\FLV Player
2010-01-20 16:19 . 2010-01-20 16:19 -------- d-----w- c:\documents and settings\seppi\Application Data\Apple Computer
2010-01-20 16:17 . 2009-12-15 08:12 127600 ----a-w- c:\documents and settings\seppi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-20 15:11 . 2010-01-20 15:09 -------- d-----w- c:\program files\QuickTime
2010-01-20 15:09 . 2010-01-20 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-20 15:08 . 2010-01-20 15:08 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-01-20 15:07 . 2010-01-20 15:07 -------- d-----w- c:\program files\Apple Software Update
2010-01-20 15:07 . 2010-01-20 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-20 14:17 . 2010-01-20 14:13 -------- d-----w- c:\documents and settings\seppi\Application Data\Python-Eggs
2010-01-19 14:37 . 2010-01-19 10:55 -------- d-----w- c:\program files\Amazon
2010-01-19 08:02 . 2010-01-19 08:02 -------- d-----w- c:\program files\Ares
2010-01-15 16:49 . 2010-01-15 08:07 -------- d-----w- c:\program files\VirtualDubMOD
2010-01-15 15:43 . 2010-01-15 15:43 -------- d-----w- c:\program files\AviSynth 2.5
2010-01-15 13:39 . 2009-12-14 14:50 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-01-15 09:24 . 2010-01-15 09:24 -------- d-----w- c:\program files\ESET
2010-01-15 08:07 . 2010-01-15 08:07 -------- d-----w- c:\program files\eRightSoft
2010-01-14 16:53 . 2010-01-14 16:53 -------- d-----w- c:\documents and settings\seppi\Application Data\Canneverbe_Limited
2010-01-14 10:11 . 2010-01-14 10:11 -------- d-----w- c:\program files\CDBurnerXP
2010-01-14 10:11 . 2010-01-14 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-01-14 10:11 . 2010-01-14 10:10 6479872 ----a-w- c:\program files\cdbxp_setup_4.2.7.1849.msi
2010-01-13 17:10 . 2009-12-16 11:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 17:10 . 2010-01-07 10:15 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 15:07 . 2009-12-16 11:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-12-16 11:40 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 15:31 . 2008-04-14 12:00 544876 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-04 15:31 . 2008-04-14 12:00 100734 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 14:01 . 2009-12-30 14:01 128 ----a-w- c:\documents and settings\seppi\Local Settings\Application Data\fusioncache.dat
2009-12-21 19:07 . 2008-04-14 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 20:03 . 2010-01-08 10:53 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2009-12-17 19:56 . 2010-01-08 10:53 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-17 07:41 . 2009-12-12 16:48 347648 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 09:07 . 2009-12-16 09:07 177024 ----a-w- c:\documents and settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\FlashGot.exe
2009-12-15 16:45 . 2009-12-15 16:45 152576 ----a-w- c:\documents and settings\seppi\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-15 16:45 . 2009-12-15 16:45 79488 ----a-w- c:\documents and settings\seppi\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-15 12:12 . 2009-12-15 12:12 10686001 ----a-w- c:\documents and settings\seppi\Application Data\Azureus\plugins\azump\mplayer.exe
2009-12-14 07:09 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-13 19:19 . 2009-12-13 19:19 0 ----a-w- c:\windows\nsreg.dat
2009-12-13 17:01 . 2009-12-12 16:52 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2006-05-03 10:06 . 2010-01-15 08:08 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-01-15 08:08 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-01-15 08:08 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2010-01-09 955392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-09-25 2007088]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Event Reminder.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pense-bête.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Pense-bête.lnk
backup=c:\windows\pss\Pense-bête.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2010-01-09 21:01 955392 ----a-w- c:\program files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-07-04 13:01 148776 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
2007-09-25 08:10 2007088 ----a-w- c:\program files\FlashGet\flashget.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 11:49 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-07-04 13:20 161064 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2002-10-16 10:24 47104 ----a-r- c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [21/02/2010 09:04 15172]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13/12/2009 20:26 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/12/2009 20:26 19024]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17/12/2009 21:00 1044808]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064]
S2 quszqgmn;VIA Rhine Family Fast Ethernet Adapter Monitor;c:\windows\System32\svchost.exe -k netsvcs [14/04/2008 13:00 14336]
S3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [26/12/2009 10:07 9856]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [16/12/2009 17:38 375296]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
quszqgmn
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
2010-03-12 c:\windows\Tasks\Recherche de problèmes automatique.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-17 20:07]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
FF - ProfilePath - c:\documents and settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\
FF - component: c:\documents and settings\seppi\Application Data\Mozilla\Firefox\Profiles\czoitbzp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - plugin: c:\documents and settings\seppi\Local Settings\Application Data\Yahoo!\BrowserPlus\2.5.1\Plugins\npybrowserplus_2.5.1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-12 18:05
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2010-03-12 18:08:12
ComboFix-quarantined-files.txt 2010-03-12 17:08
ComboFix2.txt 2010-03-10 16:45
Avant-CF: 34 446 331 904 octets libres
Après-CF: 34 461 122 560 octets libres
Current=1 Default=1 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - E43F05C802B706B022A9613F0C34BF3B
- calimero67
- Apprenti(e)
- Messages: 35
- Inscription: 02 Jan 2010 17:57
Re: Win 32 alureon le retour
le 12 Mar 2010 19:08
Bonsoir,
Non plus d'alerte depuis 32 heures.
Je vide le dossier quarantaine de AVAST ?
Tout ces programmes combofix OTL je les supprime ?
A+
Non plus d'alerte depuis 32 heures.
Je vide le dossier quarantaine de AVAST ?
Tout ces programmes combofix OTL je les supprime ?
A+
- calimero67
- Apprenti(e)
- Messages: 35
- Inscription: 02 Jan 2010 17:57
Re: Win 32 alureon le retour
le 12 Mar 2010 20:03
OK vide la quarantaine AVAST.
Puis::
Fait ceci pour supprimer les logiciels qui ont servis à cette désinfection.
Puis::
Maintenant on va mettre la restauration du système propre.
Pour cela:
1- Valides les touches Windows et Pause en même temps.
Sur cette fenêtre coche cette case :
Valide cela par l’onglet APPLIQUER et acceptes la demande sur la fenêtre que vas s’afficher.
Après quelques instants décoche cette même case et valides cela par l’onglet APPLIQUER .
Il te faut donc maintenant recrée un nouveau point de restauration.
2-Démarrer >exécuter et tapes.
Restore/rstrui.exe
Valides dans la fenêtre qui apparait : Créer un point de restauration
Puis Suivant et donne un nom au nouveau point de restauration : Valide :
L'écran suivant doit vous prévenir que le point de restauration a été créé avec succès.
Cliquez sur "Fermer" dans la prochaine fenêtre pour sortir de l'utilitaire.
Bon Weekend
Puis::
Fait ceci pour supprimer les logiciels qui ont servis à cette désinfection.
>> Télécharge ToolsCleaner (de A.Rothstein & dj QUIOU) http://pc-system.fr/TC/ToolsCleaner2.exe
>> Double-clique dessus pour lancer le programme
>> Clique sur Recherche et laisse le scan se terminer (il peut durer une dizaine de minutes au maximum).
>> Une fois la recherche lancée, ne clique pas dans la fenêtre, cela provoquerait un léger bug du programme.
>> Si toutes fois la mention (ne réponds pas) apparaissait dans le titre de la fenêtre ToolsCleaner, ne t'en occupes pas et laisse quand même le programme terminer son travail
** Clique sur Suppression pour finaliser.
• Tu peux, si tu le souhaites, te servir des Options facultatives.
**Poste-moi le rapport qui apparait
Puis::
Maintenant on va mettre la restauration du système propre.
Pour cela:
1- Valides les touches Windows et Pause en même temps.
Sur cette fenêtre coche cette case :
Valide cela par l’onglet APPLIQUER et acceptes la demande sur la fenêtre que vas s’afficher.
Après quelques instants décoche cette même case et valides cela par l’onglet APPLIQUER .
Il te faut donc maintenant recrée un nouveau point de restauration.
2-Démarrer >exécuter et tapes.
Restore/rstrui.exe
Valides dans la fenêtre qui apparait : Créer un point de restauration
Puis Suivant et donne un nom au nouveau point de restauration : Valide :
L'écran suivant doit vous prévenir que le point de restauration a été créé avec succès.
Cliquez sur "Fermer" dans la prochaine fenêtre pour sortir de l'utilitaire.
Bon Weekend
-
bernard53 - PC-Infopraticien
- Messages: 12778
- Inscription: 08 Déc 2009 19:51
Re: Win 32 alureon le retour
le 13 Mar 2010 17:38
Salut
A priori ca marche
Je pars quelques jours en formation urgences je me manifesterai à mon retour
Ciao
Merci
A+
A priori ca marche
Je pars quelques jours en formation urgences je me manifesterai à mon retour
Ciao
Merci
A+
- calimero67
- Apprenti(e)
- Messages: 35
- Inscription: 02 Jan 2010 17:57
19 messages
• Page 1 sur 2 • - 1, 2
Sujets similaires
Les Logiciels Utiles - GNU/Linux - Petit Retour 2019Je me permets de reprendre ce magnifique sujet de w0lverineJe vais rajouter quelques liens qui peuvent être utiles...Le Monde du Libre est à vos pieds...Encore un tout petit pas Les Logiciels Utiles - GNU/Linux - Petit Retour...Message le 14 octobre 2019Pour les systèmes GNU/LinuxCle MultiBootUsb ...
Réponses: 4
Fichier ".ssoi" ... le retour.Voilà les fichiers après analyse:Shortcut.txtFRST.txtAddition.txt
Réponses: 18
Retour du malware "Emotet"Bonsoir,Pour informationVoici la notification que j'ai reçu aujourd'hui de mon antivirus, cela peut être utile.P.S. Nom de mon antivirus supprimé. Bonne nuit.
Réponses: 4
Retour ancienne version facebookJe recherche de l'aide pour revenir à l'ancienne version de facebook, car la nouvelle ne fonctionne pas bien du tout, impossible d'ouvrir de nouvelles pages sur des onglets, pouvez-vous m'indiquer la marche à suivre, sachant que j'ai déjà utilisé old version for facebook et loyout une extension mai ...
Réponses: 0
Retour à l'état d'usine: problème "error"Bonjour,Mon pc étant relativement lent (windows 7 edition familliale premium 64bits, asus x5die de 2008) j'ai voulue le remettre aux paramètres d'usine via la touche f9 au démarrage de windows. En option j'ai choisis de ne refaire que la partition système C.Voici la procédure que j'ai suivi (pour un ...
Réponses: 15
Retour bureau intempestifBonjour / Bonsoir,Cela fait un certain temps que je rencontre de temps en temps des retours bureaux intempestifs en cliquant en jeu, que celui-ci soit fenêtre ou en plein écran.Mais depuis quelques temps, je trouve cela impossible à supporter, et j'ai essayé de régler le problème par moi-même. Mettr ...
Réponses: 2
Qui est en ligne
Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 16 invités
|
.: Nous contacter :: Flux RSS :: Données personnelles :. |