cheval de Troie TR/StartPage.zkt [Résolu]

revefmr · le 25 Mai 2010 14:41

Bonjour à tous,

Depuis hier, quand j'allume mon pc, il me vient un méssage d'erreur, me disant qu'il me manque le fichier :

C:\DOCUME~1\GIOANNI\LOCALS~1\Temp\HouseCall\tsc.exe

je fait ok et il fini de s'allumer (les icones s'affichent)

Aprés quelques secondes, le pc s'éteint et se rallume, et je n'ai plus de coupure.

J'ai donc fait une recherche de virus avec Avira Antivir et il me trouve un cheval de troie TR\StartPage.zkt

Je vous colle son rapport :

Code: Tout sélectionner: Avira AntiVir Personal Date de création du fichier de rapport : mardi 25 mai 2010 14:39 La recherche porte sur 2151742 souches de virus. Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus Numéro de série : 0000149996-ADJIE-0000001 Plateforme : Windows XP Version de Windows : (Service Pack 3) [5.1.2600] Mode Boot : Démarré normalement Identifiant : SYSTEM Nom de l'ordinateur : CAMILLE Informations de version : BUILD.DAT : 9.0.0.75 21698 Bytes 22/01/2010 23:14:00 AVSCAN.EXE : 9.0.3.10 466689 Bytes 25/05/2010 12:36:59 AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11 LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 12:36:58 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 12:36:58 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 12:36:58 VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 12:36:58 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 12:36:58 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 12:36:58 VBASE006.VDF : 7.10.6.83 2048 Bytes 15/04/2010 12:36:58 VBASE007.VDF : 7.10.6.84 2048 Bytes 15/04/2010 12:36:58 VBASE008.VDF : 7.10.6.85 2048 Bytes 15/04/2010 12:36:58 VBASE009.VDF : 7.10.6.86 2048 Bytes 15/04/2010 12:36:58 VBASE010.VDF : 7.10.6.87 2048 Bytes 15/04/2010 12:36:58 VBASE011.VDF : 7.10.6.88 2048 Bytes 15/04/2010 12:36:58 VBASE012.VDF : 7.10.6.89 2048 Bytes 15/04/2010 12:36:58 VBASE013.VDF : 7.10.6.90 2048 Bytes 15/04/2010 12:36:58 VBASE014.VDF : 7.10.6.123 126464 Bytes 19/04/2010 12:36:58 VBASE015.VDF : 7.10.6.152 123392 Bytes 21/04/2010 12:36:58 VBASE016.VDF : 7.10.6.178 122880 Bytes 22/04/2010 12:36:58 VBASE017.VDF : 7.10.6.206 120320 Bytes 26/04/2010 12:36:58 VBASE018.VDF : 7.10.6.232 99328 Bytes 28/04/2010 12:36:58 VBASE019.VDF : 7.10.7.2 155648 Bytes 30/04/2010 12:36:58 VBASE020.VDF : 7.10.7.26 119808 Bytes 04/05/2010 12:36:58 VBASE021.VDF : 7.10.7.51 118272 Bytes 06/05/2010 12:36:58 VBASE022.VDF : 7.10.7.75 404992 Bytes 10/05/2010 12:36:58 VBASE023.VDF : 7.10.7.100 125440 Bytes 13/05/2010 12:36:58 VBASE024.VDF : 7.10.7.119 177664 Bytes 17/05/2010 12:36:58 VBASE025.VDF : 7.10.7.139 129024 Bytes 19/05/2010 12:36:58 VBASE026.VDF : 7.10.7.157 145920 Bytes 21/05/2010 12:36:58 VBASE027.VDF : 7.10.7.158 2048 Bytes 21/05/2010 12:36:58 VBASE028.VDF : 7.10.7.159 2048 Bytes 21/05/2010 12:36:58 VBASE029.VDF : 7.10.7.160 2048 Bytes 21/05/2010 12:36:58 VBASE030.VDF : 7.10.7.161 2048 Bytes 21/05/2010 12:36:58 VBASE031.VDF : 7.10.7.166 64000 Bytes 25/05/2010 12:36:58 Version du moteur : 8.2.1.242 AEVDF.DLL : 8.1.2.0 106868 Bytes 25/05/2010 12:36:59 AESCRIPT.DLL : 8.1.3.29 1343866 Bytes 25/05/2010 12:36:59 AESCN.DLL : 8.1.6.1 127347 Bytes 25/05/2010 12:36:59 AESBX.DLL : 8.1.3.1 254324 Bytes 25/05/2010 12:36:59 AERDL.DLL : 8.1.4.6 541043 Bytes 25/05/2010 12:36:59 AEPACK.DLL : 8.2.1.1 426358 Bytes 25/05/2010 12:36:59 AEOFFICE.DLL : 8.1.1.0 201081 Bytes 25/05/2010 12:36:59 AEHEUR.DLL : 8.1.1.27 2670967 Bytes 25/05/2010 12:36:59 AEHELP.DLL : 8.1.11.3 242039 Bytes 25/05/2010 12:36:59 AEGEN.DLL : 8.1.3.9 377203 Bytes 25/05/2010 12:36:59 AEEMU.DLL : 8.1.2.0 393588 Bytes 25/05/2010 12:36:59 AECORE.DLL : 8.1.15.3 192886 Bytes 25/05/2010 12:36:58 AEBB.DLL : 8.1.1.0 53618 Bytes 25/05/2010 12:36:58 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30 AVPREF.DLL : 9.0.3.0 44289 Bytes 25/05/2010 12:36:59 AVREP.DLL : 8.0.0.7 159784 Bytes 25/05/2010 12:36:59 AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57 NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 25/05/2010 12:36:56 RCTEXT.DLL : 9.0.73.0 88321 Bytes 25/05/2010 12:36:56 Configuration pour la recherche actuelle : Nom de la tâche...............................: Contrôle intégral du système Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp Documentation.................................: bas Action principale.............................: interactif Action secondaire.............................: ignorer Recherche sur les secteurs d'amorçage maître..: marche Recherche sur les secteurs d'amorçage.........: marche Secteurs d'amorçage...........................: C:, Recherche dans les programmes actifs..........: marche Recherche en cours sur l'enregistrement.......: marche Recherche de Rootkits.........................: marche Contrôle d'intégrité de fichiers système......: arrêt Fichier mode de recherche.....................: Tous les fichiers Recherche sur les archives....................: marche Limiter la profondeur de récursivité..........: 20 Archive Smart Extensions......................: marche Heuristique de macrovirus.....................: marche Heuristique fichier...........................: moyen Début de la recherche : mardi 25 mai 2010 14:39 La recherche d'objets cachés commence. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jztkg\type [INFO] L'entrée d'enregistrement n'est pas visible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jztkg\start [INFO] L'entrée d'enregistrement n'est pas visible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jztkg\errorcontrol [INFO] L'entrée d'enregistrement n'est pas visible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jztkg\group [INFO] L'entrée d'enregistrement n'est pas visible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jztkg\fe3f1g1fb8 [INFO] L'entrée d'enregistrement n'est pas visible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jztkg\ct7gem0n8 [INFO] L'entrée d'enregistrement n'est pas visible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jztkg\i1ll6b0w1 [INFO] L'entrée d'enregistrement n'est pas visible. '83948' objets ont été contrôlés, '7' objets cachés ont été trouvés. La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'wlcomm.exe' - '1' module(s) sont contrôlés Processus de recherche 'iPodService.exe' - '1' module(s) sont contrôlés Processus de recherche 'CreativeLicensing.exe' - '1' module(s) sont contrôlés Processus de recherche 'wmpnetwk.exe' - '1' module(s) sont contrôlés Processus de recherche 'DLG.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'wmpnscfg.exe' - '1' module(s) sont contrôlés Processus de recherche 'TeaTimer.exe' - '1' module(s) sont contrôlés Processus de recherche 'TomTomHOMERunner.exe' - '1' module(s) sont contrôlés Processus de recherche 'GoogleToolbarNotifier.exe' - '1' module(s) sont contrôlés Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés Processus de recherche 'CTDetect.exe' - '1' module(s) sont contrôlés Processus de recherche 'eorezo.exe' - '1' module(s) sont contrôlés Module infecté -> 'C:\Program Files\EoRezo\eorezo.exe' Processus de recherche 'realsched.exe' - '1' module(s) sont contrôlés Processus de recherche 'iTunesHelper.exe' - '1' module(s) sont contrôlés Processus de recherche 'QTTask.exe' - '1' module(s) sont contrôlés Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés Processus de recherche 'ehmsas.exe' - '1' module(s) sont contrôlés Processus de recherche 'SoftwareUpdateHP.exe' - '1' module(s) sont contrôlés Processus de recherche 'AliceAgent.exe' - '1' module(s) sont contrôlés Processus de recherche 'clclean.0001' - '1' module(s) sont contrôlés Processus de recherche 'issch.exe' - '1' module(s) sont contrôlés Processus de recherche 'AndreaVC.exe' - '1' module(s) sont contrôlés Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés Processus de recherche 'CTSysVol.exe' - '1' module(s) sont contrôlés Processus de recherche 'DMXLauncher.exe' - '1' module(s) sont contrôlés Processus de recherche 'stsystra.exe' - '1' module(s) sont contrôlés Processus de recherche 'ehtray.exe' - '1' module(s) sont contrôlés Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés Processus de recherche 'dllhost.exe' - '1' module(s) sont contrôlés Processus de recherche 'mcrdsvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'TomTomHOMEService.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'SeaPort.exe' - '1' module(s) sont contrôlés Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés Processus de recherche 'ehSched.exe' - '1' module(s) sont contrôlés Processus de recherche 'ehrecvr.exe' - '1' module(s) sont contrôlés Processus de recherche 'CTSVCCDA.EXE' - '1' module(s) sont contrôlés Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'LEXPPS.EXE' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés Processus de recherche 'LEXBCES.EXE' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés Le processus 'eorezo.exe' est arrêté C:\Program Files\EoRezo\eorezo.exe [RESULTAT] Contient le cheval de Troie TR/StartPage.zkt [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c6dc654.qua' ! '64' processus ont été contrôlés avec '63' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [INFO] Aucun virus trouvé ! Secteur d'amorçage maître HD1 [INFO] Aucun virus trouvé ! Secteur d'amorçage maître HD2 [INFO] Aucun virus trouvé ! Secteur d'amorçage maître HD3 [INFO] Aucun virus trouvé ! Secteur d'amorçage maître HD4 [INFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [INFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence : Le registre a été contrôlé ( '64' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! [REMARQUE] Ce fichier est un fichier système Windows. [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche. C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1078\A0138295.exe [RESULTAT] Contient le cheval de Troie TR/StartPage.zkt C:\WINDOWS\system32\drivers\jztkg.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! Début de la désinfection : C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1078\A0138295.exe [RESULTAT] Contient le cheval de Troie TR/StartPage.zkt [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c2cd123.qua' ! Fin de la recherche : mardi 25 mai 2010 15:30 Temps nécessaire: 51:07 Minute(s) La recherche a été effectuée intégralement 11492 Les répertoires ont été contrôlés 456993 Des fichiers ont été contrôlés 3 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 2 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 2 Impossible de contrôler des fichiers 456988 Fichiers non infectés 3996 Les archives ont été contrôlées 2 Avertissements 3 Consignes 83948 Des objets ont été contrôlés lors du Rootkitscan 7 Des objets cachés ont été trouvés

Je ne comprend pas grand chose à tout ça...si quelqu'un pouvait m'aider je l'en remercie par avance :cry:

Bonne journée

jeanmimigab · le 25 Mai 2010 16:55

Salut revefmr et bienvenue sur PC-infopratique :wink:

fais cela stp...

Télécharge >>> AD-Remover <<< ( de C_XX ) sur ton bureau.

- Double-clique sur le raccourcie

pour lancer le tool.

- Pour Vista /Seven faire un cliques droit sur l'icône et choisir "Exécuter en tant qu'administrateur"

- Cliques sur "Nettoyer".

- Ensuite laisse le scan s'effectuer tranquillement sans te servir du PC

- Poste le rapport.txt qui s'ouvre.

au cas ou,le rapport est sauvegarder ici
C:\AD-Report-scan+"date"

ensuite...

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
Sfloppy.sys
Changer.sys
cdrom.sys
disk.sys
ndis.sys
usbscan.sys
usbprint.sys
tdtcp.sys
tdpipe.sys
swmidi.sys
splitter.sys
rdpwd.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
RASACD.SYS
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

@++

revefmr · le 26 Mai 2010 10:56

merci beaucoup d'avoir pris le temps de me répondre

je fais celà et reviens dire ce qu'il en est, mais ce matin je n'ais plus le message d'erreur me disant que le fichier tsc.exe manque... vas comprendre :roll:

A trés vite et encore merci :wink:

revefmr · le 26 Mai 2010 11:46

Voila le rapport de AD-Remover :

Code: Tout sélectionner: . ======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 ======= . Mis à jour par C_XX le 19/05/10 à 19:20 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 11:57:28 le 26/05/2010 | Mode normal | Option: CLEAN Exécuté de: C:\Ad-Remover\ADR.exe SE: Microsoft Windows XP Professionnel (Service Pack 3 - X86) Nom du PC: CAMILLE Utilisateur actuel: GIOANNI . ============== ÉLÉMENT(S) NEUTRALISÉ(S) ============== . . C:\Bingo C:\Documents and Settings\All Users\Application Data\Viewpoint C:\Documents and Settings\All Users\Bureau\Bingo Day.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Bingo Day C:\Documents and Settings\GIOANNI\Application Data\EoRezo C:\Documents and Settings\GIOANNI\Local Settings\Application Data\EoRezo C:\Program Files\EoRezo C:\Program Files\MyWaySA C:\Program Files\Viewpoint C:\Program Files\VMNTOOLBAR C:\WINDOWS\Downloaded Program Files\Popcaploader.dll C:\WINDOWS\Downloaded Program Files\Popcaploader.inf (!) -- Fichiers temporaires supprimés. . HKCU\Software\EoRezo HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} HKCU\Software\PopCap HKCU\Software\vmntoolbar HKLM\Software\Bingo Day HKLM\Software\Classes\AppID\{AFBB7970-789A-4264-BA70-E8127DECE400} HKLM\Software\Classes\AppID\EoEngineBHO.DLL HKLM\Software\Classes\AxMetaStream.MetaStreamCtl HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1 HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1 HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} HKLM\Software\Classes\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75} HKLM\Software\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} HKLM\Software\Classes\CLSID\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} HKLM\Software\Classes\CLSID\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} HKLM\Software\Classes\EoEngineBHO.EOBHO HKLM\Software\Classes\EoEngineBHO.EOBHO.1 HKLM\Software\Classes\Interface\{DF76E9B7-35EC-46FC-AF56-5B79DED9D64F} HKLM\Software\Classes\popcaploader.popcaploaderctrl2 HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1 HKLM\Software\Classes\TypeLib\{18AF7201-4F14-4BCF-93FE-45617CF259FF} HKLM\Software\Classes\TypeLib\{4D25F920-B9FE-4682-BF72-8AB8210D6D75} HKLM\Software\Classes\vmntoolbar.VMNTOOLBAR HKLM\Software\EoRezo HKLM\Software\MetaStream HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vmntoolbar HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bingo Day HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\EoRezo_is1 HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1 HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\vmntoolbar HKLM\Software\Viewpoint HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{4D25F926-B9FE-4682-BF72-8AB8210D6D75} HKLM\Software\Microsoft\Internet Explorer\Toolbar|{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eoengine HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eorezo HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Softwarehelper . . ============== SCAN ADDITIONNEL ============== . * Mozilla FireFox Version 3.0.15 (fr) * . C:\Documents and Settings\GIOANNI\..\ygjwtv0e.default\prefs.js - browser.download.dir: C:\\Documents and Settings\\GIOANNI\\Mes documents\\Mes images\\tuto pate Ã sel et PAM C:\Documents and Settings\GIOANNI\..\ygjwtv0e.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\GIOANNI\\Mes documents\\telechargements C:\Documents and Settings\GIOANNI\..\ygjwtv0e.default\prefs.js - browser.search.selectedEngine: Google C:\Documents and Settings\GIOANNI\..\ygjwtv0e.default\prefs.js - browser.startup.homepage: hxxp://y.lo.st C:\Documents and Settings\GIOANNI\..\ygjwtv0e.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.0.15 C:\Documents and Settings\GIOANNI\..\ygjwtv0e.default\prefs.js - privacy.popups.showBrowserMessage, false . EFFACÉ: C:\Documents and Settings\GIOANNI\..\ygjwtv0e.default\prefs.js - user_pref("browser.startup.homepage", "hxxp://y.lo.st"); . * Internet Explorer Version 8.0.6001.18702 * . [HKCU\Software\Microsoft\Internet Explorer\Main] . AutoHide: yes Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ Use Search Asst: no . [HKLM\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Local Page: %SystemRoot%\system32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ . [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] . Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm . ======================================== . C:\Ad-Remover\Quarantine: 3 Fichier(s) C:\Ad-Remover\Backup: 14 Fichier(s) . C:\Ad-Report-CLEAN[1].txt - 6446 Octet(s) . Fin à: 12:08:10, 26/05/2010 . ============== E.O.F - CLEAN[1] ==============

Je fais la suite... :wink:

revefmr · le 26 Mai 2010 12:07

voila les rapports d'OTL

Code: Tout sélectionner: OTL logfile created on: 26/05/2010 12:52:51 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\GIOANNI\Bureau Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 228,13 Gb Total Space | 140,91 Gb Free Space | 61,77% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CAMILLE Current User Name: GIOANNI Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Documents and Settings\GIOANNI\Bureau\OTL.exe (OldTimer Tools) PRC - C:\Documents and Settings\GIOANNI\Local Settings\Temp\clclean.0001 (Macrovision Europe Ltd.) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs) PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe () PRC - C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe (TechCity Solutions France) PRC - C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation) PRC - C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) PRC - C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd) PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - C:\Documents and Settings\GIOANNI\Bureau\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (Creative Labs Licensing Service) -- C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs) SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (STHDA) High Definition Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS (Creative Technology Ltd.) DRV - (sigfilt) -- C:\WINDOWS\system32\drivers\sigfilt.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS (Creative Technology Ltd) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS (Creative Technology Ltd.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.fr/myway IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.fr/myway IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2563222308-3252559340-1027808323-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\S-1-5-21-2563222308-3252559340-1027808323-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2563222308-3252559340-1027808323-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2.1 FF - prefs.js..extensions.enabledItems: fr@dictionaries.addons.mozilla.org:2.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/15 09:08:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/15 09:09:12 | 000,000,000 | ---D | M] [2009/11/16 21:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GIOANNI\Application Data\Mozilla\Extensions [2009/11/16 21:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GIOANNI\Application Data\Mozilla\Extensions\home2@tomtom.com [2009/11/18 17:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GIOANNI\Application Data\Mozilla\Firefox\Profiles\ygjwtv0e.default\extensions [2009/07/01 09:00:10 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\GIOANNI\Application Data\Mozilla\Firefox\Profiles\ygjwtv0e.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2007/10/21 10:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GIOANNI\Application Data\Mozilla\Firefox\Profiles\ygjwtv0e.default\extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc} [2009/09/27 10:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GIOANNI\Application Data\Mozilla\Firefox\Profiles\ygjwtv0e.default\extensions\fr@dictionaries.addons.mozilla.org [2010/01/13 09:53:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/03/18 16:03:40 | 000,214,272 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\Mozilla Firefox\plugins\npmidas.dll [2006/07/10 15:17:17 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin10.dll [2010/03/10 16:08:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin9.dll [2006/06/22 13:44:58 | 002,078,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll [2009/03/24 11:10:44 | 000,114,688 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2009/11/19 00:58:59 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2009/11/19 00:58:59 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2009/11/19 00:58:59 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml [2009/11/19 00:58:59 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2009/11/19 00:58:59 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2010/05/24 20:11:40 | 000,396,674 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 .supercocklol.com O1 - Hosts: 127.0.0.1 www..webloyalty.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 13696 more lines... O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (no name) - {C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} - No CLSID value found. O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-2563222308-3252559340-1027808323-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-2563222308-3252559340-1027808323-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe (TechCity Solutions France) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe () O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL () O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation) O4 - HKU\S-1-5-21-2563222308-3252559340-1027808323-1005..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd) O4 - HKU\S-1-5-21-2563222308-3252559340-1027808323-1005..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd) O4 - HKU\S-1-5-21-2563222308-3252559340-1027808323-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-2563222308-3252559340-1027808323-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-2563222308-3252559340-1027808323-1005..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2563222308-3252559340-1027808323-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090828122524 (PhotoboxPhotowaysUploader5 Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.casimages.com/iu/ImageUploader5.cab (Image Uploader Control) O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab (HouseCall Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {983AB2CC-3D50-11D9-ADFE-00062919A34C} http://www.photoservice.com/activeX/newUpload.CAB (ActiveXUpload.UserCtrl) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://www.photobox.fr/discount/clients/uploader_v2.2.0.2.cab (PB_Uploader Class) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://jeux-a-telecharger.fr.pogo.com/online2/pogo/insaniquarium/popcaploader_v10.cab (PopCapLoader Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\GIOANNI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\GIOANNI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/09/01 07:17:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{1a3d99ae-d2d0-11de-a591-001372d36545}\Shell\AutoRun\command - "" = J:\InstallTomTomHOME.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/09/01 06:57:38 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/05/26 12:49:13 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\GIOANNI\Bureau\OTL.exe [2010/05/26 11:57:27 | 000,000,000 | ---D | C] -- C:\Ad-Remover [2010/05/26 11:56:53 | 001,344,041 | ---- | C] (C_XX) -- C:\Documents and Settings\GIOANNI\Bureau\AD-R.exe [2010/05/25 14:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/05/25 14:32:03 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010/05/25 14:32:03 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010/05/25 14:32:03 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010/05/25 14:32:03 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010/05/25 14:32:03 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010/05/25 14:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010/05/25 14:32:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira [2010/05/10 14:49:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GIOANNI\Application Data\vlc [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/05/26 12:54:58 | 000,741,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\jztkg.sys [2010/05/26 12:49:15 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GIOANNI\Bureau\OTL.exe [2010/05/26 12:44:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/05/26 12:42:26 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2563222308-3252559340-1027808323-1005.job [2010/05/26 12:42:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/05/26 12:42:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/05/26 12:41:13 | 010,223,616 | ---- | M] () -- C:\Documents and Settings\GIOANNI\ntuser.dat [2010/05/26 12:41:13 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\GIOANNI\ntuser.ini [2010/05/26 11:56:55 | 001,344,041 | ---- | M] (C_XX) -- C:\Documents and Settings\GIOANNI\Bureau\AD-R.exe [2010/05/25 15:25:29 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/05/25 14:36:59 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010/05/25 14:36:59 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010/05/25 14:32:18 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk [2010/05/25 14:26:19 | 000,000,002 | ---- | M] () -- C:\WINDOWS\System32\config.nt [2010/05/24 20:11:40 | 000,396,674 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/05/24 19:56:12 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\GIOANNI\Local Settings\Application Data\housecall.guid.cache [2010/05/24 10:07:23 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\GIOANNI\Application Data\khiteb.dat [2010/05/19 20:52:19 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010/05/19 08:06:42 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\GIOANNI\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/05/12 10:53:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/05/10 14:49:25 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\VLC media player.lnk [2010/04/29 18:30:56 | 000,179,651 | ---- | M] () -- C:\Documents and Settings\GIOANNI\Mes documents\Unidialog_0372731T_1272558631913.pdf [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/05/25 14:32:18 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk [2010/05/24 20:31:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\config.nt [2010/05/24 19:56:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\GIOANNI\Local Settings\Application Data\housecall.guid.cache [2010/05/24 10:08:01 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\jztkg.sys [2010/05/24 10:07:23 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\GIOANNI\Application Data\khiteb.dat [2010/05/10 14:49:25 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\VLC media player.lnk [2010/04/29 18:30:56 | 000,179,651 | ---- | C] () -- C:\Documents and Settings\GIOANNI\Mes documents\Unidialog_0372731T_1272558631913.pdf [2009/11/18 19:23:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007/02/10 19:13:25 | 000,000,051 | ---- | C] () -- C:\WINDOWS\npnap32.INI [2007/01/02 19:30:28 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini [2006/10/14 20:09:55 | 000,000,225 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini [2006/10/12 19:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini [2006/10/11 22:55:09 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2006/08/25 19:50:17 | 000,000,232 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2006/07/10 09:15:19 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll [2006/07/10 09:15:19 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini [2006/07/10 09:13:28 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini [2006/07/08 20:02:35 | 000,000,168 | RHS- | C] () -- C:\WINDOWS\System32\BE93C11B22.sys [2006/07/06 14:25:58 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\221BC193BE.sys [2006/07/06 14:25:20 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2006/07/05 14:23:17 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2006/07/05 14:23:14 | 000,568,850 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2006/07/05 14:23:13 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2006/07/05 14:23:13 | 000,856,064 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2006/07/05 14:23:13 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2006/07/05 14:23:11 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2006/07/05 14:23:11 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2006/07/04 22:04:14 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2006/06/27 11:48:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/06/27 11:42:53 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006/06/27 11:36:58 | 000,005,811 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI [2006/06/27 11:14:12 | 000,004,969 | ---- | C] () -- C:\WINDOWS\System32\Sigfilt.ini [2006/06/27 11:14:12 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2006/06/27 11:13:49 | 001,345,520 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL [2006/06/27 11:11:10 | 000,000,537 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/11/10 02:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005/08/05 16:38:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/12/03 12:17:42 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\RsaCrypt.dll [2002/11/01 16:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini [2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini [2002/03/15 12:37:44 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\lxaklcnp.dll [2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll [1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini [1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll [1998/09/14 21:43:16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TWAIN32d.dll [color=#E56717]========== LOP Check ==========[/color] [2006/07/06 15:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto [2006/12/11 21:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst [2009/09/04 16:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap [2007/08/09 17:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games [2009/11/16 21:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom [2006/08/18 14:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom [2010/03/10 16:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2006/07/26 20:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GIOANNI\Application Data\Jasc [2009/11/19 01:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GIOANNI\Application Data\JonDo [2006/07/08 14:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GIOANNI\Application Data\Leadertech [2006/07/06 15:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GIOANNI\Application Data\Otto [2006/12/11 21:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GIOANNI\Application Data\PlayFirst [2009/10/01 14:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GIOANNI\Application Data\SecondLife [2006/07/28 13:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GIOANNI\Application Data\Template [2009/11/16 21:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GIOANNI\Application Data\TomTom [2006/07/09 08:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GIOANNI\Application Data\Visicom Media [2006/07/05 20:00:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS [2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\i386\sp2.cab:cdrom.sys [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2004/08/10 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\i386\cdrom.sys [2004/08/10 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: CHANGER.SYS >[/color] [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\i386\sp2.cab:Changer.sys [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys [2008/04/13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys [color=#A23BEC]< MD5 for: DISK.SYS >[/color] [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys [2004/08/10 13:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys [2004/08/10 13:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys [2008/04/13 20:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys [2008/04/13 20:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004/08/10 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\i386\eventlog.dll [2004/08/10 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2004/08/10 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\i386\ndis.sys [2004/08/10 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll [2004/08/10 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\i386\netlogon.dll [2004/08/10 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [color=#A23BEC]< MD5 for: RASACD.SYS >[/color] [2004/08/10 13:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\i386\rasacd.sys [2004/08/10 13:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys [color=#A23BEC]< MD5 for: RDPWD.SYS >[/color] [2005/06/10 06:06:01 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=047BEA21274C8A4A233674A76C958C2C -- C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys [2008/04/14 04:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys [2008/04/14 04:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\rdpwd.sys [2005/06/10 06:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\i386\rdpwd.sys [2005/06/10 06:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll [2004/08/10 13:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\i386\scecli.dll [2004/08/10 13:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [color=#A23BEC]< MD5 for: SFLOPPY.SYS >[/color] [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\i386\sp2.cab:Sfloppy.sys [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Sfloppy.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Sfloppy.sys [2004/08/10 13:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\i386\sfloppy.sys [2004/08/10 13:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys [2008/04/13 20:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys [2008/04/13 20:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys [color=#A23BEC]< MD5 for: SPLITTER.SYS >[/color] [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\i386\sp2.cab:splitter.sys [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:splitter.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:splitter.sys [2006/06/14 10:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\$NtServicePackUninstall$\splitter.sys [2004/08/04 00:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=8E186B8F23295D1E42C573B82B80D548 -- C:\i386\splitter.sys [2004/08/04 00:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=8E186B8F23295D1E42C573B82B80D548 -- C:\WINDOWS\$NtUninstallKB920872$\splitter.sys [2006/06/14 10:50:19 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=9BB1DD670CB7505A90FC4E61D4AA8227 -- C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys [2008/04/13 20:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\ServicePackFiles\i386\splitter.sys [2008/04/13 20:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys [color=#A23BEC]< MD5 for: SWMIDI.SYS >[/color] [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:swmidi.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:swmidi.sys [2008/04/13 20:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\ServicePackFiles\i386\swmidi.sys [2008/04/13 20:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys [2001/08/17 23:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\i386\swmidi.sys [2001/08/17 23:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\$NtServicePackUninstall$\swmidi.sys [color=#A23BEC]< MD5 for: TDPIPE.SYS >[/color] [2004/08/10 13:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\i386\tdpipe.sys [2004/08/10 13:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys [2008/04/14 04:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys [2008/04/14 04:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys [color=#A23BEC]< MD5 for: TDTCP.SYS >[/color] [2008/04/14 04:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys [2008/04/14 04:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys [2004/08/10 13:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\i386\tdtcp.sys [2004/08/10 13:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys [color=#A23BEC]< MD5 for: USBPRINT.SYS >[/color] [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbprint.sys [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbprint.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbprint.sys [2004/08/04 00:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\i386\usbprint.sys [2004/08/04 00:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\WINDOWS\$NtServicePackUninstall$\usbprint.sys [2008/04/13 20:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\ServicePackFiles\i386\usbprint.sys [2008/04/13 20:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys [color=#A23BEC]< MD5 for: USBSCAN.SYS >[/color] [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbscan.sys [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbscan.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbscan.sys [2008/04/13 20:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\ServicePackFiles\i386\usbscan.sys [2008/04/13 21:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\dllcache\usbscan.sys [2008/04/13 21:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys [2004/08/03 23:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\$NtServicePackUninstall$\usbscan.sys [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [2008/04/14 04:33:21 | 001,267,200 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\comsvcs.dll [9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] < End of report >

Et OTL Extras

Code: Tout sélectionner: OTL Extras logfile created on: 26/05/2010 12:52:51 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\GIOANNI\Bureau Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 228,13 Gb Total Space | 140,91 Gb Free Space | 61,77% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CAMILLE Current User Name: GIOANNI Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "135:TCP" = 135:TCP:*:Enabled:Port DCOM (135) "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service -- File not found "C:\Program Files\WinPhone Ultimate Edition\BvrpKrnl.exe" = C:\Program Files\WinPhone Ultimate Edition\BvrpKrnl.exe:*:Enabled:Bvrpkrnl -- File not found "C:\Program Files\Visicom Media\FTP Expert 3\ftpxpert3.exe" = C:\Program Files\Visicom Media\FTP Expert 3\ftpxpert3.exe:*:Enabled:AceFTP v3 -- (Visicom Media Inc.) "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.) "C:\Program Files\WinPhone Ultimate Edition\winphone.exe" = C:\Program Files\WinPhone Ultimate Edition\winphone.exe:*:Disabled:Winphone -- File not found "C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net) "C:\Program Files\Alice_Triway_WiFi\Wizard\CTD_FirmwareUpgrader.exe" = C:\Program Files\Alice_Triway_WiFi\Wizard\CTD_FirmwareUpgrader.exe:*:Enabled:CTD_FirmwareUpgrader -- (Terra Virtual) "C:\Documents and Settings\GIOANNI\Mes documents\telechargements\visio.exe" = C:\Documents and Settings\GIOANNI\Mes documents\telechargements\visio.exe:*:Enabled:visio -- () "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation) "C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- File not found "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = Panneau de contrôle ATI "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17 "{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10 "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page "{3A0221AD-D30B-4320-8F9B-1D0F0E6C6843}" = Kit de Connexion Alice ADSL "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer "{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live "{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool "{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module "{64D114CE-4234-45C2-B60A-2B07D5A48F72}" = Microsoft Works 7.0 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes "{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call "{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90AF040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1036-7B44-A00000000001}" = Adobe Reader 6.0.1 - Français "{ACBD0110-F243-11D4-BCEE-00104B1CB360}" = Plug-in ma messagerie vocale Orange "{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE5D7CE8-27E7-4452-AF33-F38F074BBD08}" = Alice ADSL - Installation principale "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU "{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}" = Windows Live Contrôle parental "{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "0D20D36D-A11C-444c-9AF7-70CBFED42ECF" = Otto "99A88D57-2C93-491B-87B8-E41A870FB6BE" = GemMaster Mystic "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Ad-Remover" = Ad-Remover By C_XX "Agfa ScanWise 1.70" = Agfa ScanWise 1.70 "AGFAnet Print Service" = AGFAnet Print Service "AliceSAV" = Alice Auto-diagnostic "ATI Display Driver" = ATI Display Driver "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "bildschirmschoner_winter" = bildschirmschoner_winter "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem "e-anim701" = e-anim701 "eMule" = eMule "FTP Expert 3" = FTP Expert 3 "HijackThis" = HijackThis 1.99.1 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "Internet Scrabble Club_is1" = WordBiz version 1.8 "king.com" = king.com (remove only) "KLiteCodecPack_is1" = K-Lite Codec Pack 2.72 Full "Lexmark Supplies Monitor" = Lexmark Supplies Monitor "Lexmark Z55" = Lexmark Z55 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Nero - Burning Rom!UninstallKey" = Nero 6 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PhotoBox" = PhotoBox "PhotoFiltre" = PhotoFiltre "PROSet" = Intel(R) PRO Network Connections Drivers "RealPlayer 12.0" = RealPlayer "Sound Blaster Audigy ADVANCED MB Product Registration" = Enregistrement du produit Sound Blaster Audigy ADVANCED MB "StreetPlugin" = Learn2 Player (Uninstall Only) "Téléchargement PHOTOWAYS" = Téléchargement PHOTOWAYS 3.0.8 "TomTom HOME" = TomTom HOME 2.7.2.1825 "TOWeb-SetupID-0001_is1" = Lauyan TOWeb "VirtualDub 1.6.9 Fr" = VirtualDub 1.6.9 Fr "VLC media player" = VLC media player 1.0.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Lecteur Windows Media 11 "Windows XP Service" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Installation Windows Live "WinRAR archiver" = Archiveur WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Companion" = Yahoo! Toolbar avec bloqueur de fenêtres pop-up "Yahoo! Toolbar" = Yahoo! Toolbar "Zylom Games Player Plugin" = Zylom Games Player Plugin [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2563222308-3252559340-1027808323-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 14/02/2010 06:58:26 | Computer Name = CAMILLE | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 17/03/2010 04:43:59 | Computer Name = CAMILLE | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 19/03/2010 09:50:02 | Computer Name = CAMILLE | Source = Application Hang | ID = 1002 Description = Application bloquée wmplayer.exe, version 11.0.5721.5145, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 20/04/2010 12:52:26 | Computer Name = CAMILLE | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 22/04/2010 12:21:21 | Computer Name = CAMILLE | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 22/04/2010 12:21:23 | Computer Name = CAMILLE | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 23/04/2010 12:24:17 | Computer Name = CAMILLE | Source = Microsoft Works | ID = 1000 Description = Error - 14/05/2010 04:32:44 | Computer Name = CAMILLE | Source = Application Error | ID = 1000 Description = Application défaillante scanwise.exe, version 1.7.0.2, module défaillant scanwise.dll, version 1.7.0.2, adresse de défaillance 0x0002e98c. Error - 21/05/2010 09:13:51 | Computer Name = CAMILLE | Source = Application Error | ID = 1000 Description = Application défaillante iexplore.exe, version 8.0.6001.18702, module défaillant mshtml.dll, version 8.0.6001.18904, adresse de défaillance 0x00331b8a. Error - 22/05/2010 06:52:01 | Computer Name = CAMILLE | Source = PerfNet | ID = 2004 Description = Impossible d'ouvrir le Service serveur. Les données de performance du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0. [ System Events ] Error - 26/05/2010 06:29:44 | Computer Name = CAMILLE | Source = Service Control Manager | ID = 7034 Description = Le service Java Quick Starter s'est terminé de façon inattendue pour la 1ème fois. Error - 26/05/2010 06:29:44 | Computer Name = CAMILLE | Source = Service Control Manager | ID = 7031 Description = Le service Media Center Extender Service s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 5000 millisecondes : Redémarrer le service. Error - 26/05/2010 06:29:44 | Computer Name = CAMILLE | Source = Service Control Manager | ID = 7034 Description = Le service LexBce Server s'est terminé de façon inattendue pour la 1ème fois. Error - 26/05/2010 06:29:44 | Computer Name = CAMILLE | Source = Service Control Manager | ID = 7031 Description = Le service Spouleur d'impression s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 60000 millisecondes : Redémarrer le service. Error - 26/05/2010 06:29:44 | Computer Name = CAMILLE | Source = Service Control Manager | ID = 7034 Description = Le service SeaPort s'est terminé de façon inattendue pour la 1ème fois. Error - 26/05/2010 06:29:44 | Computer Name = CAMILLE | Source = Service Control Manager | ID = 7031 Description = Le service Application système COM+ s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 1000 millisecondes : Redémarrer le service. Error - 26/05/2010 06:29:44 | Computer Name = CAMILLE | Source = Service Control Manager | ID = 7034 Description = Le service Creative Labs Licensing Service s'est terminé de façon inattendue pour la 1ème fois. Error - 26/05/2010 06:29:44 | Computer Name = CAMILLE | Source = Service Control Manager | ID = 7034 Description = Le service Service de l’iPod s'est terminé de façon inattendue pour la 1ème fois. Error - 26/05/2010 06:29:44 | Computer Name = CAMILLE | Source = Service Control Manager | ID = 7034 Description = Le service Service de la passerelle de la couche Application s'est terminé de façon inattendue pour la 1ème fois. Error - 26/05/2010 06:29:44 | Computer Name = CAMILLE | Source = Service Control Manager | ID = 7031 Description = Le service Service Partage réseau du Lecteur Windows Media s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service. < End of report >

Aujourd'hui j'ai un défilé de pubs en tout genre qui s'ouvrent dans IE...Et ma page de démarrage est devenu MSN

Merci de m'accorder de ton temps

jeanmimigab · le 26 Mai 2010 17:39

salut,

il y a un rootkit sur ton pc, si OTL ne le vire pas, ont fera autrement :wink:

ma page de démarrage est devenu MSN

C'est normal, ADR remet la page par défaut d'IE et c'est MSN.com :wink:

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:Files
C:\Documents and Settings\GIOANNI\Local Settings\Temp\clclean.0001
C:\WINDOWS\System32\drivers\jztkg.sys
C:\WINDOWS\System32\BE93C11B22.sys
C:\WINDOWS\System32\221BC193BE.sys
C:\WINDOWS\aucfg.ini
C:\Documents and Settings\GIOANNI\Application Data\khiteb.dat
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

:reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\jztkg]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jztkg]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\jztkg]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\jztkg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{E7559288-223B-453C-9F06-340E3BE21E39}"=-

:OTL
O2 - BHO: (no name) - {C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} - No CLSID value found.
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No CLSID value found.
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://jeux-a-telecharger.fr.pogo.com/o ... er_v10.cab (PopCapLoader Object)

:Commands
[EMPTYTEMP]
[EMPTYFLASH]

* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport "OTL.Txt" s'ouvre
* Copie et colle le dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

ensuite....refais un scan OTL comme tu l'as fais la première fois et poste moi le rapport stp... :wink:

revefmr · le 27 Mai 2010 11:39

coucou

Alors voila le rapport aprés la "correction"

Code: Tout sélectionner: All processes killed ========== FILES ========== C:\Documents and Settings\GIOANNI\Local Settings\Temp\clclean.0001 moved successfully. File move failed. C:\WINDOWS\System32\drivers\jztkg.sys scheduled to be moved on reboot. C:\WINDOWS\System32\BE93C11B22.sys moved successfully. C:\WINDOWS\System32\221BC193BE.sys moved successfully. C:\WINDOWS\aucfg.ini moved successfully. C:\Documents and Settings\GIOANNI\Application Data\khiteb.dat moved successfully. C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\x86 folder moved successfully. C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86 folder moved successfully. C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} folder moved successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\jztkg\ not found. Registry key HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jztkg\ not found. Registry key HKEY_LOCAL_MACHINE\System\ControlSet002\Services\jztkg\ not found. Registry key HKEY_LOCAL_MACHINE\System\ControlSet003\Services\jztkg\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{E7559288-223B-453C-9F06-340E3BE21E39} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7559288-223B-453C-9F06-340E3BE21E39}\ not found. ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}\ not found. Starting removal of ActiveX control {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} C:\WINDOWS\Downloaded Program Files\popcaploader.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 59964 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: All Users User: Default User ->Temp folder emptied: 59964 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: GIOANNI ->Temp folder emptied: 1595203 bytes ->Temporary Internet Files folder emptied: 24377254 bytes ->Java cache emptied: 263074983 bytes ->FireFox cache emptied: 94639857 bytes ->Flash cache emptied: 101620 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 7781562 bytes ->Flash cache emptied: 348 bytes User: NetworkService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 23451136 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 205419 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 59964 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 37019 bytes RecycleBin emptied: 2717 bytes Total Files Cleaned = 396,00 mb [EMPTYFLASH] User: Administrateur User: All Users User: Default User User: GIOANNI ->Flash cache emptied: 0 bytes User: LocalService ->Flash cache emptied: 0 bytes User: NetworkService Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.5.0 log created on 05272010_123101 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\System32\drivers\jztkg.sys scheduled to be moved on reboot. C:\Documents and Settings\GIOANNI\Local Settings\Temp\clclean.0001.dir.0213\~df394b.tmp moved successfully. C:\Documents and Settings\GIOANNI\Local Settings\Temp\clclean.0001.dir.0213\~efe2.tmp moved successfully. Registry entries deleted on Reboot...

m'en vais de ce pas faire un scan d'OTL :wink:

revefmr · le 27 Mai 2010 11:51

Voila le rapport d'OTL

Code: Tout sélectionner: OTL logfile created on: 27/05/2010 12:41:23 - Run 2 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\GIOANNI\Bureau Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 228,13 Gb Total Space | 140,84 Gb Free Space | 61,73% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CAMILLE Current User Name: GIOANNI Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Documents and Settings\GIOANNI\Local Settings\Temp\clclean.0001 (Macrovision Europe Ltd.) PRC - C:\Documents and Settings\GIOANNI\Bureau\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs) PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe () PRC - C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe (TechCity Solutions France) PRC - C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation) PRC - C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) PRC - C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd) PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - C:\Documents and Settings\GIOANNI\Bureau\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (Creative Labs Licensing Service) -- C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs) SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (STHDA) High Definition Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS (Creative Technology Ltd.) DRV - (sigfilt) -- C:\WINDOWS\system32\drivers\sigfilt.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS (Creative Technology Ltd) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS (Creative Technology Ltd.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.fr/myway IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.fr/myway IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2563222308-3252559340-1027808323-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\S-1-5-21-2563222308-3252559340-1027808323-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2563222308-3252559340-1027808323-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2.1 FF - prefs.js..extensions.enabledItems: fr@dictionaries.addons.mozilla.org:2.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/15 09:08:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/15 09:09:12 | 000,000,000 | ---D | M] [2009/11/16 21:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GIOANNI\Application Data\Mozilla\Extensions [2009/11/16 21:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GIOANNI\Application Data\Mozilla\Extensions\home2@tomtom.com [2009/11/18 17:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GIOANNI\Application Data\Mozilla\Firefox\Profiles\ygjwtv0e.default\extensions [2009/07/01 09:00:10 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\GIOANNI\Application Data\Mozilla\Firefox\Profiles\ygjwtv0e.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2007/10/21 10:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GIOANNI\Application Data\Mozilla\Firefox\Profiles\ygjwtv0e.default\extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc} [2009/09/27 10:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GIOANNI\Application Data\Mozilla\Firefox\Profiles\ygjwtv0e.default\extensions\fr@dictionaries.addons.mozilla.org [2010/01/13 09:53:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/03/18 16:03:40 | 000,214,272 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\Mozilla Firefox\plugins\npmidas.dll [2006/07/10 15:17:17 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin10.dll [2010/03/10 16:08:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin9.dll [2006/06/22 13:44:58 | 002,078,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll [2009/03/24 11:10:44 | 000,114,688 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2009/11/19 00:58:59 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2009/11/19 00:58:59 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2009/11/19 00:58:59 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml [2009/11/19 00:58:59 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2009/11/19 00:58:59 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2010/05/24 20:11:40 | 000,396,674 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 .supercocklol.com O1 - Hosts: 127.0.0.1 http://www..webloyalty.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 http://www.007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 http://www.008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 http://www.00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 http://www.032439.com O1 - Hosts: 127.0.0.1 http://www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com O1 - Hosts: 127.0.0.1 http://www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 http://www.123topsearch.com O1 - Hosts: 127.0.0.1 http://www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 http://www.136136.net O1 - Hosts: 13696 more lines... O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (no name) - {C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} - No CLSID value found. O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-2563222308-3252559340-1027808323-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-2563222308-3252559340-1027808323-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe (TechCity Solutions France) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe () O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL () O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation) O4 - HKU\S-1-5-21-2563222308-3252559340-1027808323-1005..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd) O4 - HKU\S-1-5-21-2563222308-3252559340-1027808323-1005..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd) O4 - HKU\S-1-5-21-2563222308-3252559340-1027808323-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-2563222308-3252559340-1027808323-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-2563222308-3252559340-1027808323-1005..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2563222308-3252559340-1027808323-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090828122524 (PhotoboxPhotowaysUploader5 Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.casimages.com/iu/ImageUploader5.cab (Image Uploader Control) O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab (HouseCall Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {983AB2CC-3D50-11D9-ADFE-00062919A34C} http://www.photoservice.com/activeX/newUpload.CAB (ActiveXUpload.UserCtrl) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://www.photobox.fr/discount/clients/uploader_v2.2.0.2.cab (PB_Uploader Class) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\GIOANNI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\GIOANNI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/09/01 07:17:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{1a3d99ae-d2d0-11de-a591-001372d36545}\Shell\AutoRun\command - "" = J:\InstallTomTomHOME.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/09/01 06:57:38 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/05/27 12:31:01 | 000,000,000 | ---D | C] -- C:\_OTL [2010/05/26 12:49:13 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\GIOANNI\Bureau\OTL.exe [2010/05/26 11:57:27 | 000,000,000 | ---D | C] -- C:\Ad-Remover [2010/05/26 11:56:53 | 001,344,041 | ---- | C] (C_XX) -- C:\Documents and Settings\GIOANNI\Bureau\AD-R.exe [2010/05/25 14:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/05/25 14:32:03 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010/05/25 14:32:03 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010/05/25 14:32:03 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010/05/25 14:32:03 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010/05/25 14:32:03 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010/05/25 14:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010/05/25 14:32:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira [2010/05/10 14:49:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GIOANNI\Application Data\vlc [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/05/27 12:43:18 | 000,741,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\jztkg.sys [2010/05/27 12:34:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/05/27 12:34:03 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2563222308-3252559340-1027808323-1005.job [2010/05/27 12:34:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/05/27 12:33:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/05/27 12:33:15 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\GIOANNI\ntuser.ini [2010/05/27 12:33:14 | 010,223,616 | ---- | M] () -- C:\Documents and Settings\GIOANNI\ntuser.dat [2010/05/26 12:49:15 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GIOANNI\Bureau\OTL.exe [2010/05/26 11:56:55 | 001,344,041 | ---- | M] (C_XX) -- C:\Documents and Settings\GIOANNI\Bureau\AD-R.exe [2010/05/25 15:25:29 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/05/25 14:36:59 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010/05/25 14:36:59 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010/05/25 14:32:18 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk [2010/05/25 14:26:19 | 000,000,002 | ---- | M] () -- C:\WINDOWS\System32\config.nt [2010/05/24 20:11:40 | 000,396,674 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/05/24 19:56:12 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\GIOANNI\Local Settings\Application Data\housecall.guid.cache [2010/05/19 20:52:19 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010/05/19 08:06:42 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\GIOANNI\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/05/12 10:53:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/05/10 14:49:25 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\VLC media player.lnk [2010/04/29 18:30:56 | 000,179,651 | ---- | M] () -- C:\Documents and Settings\GIOANNI\Mes documents\Unidialog_0372731T_1272558631913.pdf [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/05/25 14:32:18 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk [2010/05/24 20:31:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\config.nt [2010/05/24 19:56:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\GIOANNI\Local Settings\Application Data\housecall.guid.cache [2010/05/24 10:08:01 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\jztkg.sys [2010/05/10 14:49:25 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\VLC media player.lnk [2010/04/29 18:30:56 | 000,179,651 | ---- | C] () -- C:\Documents and Settings\GIOANNI\Mes documents\Unidialog_0372731T_1272558631913.pdf [2009/11/18 19:23:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007/02/10 19:13:25 | 000,000,051 | ---- | C] () -- C:\WINDOWS\npnap32.INI [2007/01/02 19:30:28 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini [2006/10/14 20:09:55 | 000,000,225 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini [2006/10/12 19:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini [2006/10/11 22:55:09 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2006/08/25 19:50:17 | 000,000,232 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2006/07/10 09:15:19 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll [2006/07/10 09:15:19 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini [2006/07/10 09:13:28 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini [2006/07/06 14:25:20 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2006/07/05 14:23:17 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2006/07/05 14:23:14 | 000,568,850 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2006/07/05 14:23:13 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2006/07/05 14:23:13 | 000,856,064 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2006/07/05 14:23:13 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2006/07/05 14:23:11 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2006/07/05 14:23:11 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2006/07/04 22:04:14 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2006/06/27 11:48:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/06/27 11:42:53 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006/06/27 11:36:58 | 000,005,811 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI [2006/06/27 11:14:12 | 000,004,969 | ---- | C] () -- C:\WINDOWS\System32\Sigfilt.ini [2006/06/27 11:14:12 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2006/06/27 11:13:49 | 001,345,520 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL [2006/06/27 11:11:10 | 000,000,537 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/11/10 02:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005/08/05 16:38:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/12/03 12:17:42 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\RsaCrypt.dll [2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini [2002/03/15 12:37:44 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\lxaklcnp.dll [2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll [1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini [1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll [1998/09/14 21:43:16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TWAIN32d.dll [color=#E56717]========== LOP Check ==========[/color] [2006/07/06 15:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto [2006/12/11 21:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst [2009/09/04 16:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap [2007/08/09 17:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games [2009/11/16 21:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom [2006/08/18 14:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom [2006/07/26 20:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GIOANNI\Application Data\Jasc [2009/11/19 01:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GIOANNI\Application Data\JonDo [2006/07/08 14:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GIOANNI\Application Data\Leadertech [2006/07/06 15:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GIOANNI\Application Data\Otto [2006/12/11 21:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GIOANNI\Application Data\PlayFirst [2009/10/01 14:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GIOANNI\Application Data\SecondLife [2006/07/28 13:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GIOANNI\Application Data\Template [2009/11/16 21:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GIOANNI\Application Data\TomTom [2006/07/09 08:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GIOANNI\Application Data\Visicom Media [2006/07/05 20:00:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS [2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\i386\sp2.cab:cdrom.sys [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2004/08/10 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\i386\cdrom.sys [2004/08/10 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: CHANGER.SYS >[/color] [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\i386\sp2.cab:Changer.sys [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys [2008/04/13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys [color=#A23BEC]< MD5 for: DISK.SYS >[/color] [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys [2004/08/10 13:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys [2004/08/10 13:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys [2008/04/13 20:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys [2008/04/13 20:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004/08/10 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\i386\eventlog.dll [2004/08/10 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2004/08/10 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\i386\ndis.sys [2004/08/10 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll [2004/08/10 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\i386\netlogon.dll [2004/08/10 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [color=#A23BEC]< MD5 for: RASACD.SYS >[/color] [2004/08/10 13:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\i386\rasacd.sys [2004/08/10 13:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys [color=#A23BEC]< MD5 for: RDPWD.SYS >[/color] [2005/06/10 06:06:01 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=047BEA21274C8A4A233674A76C958C2C -- C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys [2008/04/14 04:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys [2008/04/14 04:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\rdpwd.sys [2005/06/10 06:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\i386\rdpwd.sys [2005/06/10 06:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll [2004/08/10 13:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\i386\scecli.dll [2004/08/10 13:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [color=#A23BEC]< MD5 for: SFLOPPY.SYS >[/color] [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\i386\sp2.cab:Sfloppy.sys [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Sfloppy.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Sfloppy.sys [2004/08/10 13:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\i386\sfloppy.sys [2004/08/10 13:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys [2008/04/13 20:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys [2008/04/13 20:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys [color=#A23BEC]< MD5 for: SPLITTER.SYS >[/color] [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\i386\sp2.cab:splitter.sys [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:splitter.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:splitter.sys [2006/06/14 10:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\$NtServicePackUninstall$\splitter.sys [2004/08/04 00:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=8E186B8F23295D1E42C573B82B80D548 -- C:\i386\splitter.sys [2004/08/04 00:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=8E186B8F23295D1E42C573B82B80D548 -- C:\WINDOWS\$NtUninstallKB920872$\splitter.sys [2006/06/14 10:50:19 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=9BB1DD670CB7505A90FC4E61D4AA8227 -- C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys [2008/04/13 20:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\ServicePackFiles\i386\splitter.sys [2008/04/13 20:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys [color=#A23BEC]< MD5 for: SWMIDI.SYS >[/color] [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:swmidi.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:swmidi.sys [2008/04/13 20:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\ServicePackFiles\i386\swmidi.sys [2008/04/13 20:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys [2001/08/17 23:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\i386\swmidi.sys [2001/08/17 23:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\$NtServicePackUninstall$\swmidi.sys [color=#A23BEC]< MD5 for: TDPIPE.SYS >[/color] [2004/08/10 13:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\i386\tdpipe.sys [2004/08/10 13:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys [2008/04/14 04:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys [2008/04/14 04:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys [color=#A23BEC]< MD5 for: TDTCP.SYS >[/color] [2008/04/14 04:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys [2008/04/14 04:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys [2004/08/10 13:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\i386\tdtcp.sys [2004/08/10 13:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys [color=#A23BEC]< MD5 for: USBPRINT.SYS >[/color] [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbprint.sys [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbprint.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbprint.sys [2004/08/04 00:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\i386\usbprint.sys [2004/08/04 00:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\WINDOWS\$NtServicePackUninstall$\usbprint.sys [2008/04/13 20:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\ServicePackFiles\i386\usbprint.sys [2008/04/13 20:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys [color=#A23BEC]< MD5 for: USBSCAN.SYS >[/color] [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbscan.sys [2004/08/10 13:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbscan.sys [2008/08/19 10:08:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbscan.sys [2008/04/13 20:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\ServicePackFiles\i386\usbscan.sys [2008/04/13 21:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\dllcache\usbscan.sys [2008/04/13 21:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys [2004/08/03 23:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\$NtServicePackUninstall$\usbscan.sys [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [2008/04/14 04:33:21 | 001,267,200 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\comsvcs.dll [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] < End of report >

Pas d'extras cette fois ci.

Encore merci de t'occuper de moi...heu de mon pc :lol:

EDIT Skynet : balises [quote] remplacées par [code], merci de faire attention.

jeanmimigab · le 27 Mai 2010 18:50

coucou

bon, le rootkit n'a pas sauté...OTL c'est fait mouché :lol:

on vas faire autrement....

désactive ton Anti-virus le temps de faire ces manipulations.

>>Télécharge Winsockxpfix sur ton bureau et passe à la suite.

========================================================================================================

ensuite...

Très important pour que l'opération fonctionne >> Désactive Antivir(clic-droit sur le petit parapluie qui est dans la zone de notification et décoche "Activer Antir guard"

Télécharge Combofix sur ton Bureau (et pas ailleurs)en le renommant avant qu'il n'atterrisse sur ton bureau.
pour cela fais un clic droit sur Combofix.exe ,choisis "enregistrer la cible du lien sous..." et renomme le en machin.exe pour l'emplacement choisis ton bureau et cliques sur "enregistrer"

ensuite...

> crées un nouveau document texte sur ton bureau
> pour cela clic-droit sur le bureau > Nouveau > document texte > copies et colles le contenu de la citation ci-dessous à l'intérieur

KillAll::

rootkit::
C:\Windows\System32\drivers\jztkg.sys

File::
C:\Documents and Settings\GIOANNI\Local Settings\Temp\clclean.0001

Registry::
[-HKEY_CLASSES_ROOT\CLSID\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}]

RegLockDel::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\jztkg]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jztkg]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\jztkg]
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\jztkg]

Respectes à la lettre la procédure d'enregistrement suivante,c'est très important

> ensuite cliques sur "fichier" > "enregistrer sous..."
> dans la fenêtre d'enregistrement choisis le bureau comme destination > dans type choisis "tous les fichiers" > et dans nom du fichier tape CFScript.txt > ensuite cliques sur enregistrer et fermes le document texte.

> fais un glisser/déposer(clic-gauche enfoncé sur CFScript.txt et tu fais glisser) de ce fichier CFScript.txt sur le fichier ComboFix.exe(dans ton cas c'est "machin.exe") comme sur cette capture.

> une fenêtre bleue va apparaître >>suis les instructions relatives aux avertissement.
> Si combofix te demande l'autorisation d'installer la console de récupération, accepte !
> patientes le temps du scan. Le bureau va disparaître à plusieurs reprises,c'est normal!
> ne touches à rien tant que le scan n'est pas terminé
> une fois le scan achevé, un rapport va s'afficher,postes son contenu dans ta prochaine réponse.
> si le rapport ne s'ouvre pas, il se trouve à cet emplacement C:\ComboFix.txt

========================================================================================================

si a tout hasard ta connexion internet n'est plus active après le redémarrage du pc fait cela pour la réparer...

Fais un double clic sur l'icône

de WinsockXPFix.

>>clique sur "Fix" > et si ton pc ne redémarre pas,redémarre le manuellement.

revefmr · le 28 Mai 2010 06:37

Bonjour,

J'ai fais ce que tu m'a demandé, mais j'ai rencontré un probléme...lorsque le programme a voulu charger la console de récupération, il m'a signalé que je n'étais pas connecté, mais impossible de rétablir ma connextion, donc il n'a pas analysé je ne sais quoi... :oops:

Lorsque le pc à redémarré, antivir s'est réouvert alors que le programme, disait de n'ouvrir aucun programme...Je ne sais pas si tout ça a eu une incidence sur la manip que tu voulais que je fasse, tiens moi au courant, pour le moment je n'ose pas le refaire sans ton avis.

En attendant voila le rapport :

Code: Tout sélectionner: ComboFix 10-05-27.02 - GIOANNI 28/05/2010 7:13.1.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1564 [GMT 2:00] Lancé depuis: c:\documents and settings\GIOANNI\Bureau\machin.exe Commutateurs utilisés :: c:\documents and settings\GIOANNI\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: "c:\documents and settings\GIOANNI\Local Settings\Temp\clclean.0001" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\GIOANNI\Cookies\gioanni@managerzone.jeu[1].txt c:\documents and settings\GIOANNI\Local Settings\Temp\clclean.0001 c:\program files\Fichiers communs\Real\Update_OB\lang\rpsearch_fr.dll c:\program files\Real\RealPlayer\converter\rnuninst_fr.dll c:\program files\Real\RealPlayer\lang\cdplay_fr.dll c:\program files\Real\RealPlayer\lang\dbcomp_fr.dll c:\program files\Real\RealPlayer\lang\embed_fr.dll c:\program files\Real\RealPlayer\lang\gemctl_fr.dll c:\program files\Real\RealPlayer\lang\mydevices_fr.dll c:\program files\Real\RealPlayer\lang\pngui_fr.dll c:\program files\Real\RealPlayer\lang\rjctl_fr.dll c:\program files\Real\RealPlayer\lang\rjdlg_fr.dll c:\program files\Real\RealPlayer\lang\rjeq_fr.dll c:\program files\Real\RealPlayer\lang\rjfade_fr.dll c:\program files\Real\RealPlayer\lang\rjmisc_fr.dll c:\program files\Real\RealPlayer\lang\rjprog_fr.dll c:\program files\Real\RealPlayer\lang\rjres_fr.dll c:\program files\Real\RealPlayer\lang\rjskin_fr.dll c:\program files\Real\RealPlayer\lang\rjviz_fr.dll c:\program files\Real\RealPlayer\lang\rjwma_fr.dll c:\program files\Real\RealPlayer\lang\rnuninst_fr.dll c:\program files\Real\RealPlayer\lang\rpapp_fr.dll c:\program files\Real\RealPlayer\lang\rpbgr_fr.dll c:\program files\Real\RealPlayer\lang\rpbrp_fr.dll c:\program files\Real\RealPlayer\lang\rpclsvc_fr.dll c:\program files\Real\RealPlayer\lang\rpclutil_fr.dll c:\program files\Real\RealPlayer\lang\rpdemand_fr.dll c:\program files\Real\RealPlayer\lang\rpdsplyr_fr.dll c:\program files\Real\RealPlayer\lang\rpext_fr.dll c:\program files\Real\RealPlayer\lang\rpgutil_fr.dll c:\program files\Real\RealPlayer\lang\rpmnpane_fr.dll c:\program files\Real\RealPlayer\lang\rpplylst_fr.dll c:\program files\Real\RealPlayer\lang\rpsearch_fr.dll c:\program files\Real\RealPlayer\lang\rpwebctl_fr.dll c:\program files\Real\RealPlayer\lang\systray_fr.dll c:\program files\Real\RealPlayer\lang\tcdinfo_fr.dll c:\program files\Real\RealPlayer\lang\tclsvc_fr.dll c:\program files\Real\RealPlayer\lang\tdwnmgr_fr.dll c:\program files\Real\RealPlayer\lang\tearm_fr.dll c:\program files\Real\RealPlayer\lang\teasdk_fr.dll c:\program files\Real\RealPlayer\lang\tmdedit_fr.dll c:\program files\Real\RealPlayer\lang\tmp3_fr.dll c:\program files\Real\RealPlayer\lang\twave_fr.dll c:\program files\Real\RealPlayer\lang\upgrdhlp_fr.dll c:\program files\Real\RealPlayer\lang\upgrdlib_fr.dll c:\windows\patch.exe c:\windows\system\Color c:\windows\system32\Data c:\windows\system32\Thumbs.db . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_jztkg -------\Service_jztkg ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-28 au 2010-05-28 )))))))))))))))))))))))))))))))))))) . 2010-05-27 10:31 . 2010-05-27 10:31 -------- d-----w- C:\_OTL 2010-05-26 09:57 . 2010-05-26 10:37 -------- d-----w- C:\Ad-Remover 2010-05-25 12:44 . 2010-05-25 12:44 -------- d-----r- c:\documents and settings\NetworkService\Favoris 2010-05-25 12:32 . 2010-05-25 12:36 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-05-25 12:32 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-05-25 12:32 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-05-25 12:32 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-05-25 12:32 . 2010-05-25 12:32 -------- d-----w- c:\program files\Avira 2010-05-25 12:32 . 2010-05-25 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-05-10 12:49 . 2010-05-27 11:12 -------- d-----w- c:\documents and settings\GIOANNI\Application Data\vlc . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-27 14:24 . 2008-09-09 18:52 -------- d-----w- c:\program files\eMule 2010-05-27 11:03 . 2009-12-18 16:47 -------- d-----w- c:\documents and settings\GIOANNI\Application Data\dvdcss 2010-03-29 20:12 . 2005-09-01 04:53 64484 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-29 20:12 . 2005-09-01 04:53 446566 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-22 21:27 . 2010-03-22 21:27 27984 ---ha-w- c:\windows\system32\mlfcache.dat 2010-03-15 07:09 . 2010-03-15 07:09 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-03-15 07:09 . 2010-03-15 07:09 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-03-15 07:09 . 2010-03-15 07:09 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-03-15 07:09 . 2010-03-15 07:09 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-03-15 07:09 . 2010-03-15 07:09 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-03-15 07:09 . 2010-03-15 07:09 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-03-15 07:09 . 2010-03-15 07:09 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-03-15 07:09 . 2010-03-15 07:09 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-03-10 06:16 . 2005-09-01 04:53 420352 ----a-w- c:\windows\system32\vbscript.dll 2006-07-06 13:41 . 2006-07-06 13:41 251 ----a-w- c:\program files\wt3d.ini 2006-07-26 11:58 . 2006-07-06 12:25 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys . ------- Sigcheck ------- [-] 2008-10-18 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS [-] 2008-10-18 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys [-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-15 39408] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304] "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344] "MBMon"="CTMBHA.DLL" [2005-05-19 1345520] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168] "ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792] "AliceSAV"="c:\program files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 81408] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-13 149280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-03-15 202256] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-27 24576] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Visicom Media\\FTP Expert 3\\ftpxpert3.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Alice_Triway_WiFi\\Wizard\\CTD_FirmwareUpgrader.exe"= "c:\\Documents and Settings\\GIOANNI\\Mes documents\\telechargements\\visio.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:Port DCOM (135) "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [25/05/2010 14:32 108289] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 17:05 92008] . Contenu du dossier 'Tâches planifiées' 2010-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2006-07-05 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job - c:\windows\system32\OOBE\oobebaln.exe [2005-09-01 02:34] 2010-05-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2563222308-3252559340-1027808323-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] 2010-03-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2563222308-3252559340-1027808323-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] . . ------- Examen supplémentaire ------- . uInternet Settings,ProxyOverride = *.local DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090828122524 DPF: {983AB2CC-3D50-11D9-ADFE-00062919A34C} - hxxp://www.photoservice.com/activeX/newUpload.CAB FF - ProfilePath - c:\documents and settings\GIOANNI\Application Data\Mozilla\Firefox\Profiles\ygjwtv0e.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - component: c:\documents and settings\GIOANNI\Application Data\Mozilla\Firefox\Profiles\ygjwtv0e.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmidas.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin10.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin9.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin9.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-28 07:20 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run AliceSAV = c:\program files\TechCity Solutions\AliceSAV\AliceAgent.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(2832) c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTsvcCDA.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\windows\stsystra.exe c:\windows\system32\Rundll32.exe c:\windows\eHome\ehmsas.exe c:\docume~1\GIOANNI\LOCALS~1\Temp\clclean.0001 c:\program files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe c:\program files\Windows Live\Contacts\wlcomm.exe . ************************************************************************** . Heure de fin: 2010-05-28 07:28:52 - La machine a redémarré ComboFix-quarantined-files.txt 2010-05-28 05:28 Avant-CF: 151 072 350 208 octets libres Après-CF: 150 940 590 080 octets libres - - End Of File - - 7C00C46BC53553BCF45B0F099C0A0C53

Merci et bonne journée

ps : toutes mes excuses pour mon erreur de balise, skynet :-?

jeanmimigab · le 28 Mai 2010 11:58

hello,

je suis au taf, je regarde ça ce soir...
Combofix à quand même bien bossé,mais il craint le rapport....tu es sérieusement infecté :-?

Déconnecte ce PC d'internet physiquement (débranche le bable reseaux, désactive la carte wifi ou virer la clef wifi) en attendant le suite que je te filerais ce soir :wink:

Vue que des fichiers système sont patchés, sauvegarde tes document important sur un support externe, on ne sait jamais. :wink:

à ce soir

Skynet · le 28 Mai 2010 13:22

revefmr a écrit:ps : toutes mes excuses pour mon erreur de balise, skynet

Y a pas de mal

. C'est bien pratique ces balises [code], sans quoi on serait rendu à 3 pages. Et je parle pas du côté indigeste

.

jeanmimigab · le 28 Mai 2010 19:04

hello,

avant de remplacer les drivers patchés avec combofix, par précaution nous allons installer la console de récupération sur ton PC.

> clique sur ce lien correspondant à la version de ton Windows.
Microsoft Windows XP Professionnel SP2
> tu seras dirigé sur une page de téléchargement >> clique sur le bouton "télécharger" afin de récupérer le package d'installation et enregistre ce fichier sur ton bureau.

/!\ Ne modifie pas le nom du fichier surtout! /!\

Fait un glisser/déposer (/!\ pas un copier/coller /!\ ) de ce fichier sur le fichier ComboFix.exe comme sur la capture :

> Suis les indications à l'écran pour lancer ComboFix et lorsqu'on te le demande, accepte le Contrat de Licence d'utilisateur Final pour installer la console de récupération Microsoft.

> Lorsque ce sera terminé, un message te disant que la Console a bien été installée apparait, puis un rapport nommé CF_RC.txt va s'afficher: poste le contenu de ce rapport stp.

>>> PS: à présent lorsque tu démarreras ton pc, tu auras un choix à faire: soit démarrer Windows normalement, ou utiliser la Console de Récupération.

@++

> une fois la console installé, refait un scan avec combofix et poste le nouveau rapport stp.

revefmr · le 30 Mai 2010 11:07

bonjour,

Alors voila le rapport :

Code: Tout sélectionner: ComboFix 10-05-29.05 - GIOANNI 30/05/2010 11:56:47.2.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1584 [GMT 2:00] Lancé depuis: c:\documents and settings\GIOANNI\Bureau\machin.exe Commutateurs utilisés :: c:\documents and settings\GIOANNI\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\GIOANNI\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp c:\documents and settings\GIOANNI\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp . ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-28 au 2010-05-30 )))))))))))))))))))))))))))))))))))) . 2010-05-27 10:31 . 2010-05-27 10:31 -------- d-----w- C:\_OTL 2010-05-26 09:57 . 2010-05-26 10:37 -------- d-----w- C:\Ad-Remover 2010-05-25 12:44 . 2010-05-25 12:44 -------- d-----r- c:\documents and settings\NetworkService\Favoris 2010-05-25 12:32 . 2010-05-25 12:36 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-05-25 12:32 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-05-25 12:32 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-05-25 12:32 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-05-25 12:32 . 2010-05-25 12:32 -------- d-----w- c:\program files\Avira 2010-05-25 12:32 . 2010-05-25 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-05-10 12:49 . 2010-05-30 08:20 -------- d-----w- c:\documents and settings\GIOANNI\Application Data\vlc . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-27 14:24 . 2008-09-09 18:52 -------- d-----w- c:\program files\eMule 2010-05-27 11:03 . 2009-12-18 16:47 -------- d-----w- c:\documents and settings\GIOANNI\Application Data\dvdcss 2010-03-29 20:12 . 2005-09-01 04:53 64484 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-29 20:12 . 2005-09-01 04:53 446566 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-22 21:27 . 2010-03-22 21:27 27984 ---ha-w- c:\windows\system32\mlfcache.dat 2010-03-15 07:09 . 2010-03-15 07:09 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-03-15 07:09 . 2010-03-15 07:09 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-03-15 07:09 . 2010-03-15 07:09 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-03-15 07:09 . 2010-03-15 07:09 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-03-15 07:09 . 2010-03-15 07:09 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-03-15 07:09 . 2010-03-15 07:09 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-03-15 07:09 . 2010-03-15 07:09 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-03-15 07:09 . 2010-03-15 07:09 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-03-10 06:16 . 2005-09-01 04:53 420352 ----a-w- c:\windows\system32\vbscript.dll 2006-07-06 13:41 . 2006-07-06 13:41 251 ----a-w- c:\program files\wt3d.ini 2006-07-26 11:58 . 2006-07-06 12:25 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys . ------- Sigcheck ------- [-] 2008-10-18 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS [-] 2008-10-18 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys [-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-15 39408] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304] "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344] "MBMon"="CTMBHA.DLL" [2005-05-19 1345520] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168] "ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792] "AliceSAV"="c:\program files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 81408] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-13 149280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-03-15 202256] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-27 24576] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Visicom Media\\FTP Expert 3\\ftpxpert3.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Alice_Triway_WiFi\\Wizard\\CTD_FirmwareUpgrader.exe"= "c:\\Documents and Settings\\GIOANNI\\Mes documents\\telechargements\\visio.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:Port DCOM (135) "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [25/05/2010 14:32 108289] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 17:05 92008] . Contenu du dossier 'Tâches planifiées' 2010-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2006-07-05 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job - c:\windows\system32\OOBE\oobebaln.exe [2005-09-01 02:34] 2010-05-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2563222308-3252559340-1027808323-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] 2010-03-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2563222308-3252559340-1027808323-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] . . ------- Examen supplémentaire ------- . uInternet Settings,ProxyOverride = *.local DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090828122524 DPF: {983AB2CC-3D50-11D9-ADFE-00062919A34C} - hxxp://www.photoservice.com/activeX/newUpload.CAB FF - ProfilePath - c:\documents and settings\GIOANNI\Application Data\Mozilla\Firefox\Profiles\ygjwtv0e.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - component: c:\documents and settings\GIOANNI\Application Data\Mozilla\Firefox\Profiles\ygjwtv0e.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-30 12:00 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run AliceSAV = c:\program files\TechCity Solutions\AliceSAV\AliceAgent.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2010-05-30 12:04:11 ComboFix-quarantined-files.txt 2010-05-30 10:04 ComboFix2.txt 2010-05-28 05:28 Avant-CF: 150 857 494 528 octets libres Après-CF: 150 827 143 168 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect - - End Of File - - 7831F6CF217A1576B25CA032ADE58FFB

et le nouveau rapport :

Code: Tout sélectionner: ComboFix 10-05-29.05 - GIOANNI 30/05/2010 12:10:38.3.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1547 [GMT 2:00] Lancé depuis: c:\documents and settings\GIOANNI\Bureau\machin.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-28 au 2010-05-30 )))))))))))))))))))))))))))))))))))) . 2010-05-27 10:31 . 2010-05-27 10:31 -------- d-----w- C:\_OTL 2010-05-26 09:57 . 2010-05-26 10:37 -------- d-----w- C:\Ad-Remover 2010-05-25 12:44 . 2010-05-25 12:44 -------- d-----r- c:\documents and settings\NetworkService\Favoris 2010-05-25 12:32 . 2010-05-25 12:36 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-05-25 12:32 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-05-25 12:32 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-05-25 12:32 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-05-25 12:32 . 2010-05-25 12:32 -------- d-----w- c:\program files\Avira 2010-05-25 12:32 . 2010-05-25 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-05-10 12:49 . 2010-05-30 08:20 -------- d-----w- c:\documents and settings\GIOANNI\Application Data\vlc . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-27 14:24 . 2008-09-09 18:52 -------- d-----w- c:\program files\eMule 2010-05-27 11:03 . 2009-12-18 16:47 -------- d-----w- c:\documents and settings\GIOANNI\Application Data\dvdcss 2010-03-29 20:12 . 2005-09-01 04:53 64484 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-29 20:12 . 2005-09-01 04:53 446566 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-22 21:27 . 2010-03-22 21:27 27984 ---ha-w- c:\windows\system32\mlfcache.dat 2010-03-15 07:09 . 2010-03-15 07:09 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-03-15 07:09 . 2010-03-15 07:09 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-03-15 07:09 . 2010-03-15 07:09 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-03-15 07:09 . 2010-03-15 07:09 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-03-15 07:09 . 2010-03-15 07:09 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-03-15 07:09 . 2010-03-15 07:09 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-03-15 07:09 . 2010-03-15 07:09 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-03-15 07:09 . 2010-03-15 07:09 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-03-10 06:16 . 2005-09-01 04:53 420352 ----a-w- c:\windows\system32\vbscript.dll 2006-07-06 13:41 . 2006-07-06 13:41 251 ----a-w- c:\program files\wt3d.ini 2006-07-26 11:58 . 2006-07-06 12:25 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys . ------- Sigcheck ------- [-] 2008-10-18 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS [-] 2008-10-18 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys [-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-15 39408] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304] "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344] "MBMon"="CTMBHA.DLL" [2005-05-19 1345520] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168] "ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792] "AliceSAV"="c:\program files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 81408] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-13 149280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-03-15 202256] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-27 24576] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Visicom Media\\FTP Expert 3\\ftpxpert3.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Alice_Triway_WiFi\\Wizard\\CTD_FirmwareUpgrader.exe"= "c:\\Documents and Settings\\GIOANNI\\Mes documents\\telechargements\\visio.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:Port DCOM (135) "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [25/05/2010 14:32 108289] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 17:05 92008] . Contenu du dossier 'Tâches planifiées' 2010-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2006-07-05 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job - c:\windows\system32\OOBE\oobebaln.exe [2005-09-01 02:34] 2010-05-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2563222308-3252559340-1027808323-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] 2010-03-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2563222308-3252559340-1027808323-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] . . ------- Examen supplémentaire ------- . uInternet Settings,ProxyOverride = *.local DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090828122524 DPF: {983AB2CC-3D50-11D9-ADFE-00062919A34C} - hxxp://www.photoservice.com/activeX/newUpload.CAB FF - ProfilePath - c:\documents and settings\GIOANNI\Application Data\Mozilla\Firefox\Profiles\ygjwtv0e.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - component: c:\documents and settings\GIOANNI\Application Data\Mozilla\Firefox\Profiles\ygjwtv0e.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-30 12:13 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run AliceSAV = c:\program files\TechCity Solutions\AliceSAV\AliceAgent.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(1944) c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Heure de fin: 2010-05-30 12:15:21 ComboFix-quarantined-files.txt 2010-05-30 10:15 ComboFix2.txt 2010-05-30 10:04 ComboFix3.txt 2010-05-28 05:28 Avant-CF: 150 840 475 648 octets libres Après-CF: 150 821 580 800 octets libres - - End Of File - - BC52B48684B5ADF47748551A88E1A1AD

sérieusement infecté?...oups tu m'inquiéte là :-?

Merci et bon dimanche

jeanmimigab · le 30 Mai 2010 12:03

bonjour revefmr :wink:

C'est OK, c'est bien installé, on va pouvoir travailler plus sereinement :wink:

fais cela stp...

> crées un nouveau document texte sur ton bureau
> pour cela clic-droit sur le bureau > Nouveau > document texte > copies et colles le contenu de la citation ci-dessous à l'intérieur

KillAll::
File::
c:\program files\wt3d.ini

FCOPY::
c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys | c:\windows\system32\drivers\TCPIP.SYS
c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys | c:\windows\system32\dllcache\TCPIP.SYS
c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys | c:\windows\$NtUninstallKB951748_0$\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys | c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys | c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys | c:\windows\$NtUninstallKB941644$\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys | c:\windows\$NtUninstallKB917953$\tcpip.sys

Respectes à la lettre la procédure d'enregistrement suivante,c'est très important

> ensuite cliques sur "fichier" > "enregistrer sous..."
> dans la fenêtre d'enregistrement choisis le bureau comme destination > dans type choisis "tous les fichiers" > et dans nom du fichier tape CFScript.txt > ensuite cliques sur enregistrer et fermes le document texte.

> fais un glisser/déposer(clic-gauche enfoncé sur CFScrit.txt et tu fais glisser) de ce fichier CFScript.txt sur le fichier ComboFix.exe(dans ton cas c'est "machin.exe") comme sur cette capture.

> une fenêtre bleue va apparaître >>suis les instructions
> patientes le temps du scan. Le bureau va disparaître à plusieurs reprises,c'est normal!
> ne touches à rien tant que le scan n'est pas terminé
> une fois le scan achevé, un rapport va s'afficher,postes son contenu dans ta prochaine réponse.
> si le rapport ne s'ouvre pas, il se trouve à cet emplacement C:\ComboFix.txt

@++

cheval de Troie TR/StartPage.zkt [Résolu]

cheval de Troie TR/StartPage.zkt [Résolu]

Re: cheval de Troie TR/StartPage.zkt

Re: cheval de Troie TR/StartPage.zkt

Re: cheval de Troie TR/StartPage.zkt

Re: cheval de Troie TR/StartPage.zkt

Re: cheval de Troie TR/StartPage.zkt

Re: cheval de Troie TR/StartPage.zkt

Re: cheval de Troie TR/StartPage.zkt

Re: cheval de Troie TR/StartPage.zkt

Re: cheval de Troie TR/StartPage.zkt

Re: cheval de Troie TR/StartPage.zkt

Re: cheval de Troie TR/StartPage.zkt

Re: cheval de Troie TR/StartPage.zkt

Re: cheval de Troie TR/StartPage.zkt

Sujets similaires

Qui est en ligne