[Réglé] Redirection intempestive ? un trojan ?

primat911 · le 18 Mai 2011 09:04

Bonjour,

Depuis hier des fenetres internet explorer s'ouvrent toutes seules et mon pc est vraiment très lent comparé à d'habitude.
Mon antivirus (Avira) détecte également un trojan toutes les 10 minutes (Il en a détecté plusieurs) :
- TR/Spy.8704.192
- TR/Dropper.Gen
- TR/Crypt.ZPACK.Gen

Quelqu'un sait-il comment s'en débarrasser ?

Merci pour votre aide.

mlkgiosn · le 18 Mai 2011 09:32

Télécharge Spybot search and destroy, moi je l'ai utilisé, ça marché, après, je sais pas si ça fonctionne avec,tous les trojan.

danakil · le 18 Mai 2011 10:37

Salut à tous!

mlkgiosn,
Spybot est maintenant obsolète face aux nouvelles infections qui sont de plus en plus complexes.

primat911,
Applique cette procédure ---)> preparer-demande-aide-desinfection-vt-55699.html
et poste tes rapports ici.

Un helper te prendra rapidement en compte et t'aidera dans la désinfection de ton PC. :wink:

primat911 · le 18 Mai 2011 12:36

Merci pour vos réponses.
J'ai tenté de régler le problème avec Spybot, sans succès...

J'ai donc suivi la procédure recommandée par danakil.

Voici les liens vers les rapports du scan OTL :

Rapport "OTL.txt" : http://rub47a.alterupload.com/
Rapport "Extra.txt" : http://nl3njo.alterupload.com/

Merci de votre aide !

primat911 · le 18 Mai 2011 14:59

Voici les rapports de OTL :

"OTL.txt" :

Code: Tout sélectionner: OTL logfile created on: 18/05/2011 13:04:55 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrateur\Bureau Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 220,86 Gb Total Space | 194,06 Gb Free Space | 87,87% Space Free | Partition Type: NTFS Drive D: | 12,00 Gb Total Space | 8,02 Gb Free Space | 66,80% Space Free | Partition Type: NTFS Computer Name: PC-MATHIEU | User Name: Administrateur | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011/05/18 13:00:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe PRC - [2011/05/17 16:14:24 | 000,131,072 | ---- | M] (Simon Tatham) -- C:\Documents and Settings\Administrateur\Local Settings\Temp\Sxn.exe PRC - [2011/05/17 16:14:23 | 000,144,896 | ---- | M] (Simon Tatham) -- C:\Documents and Settings\Administrateur\Local Settings\Temp\Sxk.exe PRC - [2011/05/17 16:14:20 | 000,141,312 | ---- | M] (Simon Tatham) -- C:\WINDOWS\Sbasoa.exe PRC - [2011/05/14 09:46:46 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011/03/04 14:38:18 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011/03/04 14:38:17 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/03/18 11:29:50 | 005,140,264 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe PRC - [2010/03/18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2010/01/14 21:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/01/24 12:36:22 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe PRC - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011/05/18 13:00:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe MOD - [2010/08/23 18:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (0207241239039166mcinstcleanup) McAfee Application Installer Cleanup (0207241239039166) SRV - [2011/05/18 09:03:47 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Fichiers communs\Akamai\netsession_win_8832f4b.dll -- (Akamai) SRV - [2011/05/17 18:17:47 | 000,032,256 | ---- | M] (Lcknfvklyr Software) [Auto | Stopped] -- C:\WINDOWS\TEMP\gfgq\setup.exe -- (AMService) SRV - [2011/05/14 09:46:46 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/03/04 14:38:18 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/03/18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2008/11/04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/01/24 12:36:22 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006/11/06 13:31:14 | 000,887,544 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9) SRV - [2006/11/01 11:17:32 | 000,073,728 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe -- (stllssvr) SRV - [2006/10/26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011/03/04 14:38:47 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/06/17 14:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/06/17 14:27:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/06/05 15:16:32 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2008/07/11 15:44:00 | 000,191,872 | ---- | M] (Altiris, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\fslx.sys -- (FSLX) DRV - [2008/02/22 10:22:56 | 000,009,168 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM) DRV - [2008/02/22 10:22:38 | 000,094,384 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2008/02/22 10:22:38 | 000,034,832 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM) DRV - [2008/02/22 10:22:36 | 000,097,584 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2008/02/22 10:22:36 | 000,026,032 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2008/02/22 10:22:34 | 000,032,208 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2008/02/22 10:22:34 | 000,014,256 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2008/02/22 10:22:32 | 000,104,240 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2007/11/06 19:23:56 | 004,622,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M) DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2004/08/03 19:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4) DRV - [2004/08/03 19:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3) DRV - [2004/08/03 19:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5) DRV - [2004/08/03 19:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4) DRV - [2004/08/03 19:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6) DRV - [2004/08/03 19:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3) DRV - [2004/08/03 19:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1) DRV - [2004/08/03 19:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0) DRV - [2004/08/03 19:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7) DRV - [2004/08/03 19:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5) DRV - [2004/08/03 19:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6) DRV - [2004/08/03 19:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x) DRV - [2004/08/03 19:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0) DRV - [2004/08/03 19:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1) DRV - [2004/08/03 19:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2) DRV - [2002/04/04 07:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com IE - HKU\S-1-5-21-2045978830-717742067-2062412146-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=all&pf=cmdt IE - HKU\S-1-5-21-2045978830-717742067-2062412146-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://elink/ IE - HKU\S-1-5-21-2045978830-717742067-2062412146-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2045978830-717742067-2062412146-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/12 16:29:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/12 16:29:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/04/21 17:02:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/04/21 16:54:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions [2011/05/12 16:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\98ketgyo.default\extensions [2010/04/28 09:28:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\98ketgyo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/06/24 09:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/05/12 16:29:31 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2011/05/12 16:29:34 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2011/05/12 16:29:34 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml [2011/05/12 16:29:34 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2011/05/12 16:29:34 | 000,001,154 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2006/09/10 13:35:08 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml [2011/05/12 16:29:34 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2011/05/12 16:29:34 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml Hosts file not found O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\S-1-5-21-2045978830-717742067-2062412146-500\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O3 - HKU\S-1-5-21-2045978830-717742067-2062412146-500\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Fichiers communs\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Fichiers communs\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKU\S-1-5-21-2045978830-717742067-2062412146-500..\Run: [OO1310T0QS] C:\WINDOWS\Sbasoa.exe (Simon Tatham) O4 - HKU\S-1-5-21-2045978830-717742067-2062412146-500..\Run: [SNJQ66R8MU] C:\Documents and Settings\Administrateur\Local Settings\Temp\Sxk.exe (Simon Tatham) O4 - HKLM..\RunOnce: [SpybotSnD] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2045978830-717742067-2062412146-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2045978830-717742067-2062412146-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-2045978830-717742067-2062412146-500\..Trusted Domains: elink ([]http in Intranet local) O15 - HKU\S-1-5-21-2045978830-717742067-2062412146-500\..Trusted Domains: global-sp.net ([elink2] https in Intranet local) O16 - DPF: {1AE1A885-D62D-47E0-888B-7DF6C5F3ED90} https://elink2.global-sp.net/elinkapps/lafayette/activex/F/QueryFileXControl1.cab (NextApplication QueryToFile) O16 - DPF: {1DB64F2F-759E-4C59-80ED-3DE81F3990B5} https://elink2.global-sp.net/elinkapps/lafayette/activex/F/DocModelWizardPanelXControl1.cab (NextApplication DocModelWizard) O16 - DPF: {3AF14C87-6651-48C4-9954-612864D493C1} https://elink2.global-sp.net/elinkapps/lafayette/activex/F/RemoteInstallerActiveX.cab (NextApplication Remote Installer) O16 - DPF: {447010E7-FEB0-11D4-B49F-00805F9B9CF9} https://elink2.global-sp.net/elinkapps/lafayette/activex/F/eLinkDocLoader.cab (NextApplication DocLoader) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239023427156 (MUWebControl Class) O16 - DPF: {7B8A77AE-CBFC-460B-8A28-6383850614C4} https://elink2.global-sp.net/elinkapps/econfig/activex/F/FreeFieldManagerPanelXControl1.cab (NextApplication FreeFieldManager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {A5313A9A-79E2-4420-93B3-C72A5154A39A} https://elink2.global-sp.net/elinkapps/econfig//activex/F/EditUserPanelXControl1.cab (NextApplication EditUser) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {D4D8CDBB-D6A8-4E7A-8608-FDE5DB8A70D3} https://elink2.global-sp.net/elinkapps/lafayette/activex/F/QueryWizardPanelXControl1.cab (NextApplication QueryWizard) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EF219FF0-027C-44C6-B30E-E69ADE2EEF05} https://elink2.global-sp.net/elinkapps/lafayette/activex/F/ScriptClientXControl1.cab (NextApplication ScriptClient) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 () - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.gif O24 - Desktop Components:1 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Administrateur\Mes documents\Mes images\Phang_Nga_Bay_Phuket_Thailand.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrateur\Mes documents\Mes images\Phang_Nga_Bay_Phuket_Thailand.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk D:\ O33 - MountPoints2\{7981e481-ebba-11de-ae5e-002264bf879b}\Shell\AutoRun\command - "" = K:\xmor.exe O33 - MountPoints2\{7981e481-ebba-11de-ae5e-002264bf879b}\Shell\open\Command - "" = K:\xmor.exe O33 - MountPoints2\{b3549240-efa5-11de-ae60-002264bf879b}\Shell - "" = AutoRun O33 - MountPoints2\{b3549240-efa5-11de-ae60-002264bf879b}\Shell\AutoRun\command - "" = K:\laucher.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: SSHNAS - File not found MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation) MsConfig - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]AVG8_TRAY[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]CTFMON.EXE[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]Google Update[/b] - hkey= - key= - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig - StartUpReg: [b]HotKeysCmds[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]HP Software Update[/b] - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.) MsConfig - StartUpReg: [b]IgfxTray[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]IRISCard 4 button manager[/b] - hkey= - key= - C:\Program Files\IRISCard 4 Pro\bmana620.exe () MsConfig - StartUpReg: [b]LightScribe Control Panel[/b] - hkey= - key= - C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) MsConfig - StartUpReg: [b]PDF Complete[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]Persistence[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]Recguard[/b] - hkey= - key= - C:\WINDOWS\SMINST\Recguard.exe () MsConfig - StartUpReg: [b]Reminder[/b] - hkey= - key= - C:\WINDOWS\CREATOR\Remind_XP.exe () MsConfig - StartUpReg: [b]RoxioDragToDisc[/b] - hkey= - key= - C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio) MsConfig - StartUpReg: [b]Scheduler[/b] - hkey= - key= - C:\WINDOWS\SMINST\Scheduler.exe () MsConfig - StartUpReg: [b]SetRefresh[/b] - hkey= - key= - C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe" ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Lecteur Windows Media Microsoft 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Mise à jour de sécurité pour Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {72AD53CC-CCC0-3757-8480-9EE176866A7C} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/05/18 13:00:54 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe [2011/05/18 10:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011/05/18 10:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2011/05/18 09:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Mes documents\Backup outlook [2011/05/17 17:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2011/05/17 16:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun [2011/05/17 16:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2011/05/17 16:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2011/05/17 16:14:26 | 000,141,312 | ---- | C] (Simon Tatham) -- C:\WINDOWS\Sbasoa.exe [2011/05/17 09:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Avira [2011/05/13 09:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Avira [2011/05/13 09:40:57 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2011/05/13 09:40:55 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2011/05/13 09:40:55 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2011/05/13 09:40:55 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2011/05/13 09:40:55 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2011/05/13 09:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2011/05/13 09:40:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira [2011/05/13 09:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Mes documents\Perso [2011/05/12 16:47:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Apple Computer [2011/05/12 16:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Apple Computer [2011/05/12 16:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Safari [2011/05/12 16:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2011/05/12 16:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011/05/12 16:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Apple [2011/05/12 16:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Apple [2011/05/12 16:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2011/05/12 16:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/05/18 13:07:48 | 000,000,306 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2011/05/18 13:04:48 | 000,000,306 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011/05/18 13:03:59 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2011/05/18 13:00:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe [2011/05/18 12:52:06 | 000,000,264 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job [2011/05/18 12:51:00 | 000,001,184 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2045978830-717742067-2062412146-500UA.job [2011/05/18 12:34:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/05/18 12:32:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/05/18 12:32:00 | 2137,247,744 | -HS- | M] () -- C:\hiberfil.sys [2011/05/17 16:14:20 | 000,141,312 | ---- | M] (Simon Tatham) -- C:\WINDOWS\Sbasoa.exe [2011/05/17 12:29:47 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Administrateur\.ecofax.db [2011/05/16 02:00:00 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-HP_LA_002-Administrateur.job [2011/05/16 00:51:00 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2045978830-717742067-2062412146-500Core.job [2011/05/13 09:15:04 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\MoM.lnk [2011/05/13 09:04:10 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\EcoFax.lnk [2011/05/12 16:47:14 | 000,062,376 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat [2011/05/12 16:46:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/05/12 12:42:44 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/05/05 09:40:46 | 000,002,547 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk [2011/05/05 09:31:45 | 000,002,593 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/05/18 12:36:30 | 000,000,264 | -H-- | C] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job [2011/05/18 11:56:51 | 000,000,306 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2011/05/18 11:45:43 | 000,000,306 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011/05/13 09:15:04 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\MoM.lnk [2011/05/13 09:04:10 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\EcoFax.lnk [2011/05/12 16:47:14 | 000,062,376 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011/05/12 16:47:02 | 000,002,205 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2011/05/12 16:47:02 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Safari.lnk [2011/05/12 16:46:23 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/05/12 16:46:21 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Apple Software Update.lnk [2011/05/12 16:29:40 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk [2010/10/28 10:38:45 | 000,003,291 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.dat [2010/10/28 10:37:35 | 000,869,608 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe [2010/10/28 10:37:35 | 000,013,783 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat [2010/10/01 11:15:54 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2010/10/01 11:15:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe [2010/04/22 14:59:39 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/03/25 12:09:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/01/13 15:27:32 | 000,000,392 | ---- | C] () -- C:\WINDOWS\cardiris.INI [2009/07/06 10:20:23 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2009/04/30 12:00:10 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009/04/26 10:29:55 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009/04/22 09:56:26 | 000,037,075 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Valeurs séparées par une virgule (Windows).ADR [2009/04/22 09:50:45 | 000,037,071 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Valeurs séparées par une virgule (DOS).ADR [2009/04/21 16:54:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/04/20 14:52:30 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2009/04/20 14:52:24 | 000,000,134 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini [2009/04/20 14:52:03 | 000,000,806 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini [2009/04/20 14:42:58 | 000,153,391 | ---- | C] () -- C:\WINDOWS\hpwins05.dat [2009/04/06 14:54:49 | 000,055,792 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL [2009/04/06 14:54:49 | 000,000,167 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009/01/28 08:37:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll [2009/01/28 08:35:23 | 000,000,986 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2009/01/27 23:11:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009/01/27 22:53:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2009/01/27 22:53:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2009/01/27 22:53:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2009/01/27 22:53:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2009/01/27 22:53:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2009/01/27 22:53:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2009/01/27 22:52:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2009/01/27 22:45:23 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fusioncache.dat [2008/05/26 22:23:32 | 000,016,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008/05/26 22:23:30 | 000,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008/05/26 22:23:28 | 000,016,036 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2008/02/28 18:02:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/09/26 01:07:52 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\A620USD.dll [2006/09/24 23:02:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll [2006/09/24 23:02:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll [2006/09/20 10:25:44 | 000,012,416 | ---- | C] () -- C:\WINDOWS\hpwscr05.dat [2006/09/07 21:41:04 | 000,003,953 | ---- | C] () -- C:\WINDOWS\hpwmdl05.dat [2006/05/08 11:54:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006/05/08 11:33:20 | 000,536,438 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat [2006/05/08 11:33:20 | 000,444,600 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006/05/08 11:33:20 | 000,094,962 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat [2006/05/08 11:33:20 | 000,072,476 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006/05/08 11:29:10 | 000,320,336 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006/05/08 11:21:30 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006/05/08 11:16:30 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006/03/02 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006/03/02 04:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat [2006/03/02 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006/03/02 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006/03/02 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006/03/02 04:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat [2006/03/02 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006/03/02 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006/03/02 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006/03/02 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2002/05/28 09:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/05/28 09:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001/07/07 03:00:00 | 000,003,279 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI [color=#E56717]========== LOP Check ==========[/color] [2010/06/14 10:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/06/09 17:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\FileZilla [2011/02/01 13:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Image Zone Express [2009/06/08 11:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\InterVideo [2010/05/25 09:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\kompozer.net [2010/01/13 15:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Kscan [2009/04/07 03:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\SampleView [2010/03/26 11:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\TeamViewer [2009/04/21 17:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Thunderbird [2009/04/29 09:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Windows Desktop Search [2009/05/14 10:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Windows Search [2010/06/03 10:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe [2009/04/07 03:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} [2009/04/07 03:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView [2011/05/18 13:04:48 | 000,000,306 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011/05/18 12:52:06 | 000,000,264 | -H-- | M] () -- C:\WINDOWS\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job [2011/05/18 13:07:48 | 000,000,306 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color] [2011/03/07 10:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2011/05/12 16:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple [2011/05/12 16:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2011/05/13 09:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira [2009/04/20 15:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP [2011/03/03 16:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee [2010/07/16 14:09:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2011/05/12 03:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help [2010/06/03 10:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe [2009/04/06 14:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio [2009/04/30 10:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype [2009/04/06 16:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic [2011/05/18 12:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2009/04/06 15:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2009/04/07 03:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color] [2007/03/23 23:10:17 | 003,124,038 | ---- | M] (Microsoft Corporation ) -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe [2010/03/01 23:44:10 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\java-rmi.exe [2010/03/01 23:44:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\java.exe [2010/03/01 23:44:10 | 000,059,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\javacpl.exe [2010/03/01 23:44:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\javaw.exe [2010/03/01 23:44:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\javaws.exe [2010/03/01 23:44:12 | 000,079,648 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jbroker.exe [2010/03/01 23:44:12 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jp2launcher.exe [2010/03/01 23:44:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jqs.exe [2010/03/01 23:44:12 | 000,055,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jqsnotify.exe [2010/03/01 23:44:12 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jucheck.exe [2010/03/01 23:44:12 | 000,055,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jureg.exe [2010/03/01 23:44:14 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\jusched.exe [2010/03/01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\keytool.exe [2010/03/01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\kinit.exe [2010/03/01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\klist.exe [2010/03/01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\ktab.exe [2010/03/01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\orbd.exe [2010/03/01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\pack200.exe [2010/03/01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\policytool.exe [2010/03/01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\rmid.exe [2010/03/01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\rmiregistry.exe [2010/03/01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\servertool.exe [2010/03/01 23:44:14 | 000,030,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\ssvagent.exe [2010/03/01 23:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\tnameserv.exe [2010/03/01 23:44:14 | 000,132,896 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\unpack200.exe [2011/01/30 22:44:49 | 000,337,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1036-7B44-AA0000000001}\setup.exe [2011/03/21 20:25:20 | 000,072,488 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.21.1\SetupAdmin.exe [color=#A23BEC]< %APPDATA%\*. >[/color] [2010/10/28 10:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\AccurateRip [2011/03/03 16:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Adobe [2011/05/12 16:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Apple Computer [2011/05/17 09:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Avira [2010/06/14 10:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/04/23 16:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\dvdcss [2010/06/09 17:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\FileZilla [2009/08/17 14:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\HP [2009/04/07 03:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Identities [2011/02/01 13:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Image Zone Express [2009/04/07 03:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\InstallShield [2009/06/08 11:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\InterVideo [2010/05/25 09:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\kompozer.net [2010/01/13 15:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Kscan [2009/04/23 10:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Macromedia [2011/04/29 11:16:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrateur\Application Data\Microsoft [2011/05/04 01:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla [2009/04/06 16:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Roxio [2009/04/07 03:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\SampleView [2009/09/22 10:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Skype [2009/09/22 10:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\skypePM [2009/04/07 03:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Sun [2009/04/21 17:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Talkback [2010/03/26 11:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\TeamViewer [2009/04/21 17:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Thunderbird [2011/03/03 10:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\vlc [2009/04/29 09:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Windows Desktop Search [2009/05/14 10:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Windows Search [color=#A23BEC]< %APPDATA%\*.exe /s >[/color] [2010/06/02 17:06:06 | 000,038,784 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2006/03/02 09:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys [2006/03/02 04:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2009/04/06 15:36:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2009/04/06 15:36:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [color=#A23BEC]< MD5 for: AHCIX86.SYS >[/color] [2007/10/26 14:25:14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\compaq\HPBackup\update\DRIVERS\STORAGE\ahcix86.sys [2007/10/26 14:25:14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\WINDOWS\DRIVERS\STORAGE\ahcix86.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2006/03/02 09:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys [2006/03/02 04:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2009/04/06 15:36:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2009/04/06 15:36:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2006/03/02 09:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\i386\sp2.cab:cdrom.sys [2006/03/02 04:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2009/04/06 15:36:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2009/04/06 15:36:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2006/03/02 04:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: CHANGER.SYS >[/color] [2006/03/02 09:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\i386\sp2.cab:Changer.sys [2006/03/02 04:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys [2009/04/06 15:36:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys [2009/04/06 15:36:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys [2008/04/13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys [color=#A23BEC]< MD5 for: DISK.SYS >[/color] [2006/03/02 09:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys [2006/03/02 04:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys [2009/04/06 15:36:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys [2009/04/06 15:36:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys [2006/03/02 04:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys [2008/04/13 20:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys [2008/04/13 20:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2006/03/02 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2006/03/02 04:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\$NtUninstallKB952117-v2$\ndis.sys [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2006/03/02 04:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtUninstallKB952117-v2_0$\ndis.sys [2008/04/25 11:41:50 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=83F1B9DD1BC1F8D0A4A00F1B34DDE5EF -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [2008/04/25 13:36:51 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=B5B1080D35974C0E718D64280761BCD5 -- C:\WINDOWS\$hf_mig$\KB952117-v2\SP3QFE\ndis.sys [2008/04/25 13:36:51 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=B5B1080D35974C0E718D64280761BCD5 -- C:\WINDOWS\system32\dllcache\ndis.sys [2008/04/25 13:36:51 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=B5B1080D35974C0E718D64280761BCD5 -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll [2006/03/02 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [color=#A23BEC]< MD5 for: NVGTS.SYS >[/color] [2007/12/13 16:03:34 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=4BA137ADC66DBA401718FD6FA6E3F3BC -- C:\compaq\HPBackup\update\DRIVERS\STORAGE\nvgts.sys [2007/12/13 16:03:34 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=4BA137ADC66DBA401718FD6FA6E3F3BC -- C:\WINDOWS\DRIVERS\STORAGE\nvgts.sys [color=#A23BEC]< MD5 for: RASACD.SYS >[/color] [2006/03/02 04:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys [color=#A23BEC]< MD5 for: RDPWD.SYS >[/color] [2008/04/14 04:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys [2008/04/14 04:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\rdpwd.sys [2006/03/02 04:00:00 | 000,139,400 | ---- | M] (Microsoft Corporation) MD5=D4F5643D7714EF499AE9527FDCD50894 -- C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2006/03/02 04:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll [color=#A23BEC]< MD5 for: SFLOPPY.SYS >[/color] [2006/03/02 09:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\i386\sp2.cab:Sfloppy.sys [2006/03/02 04:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys [2009/04/06 15:36:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Sfloppy.sys [2009/04/06 15:36:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Sfloppy.sys [2006/03/02 04:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys [2008/04/13 20:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys [2008/04/13 20:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys [color=#A23BEC]< MD5 for: SPLITTER.SYS >[/color] [2006/03/02 09:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\i386\sp2.cab:splitter.sys [2006/03/02 04:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys [2009/04/06 15:36:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:splitter.sys [2009/04/06 15:36:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:splitter.sys [2004/08/03 20:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=8E186B8F23295D1E42C573B82B80D548 -- C:\WINDOWS\$NtServicePackUninstall$\splitter.sys [2008/04/13 20:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\ServicePackFiles\i386\splitter.sys [2008/04/13 20:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys [color=#A23BEC]< MD5 for: SWMIDI.SYS >[/color] [2009/04/06 15:36:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:swmidi.sys [2009/04/06 15:36:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:swmidi.sys [2008/04/13 20:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\ServicePackFiles\i386\swmidi.sys [2008/04/13 20:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys [2001/08/17 19:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\$NtServicePackUninstall$\swmidi.sys [color=#A23BEC]< MD5 for: TCPIP.SYS >[/color] [2008/04/13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys [2008/04/13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys [2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys [2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys [2006/03/02 04:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys [2008/06/20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys [2008/06/20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys [color=#A23BEC]< MD5 for: TDPIPE.SYS >[/color] [2006/03/02 04:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys [2008/04/14 04:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys [2008/04/14 04:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys [color=#A23BEC]< MD5 for: TDTCP.SYS >[/color] [2008/04/14 04:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys [2008/04/14 04:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys [2006/03/02 04:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys [color=#A23BEC]< MD5 for: USBPRINT.SYS >[/color] [2006/03/02 09:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbprint.sys [2006/03/02 04:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys [2009/04/06 15:36:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbprint.sys [2009/04/06 15:36:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbprint.sys [2008/04/13 20:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\ServicePackFiles\i386\usbprint.sys [2008/04/13 20:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\dllcache\usbprint.sys [2008/04/13 20:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys [color=#A23BEC]< MD5 for: USBSCAN.SYS >[/color] [2006/03/02 09:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbscan.sys [2006/03/02 04:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys [2009/04/06 15:36:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbscan.sys [2009/04/06 15:36:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbscan.sys [2008/04/13 20:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\ServicePackFiles\i386\usbscan.sys [2008/04/13 21:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\dllcache\usbscan.sys [2008/04/13 21:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2006/03/02 04:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2006/03/02 04:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\dxtmsft.dll [2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\dxtrans.dll [4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] < End of report >

danakil · le 18 Mai 2011 20:06

Re,

Hé bien cela sera avec moi!

Effectue ceci :
Ferme toutes les fenêtres actives sur ton PC.
Relance OTL > Clic droit dessus > "Exécuter en tant qu'Administrateur".
Dans l'interface d'OTL, vérifie que la case "Rapport minimal" soit bien cochée.
Copie et colle le contenu de la citation ci-dessous dans la fenêtre "Personnalisation" :

:Otl
PRC - [2011/05/17 16:14:23 | 000,144,896 | ---- | M] (Simon Tatham) -- C:\Documents and Settings\Administrateur\Local Settings\Temp\Sxk.exe
O4 - HKU\S-1-5-21-2045978830-717742067-2062412146-500\..\Run: [SNJQ66R8MU] C:\Documents and Settings\Administrateur\Local Settings\Temp\Sxk.exe (Simon Tatham)
O33 - MountPoints2\{7981e481-ebba-11de-ae5e-002264bf879b}\Shell\AutoRun\command - "" = K:\xmor.exe
O33 - MountPoints2\{7981e481-ebba-11de-ae5e-002264bf879b}\Shell\open\Command - "" = K:\xmor.exe
O33 - MountPoints2\{b3549240-efa5-11de-ae60-002264bf879b}\Shell - "" = AutoRun
O33 - MountPoints2\{b3549240-efa5-11de-ae60-002264bf879b}\Shell\AutoRun\command - "" = K:\laucher.exe
[2011/05/18 13:07:48 | 000,000,306 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/05/18 13:04:48 | 000,000,306 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/05/18 12:52:06 | 000,000,264 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/05/18 12:36:30 | 000,000,264 | -H-- | C] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/05/18 11:56:51 | 000,000,306 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/05/18 11:45:43 | 000,000,306 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/05/18 13:04:48 | 000,000,306 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/05/18 12:52:06 | 000,000,264 | -H-- | M] () -- C:\WINDOWS\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/05/18 13:07:48 | 000,000,306 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010/03/01 23:44:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\java.exe
[2006/05/08 11:33:20 | 000,094,962 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2006/05/08 11:33:20 | 000,072,476 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/02 04:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2006/03/02 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/05/08 11:33:20 | 000,536,438 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2006/05/08 11:33:20 | 000,444,600 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/02 04:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2006/03/02 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

:files
c:\documents and settings\administrateur\local settings\temp\sxk.exe
c:\documents and settings\all users\application data\adobe\cs5\jre\bin\java.exe

:Commands
[emptytemp]
[emptyflash]
[resethosts]
[reboot]

Clique sur le bouton "Correction".
Ne touche plus au PC avant son redémarrage.
A l'ouverture du PC un rapport va s'ouvrir --> 05182011_xxxxxx.log ... Si ce n'est le cas tu le retrouveras sous le même nom sur le Bureau ou alors dans son dossier --> C:\_OTL
Copie et colle ici en réponse le contenu de ce rapport.

primat911 · le 19 Mai 2011 10:33

Bonjour,

Voici le rapport obtenu :

Code: Tout sélectionner: All processes killed ========== OTL ========== No active process named Sxk.exe was found! Registry value HKEY_USERS\S-1-5-21-2045978830-717742067-2062412146-500\\Software\Microsoft\Windows\CurrentVersion\Run\\SNJQ66R8MU deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Sxk.exe moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7981e481-ebba-11de-ae5e-002264bf879b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7981e481-ebba-11de-ae5e-002264bf879b}\ not found. File K:\xmor.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7981e481-ebba-11de-ae5e-002264bf879b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7981e481-ebba-11de-ae5e-002264bf879b}\ not found. File K:\xmor.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3549240-efa5-11de-ae60-002264bf879b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b3549240-efa5-11de-ae60-002264bf879b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3549240-efa5-11de-ae60-002264bf879b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b3549240-efa5-11de-ae60-002264bf879b}\ not found. File K:\laucher.exe not found. C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job moved successfully. C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully. C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job moved successfully. File C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job not found. File C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job not found. File C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found. File C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found. File C:\WINDOWS\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job not found. File C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job not found. C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\bin\java.exe moved successfully. C:\WINDOWS\system32\perfc00C.dat moved successfully. C:\WINDOWS\system32\perfc009.dat moved successfully. C:\WINDOWS\system32\perfd00C.dat moved successfully. C:\WINDOWS\system32\perfd009.dat moved successfully. C:\WINDOWS\system32\perfh00C.dat moved successfully. C:\WINDOWS\system32\perfh009.dat moved successfully. C:\WINDOWS\system32\perfi00C.dat moved successfully. C:\WINDOWS\system32\perfi009.dat moved successfully. ========== FILES ========== File\Folder c:\documents and settings\administrateur\local settings\temp\sxk.exe not found. File\Folder c:\documents and settings\all users\application data\adobe\cs5\jre\bin\java.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 9200427 bytes ->Temporary Internet Files folder emptied: 1050126837 bytes ->Java cache emptied: 10289 bytes ->FireFox cache emptied: 53480622 bytes ->Apple Safari cache emptied: 64910336 bytes ->Flash cache emptied: 86343 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 41620 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 216005675 bytes ->Java cache emptied: 9531 bytes ->Flash cache emptied: 2255 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 4376960 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2244695 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 92953609 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 46609573 bytes Total Files Cleaned = 1 469,00 mb [EMPTYFLASH] User: Administrateur ->Flash cache emptied: 564 bytes User: All Users User: Default User ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb HOSTS file reset successfully OTL by OldTimer - Version 3.2.22.3 log created on 05192011_111546 Files\Folders moved on Reboot... C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KD9F0Z5B\view[1].asp moved successfully. File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1DRB466U\01[2].htm not found! C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1DRB466U\empty[2].htm moved successfully. File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1DRB466U\like[1].php not found! File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1DRB466U\viewid=41163613[1].htm not found! File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1DRB466U\viewid=41163613[2].htm not found! C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1DRB466U\xd_proxy[3].php moved successfully. File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0CKHWV9X\filmannex[1].htm not found! File\Folder C:\WINDOWS\temp\fla10.tmp not found! File\Folder C:\WINDOWS\temp\Perflib_Perfdata_72c.dat not found! Registry entries deleted on Reboot...

Je ne sais pas si cela est normal, mais le problème semble persister car des fenêtres intempestives continuent de s'ouvrir...
Merci encore pour ton aide !

danakil · le 19 Mai 2011 11:03

Je ne sais pas si cela est normal, mais le problème semble persister car des fenêtres intempestives continuent de s'ouvrir...

Oui car nous ne sommes qu'au début de la désinfection :wink:

Maintenant effectue ceci :

1/
Effectue une analyse rapide du PC avec MalWareByte's.
Regarde ici pour un tuto en images ---)> tutoriel-malwarebytes-anti-malware-vt-46564.html
Prends le temps de bien le lire afin de manipuler facilement le tool.

Consignes d'utilisation :
- Le lien de téléchargement du tool (version 1.50) se trouve en bas de la page de la logithéque.
- Effectue une mise à jour du tool avant de lancer le scan.
- Effectue une 'analyse rapide' > Enfin d'analyse coche les cases des nuisibles détectés et clique sur le bouton Supprimer la sélection.
- Poste moi le rapport de suppression.

2/
Relance OTL > Coche la case 'rapport minimal' > Colle cette citation dans la fenêtre 'Personnalisation' :

netsvcs
drivers32
%systemdrive%\*.*
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
createrestorepoint
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
savembr:0

> Clique sur le bouton 'Analyse'.
> Tu obtiendras un nouveau rapport OTL > Poste le moi.

primat911 · le 19 Mai 2011 11:42

Voici le rapport de suppression de Malwarebytes :

Code: Tout sélectionner: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Version de la base de données: 6616 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 19/05/2011 12:38:54 mbam-log-2011-05-19 (12-38-54).txt Type d'examen: Examen rapide Elément(s) analysé(s): 155337 Temps écoulé: 4 minute(s), 50 seconde(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 5 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 4 Processus mémoire infecté(s): c:\WINDOWS\Sbasoa.exe (Trojan.Downloader) -> 3612 -> Unloaded process successfully. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\OO1310T0QS (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\SNJQ66R8MU (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\idgbn5xehg (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OO1310T0QS (Trojan.Downloader) -> Value: OO1310T0QS -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5Z3U4G4I5X6G3F7JXBZOJQSGFEOCE (Spyware.Passwords.XGen) -> Value: 5Z3U4G4I5X6G3F7JXBZOJQSGFEOCE -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): c:\newdnswatch (Trojan.SpyEyes) -> Quarantined and deleted successfully. Fichier(s) infecté(s): c:\WINDOWS\Sbasoa.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\newdnswatch\newdnswatch.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\newdnswatch\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully. c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

primat911 · le 19 Mai 2011 12:00

et le rapport OTL : http://t3e8ri.dl4free.com/

danakil · le 19 Mai 2011 20:53

OK!

Encore une petite procédure :
Télécharge AD-REMOVER de de Cyrildu17 / C_XX sur ton Bureau.

Déconnecte-toi et ferme toutes applications en cours.
Désactive provisoirement et seulement le temps de l'utilisation de AD-Remover, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de nettoyage de l'outil.
Une aide ici ---)> http://forum.pcastuces.com/desactiver_l ... -f31s4.htm

Double-clics sur le programme d'installation AD-R.exe.
(Vista et Seven : clic droit dessus --> Exécuter en tant qu'Administrateur)
Appliques les instructions d'installation.

Une fois installé ...
Double-clics sur l'icône AD-R.exe située sur ton Bureau.
(Vista et Seven : clic droit dessus --> Exécuter en tant qu'Administrateur)

Au menu principal, choisis l'option Nettoyer.

Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report(clean).txt )

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure.

Petites questions :
Les redirections sont uniquement visibles sur Internet Explorer?
Les redirections sont des changements de la page en cours d'exploitation ou alors cela t'ouvre une deuxième page?

primat911 · le 20 Mai 2011 09:26

Bonjour,

Merci beaucoup pour tes réponses, je ne sais pas comment j'aurais pu m'en sortir sans toi et ce forum :wink:

Voici le rapport de AD-R :

Code: Tout sélectionner: ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 10:05:32 le 20/05/2011, Mode normal Microsoft Windows XP Professionnel Service Pack 3 (X86) Administrateur@PC-MATHIEU ( ) ============== ACTION(S) ============== (!) -- Fichiers temporaires supprimés. ============== SCAN ADDITIONNEL ============== **** Mozilla Firefox Version [4.0.1 (fr)] **** Searchplugins\bing.xml ( hxxp://www.bing.com/search) Components\browsercomps.dll (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\98ketgyo.default -- Prefs.js - browser.startup.homepage, hxxp://www.google.com/ig Prefs.js - browser.startup.homepage_override.buildID, 20110413222027 Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1 ======================================== **** Internet Explorer Version [8.0.6001.18702] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_Toolbar\WebBrowser|{A057A204-BACC-4D26-9990-79A187E2698E} (x) HKCU_Toolbar\WebBrowser|{CCC7A320-B3CA-4199-B1A6-9F516DD69829} (x) HKLM_Toolbar|{0BF43445-2F28-4351-9252-17FE6E806AA0} (x) HKLM_Toolbar|{CCC7A320-B3CA-4199-B1A6-9F516DD69829} (x) HKLM_Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - "?" (?) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?) BHO\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - "SSVHelper Class" (C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s) C:\Program Files\Ad-Remover\Backup: 13 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 20/05/2011 10:05:53 (2452 Octet(s)) Fin à: 10:06:35, 20/05/2011 ============== E.O.F ==============

danakil a écrit:Les redirections sont uniquement visibles sur Internet Explorer?

Les redirections se faisaient sur safari. Je n'utilise jamais internet explorer.
Des fenêtres ie s'ouvraient par contre toutes seules.

danakil a écrit:Les redirections sont des changements de la page en cours d'exploitation ou alors cela t'ouvre une deuxième page?

Les redirections se font directement sur la page active. J'ai également eu l'ouverture intempestive de nouveaux onglets dans safari, il s'agissait peut-être de redirections.

danakil · le 20 Mai 2011 20:02

Salut!

Safari est un navigateur présentant une interface de fonctions mais celui-ci utilise comme support Internet Explorer pour naviguer sur le Web.

Regarde ce que l'on peut voir dans tes rapports OTL :

C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

C'est comme ton fournisseur ADSL qui utilise les supports de France Telecom. :wink:

Les redirections se faisaient sur safari. Je n'utilise jamais internet explorer.

Je ne peux te dire qui est le plus responsable des deux.
Donc plus de redirections apparement!

Je ne connais pas trop Safari mais concernant les onglets crées cela peut provenir des paramétrages de l'interface ou alors une mise à jour du logiciel ayant affectés des rajouts ...
Regarde ce qu'affiche la version 5.0.5 du tool :
http://www.infos-du-net.com/telecharger ... -9899.html
La présentation parle des redirections des pages via des vignettes loggant les habitudes de navigation de l'utilisation. Elle parle également d'un anti pop-up à paramétrer (bloquer l'ouvertue des pages de PUB sur les sites visités).

D'autres soucis avec ton PC?

primat911 · le 21 Mai 2011 09:17

Bonjour,

Merci pour ces info !

J'ai eu tort de parler au passé, les redirection et les ouvertures de pages s'étaient effectivement calmées mais il y en a de nouveau...
La désinfection devrait être terminée normalement ?

danakil · le 22 Mai 2011 17:12

La désinfection devrait être terminée normalement ?

Hier je t'aurai dit OUI ...

Comment se présentent ces redirections?
Ouverture d'une nouvelle page Web en remplacement de celle visionnée.
Ouverture d'une nouvelle page Web en même temps que celle visionnée.

[Réglé] Redirection intempestive ? un trojan ?

[Réglé] Redirection intempestive ? un trojan ?

Re: Comment se débarrasser d'un trojan ?

Re: Comment se débarrasser d'un trojan ?

Re: Comment se débarrasser d'un trojan ?

Re: Comment se débarrasser d'un trojan ?

Re: Comment se débarrasser d'un trojan ?

Re: Comment se débarrasser d'un trojan ?

Re: Comment se débarrasser d'un trojan ?

Re: Comment se débarrasser d'un trojan ?

Re: Comment se débarrasser d'un trojan ?

Re: Comment se débarrasser d'un trojan ?

Re: Comment se débarrasser d'un trojan ?

Re: Comment se débarrasser d'un trojan ?

Re: Comment se débarrasser d'un trojan ?

Re: Comment se débarrasser d'un trojan ?

Sujets similaires

Qui est en ligne