Virus Win 32/nuquel.E

dodremi · le 19 Oct 2010 12:33

bonjour,

Je pense encore une fois avoir pris le virus win 32, celui qui vous informe d'une alerte infection et qui vous prpose un pack pour vous en sortir.
A l'époque j'avais réussi à me défaire de ce message et vous étiez intervenu ensuite.
Mais cette fois ci je ne peux rien faire, car quand je veux même cliquer sur "démarrer", j'ai un message qui me dit que le fichier run dll 32 est infecté, et je suis bloquée.
Je suis sous XP.
Pouvez vous m'aider

Un grand Merci d'avance.

DouDou9455 · le 19 Oct 2010 16:50

Bonjour & Bienvenue,

Démarre en mode sans échec avec prise en charge du réseau et suis ces instructions :

1_ Tu suis ce tutorial et tu nous postes le rapport généré.

2_ Tu télécharges Malwarebytes' Anti-Malware, tu l'installes puis tu procèdes à sa mise à jour.

Tu lances l'application en double-cliquant sur l'icône Malwarebytes' Anti Malware.

Tu cliques ensuite sur Exécuter un examen complet puis tu lances l'analyse en cliquant sur Rechercher.

_ Si l'utilitaire ne trouve rien de néfaste, cliques sur Ok. Le Bloc-notes va s'ouvrir avec le rapport d'analyse, celui-ci n'est pas intéressant car la machine est propre.
Tu peux fermer le Bloc-notes.

_ Si l'utilitaire trouve des éléments suspects, tu cliques sur Afficher les résultats puis sur Supprimer la sélection.
Tu enregistres le rapport d'analyse que tu nous copies-colles dans ton prochain message.

Il est possible que le programme te demande de redémarrer pour effectuer des suppressions supplémentaires, tu acceptes le redémarrage volontaire en cliquant sur Ok.

dodremi · le 20 Oct 2010 06:58

bonjour

Merci pour la réponse, je vais essayer.
Par contre j'ai allumé mon PC pour voir l'étendu des dégats, et en fait dès l'affichage du bureau c'est une bulle info dans la barre de tache qui s'allume et qui me dit Alerte infection, et quoique je touche comme icone, j'ai une fenêtre internet qui s'ouvre et qui me positionne directement sur un Antivirus à acheter qui s'appellle "ANTIVIRUS Action".
dès que je touche un icone j'ai cette fenêtre rien y fait.
J'espère que je pourrais au moins faire votre manipulation.
Je vous tiens informé.
Merci encore
A plus tard

EDIT :

bonjour, voici le rapport.

Code: Tout sélectionner: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:42:44, on 20/10/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SFR\Kit\9props.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Compaq_Propriétaire\Bureau\sniffle.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foozir.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:28091 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSof1.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSof1.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSof1.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\SFR\Kit\9props.exe" /trayicon O4 - HKCU\..\Run: [gaakwpim] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\oytjautyv\cpaajnudlta.exe O4 - Startup: widget_programmes.lnk = C:\Program Files\widget_programmes\widget_programmes.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.11\AMVConverter\grab.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.11\MediaManager\grab.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 8541 bytes

bon courage et merci

EDIT Bis :

Re bonjour,
Voici maintenant le rapport qui fait suite au lancement de malwarebytes anti malware.

Code: Tout sélectionner: Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3813 Windows 5.1.2600 Service Pack 2 (Safe Mode) Internet Explorer 7.0.5730.13 20/10/2010 11:39:36 mbam-log-2010-10-20 (11-38-59).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 328528 Temps écoulé: 44 minute(s), 9 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP778\A0314307.exe (Malware.Packer.Gen) -> No action taken. C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP800\A0326026.exe (Trojan.Dropper) -> No action taken.

Bon courage et Merci

EDIT Skynet : balises [code] ajoutées, merci de lire les consignes en haut du sujet & messages fusionnés.

jeanmimigab · le 20 Oct 2010 15:05

Bonjour,

Doudou a des petits soucis, je vais prendre la suite avec son accord...

Si tu as bien cliquer sur "supprimer la sélection" à la fin du scan Malwarebytes, c'est OK.
Dans le cas contraire, refais un scan et supprime ce que Mbam aura trouvé...

ensuite...

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"

NetSvcs
%systemroot%\system32\drivers\*.sys /lockedfiles
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
userinit.exe
winlogon.exe
tcpip.sys
Sfloppy.sys
Changer.sys
cdrom.sys
disk.sys
ndis.sys
usbscan.sys
usbprint.sys
tdtcp.sys
tdpipe.sys
swmidi.sys
splitter.sys
rdpwd.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
RASACD.SYS
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( réduit dans la barre des taches).
* Copie et colle les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

@++

dodremi · le 20 Oct 2010 16:32

Bonjour,
Voici les deux rapports suite au lancement de OTL. Le premier est OTL.Txt et le second Extras. Txt.
Bon courage.

Code: Tout sélectionner: OTL logfile created on: 20/10/2010 17:03:19 - Run 1 OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Compaq_Propriétaire\Bureau Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 382,00 Mb Total Physical Memory | 208,00 Mb Available Physical Memory | 54,00% Memory free 921,00 Mb Paging File | 839,00 Mb Available in Paging File | 91,00% Paging File free Paging file location(s): C:\pagefile.sys 576 1152 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 145,19 Gb Total Space | 15,25 Gb Free Space | 10,51% Space Free | Partition Type: NTFS Drive D: | 3,84 Gb Total Space | 0,37 Gb Free Space | 9,59% Space Free | Partition Type: FAT32 Computer Name: NOM-EB85C523610 | User Name: Compaq_Propriétaire | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Documents and Settings\Compaq_Propriétaire\Bureau\OTL.exe (OldTimer Tools) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - C:\Documents and Settings\Compaq_Propriétaire\Bureau\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (MDM) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (intelppm) -- C:\WINDOWS\System32\DRIVERS\intelppm.sys File not found DRV - (eolu) -- C:\WINDOWS\System32\drivers\ojqusb.sys File not found DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software) DRV - (SQTECH905C) -- C:\WINDOWS\system32\drivers\Capt905c.sys (Service & Quality Technology.) DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider) DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI Corporation) DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI Corporation) DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI Corporation) DRV - (JL2005C) -- C:\WINDOWS\system32\drivers\jl2005c.sys (Windows (R) 2000 DDK provider) DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (PcdrNdisuio) -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys (Windows (R) 2000 DDK provider) DRV - (usb_rndis) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation) DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT) DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.) DRV - (L8042pr2) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys (Logitech, Inc.) DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.) DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation ) DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foozir.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=presario&pf=desktop IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=presario&pf=desktop IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3772207033-867971002-628142789-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop IE - HKU\S-1-5-21-3772207033-867971002-628142789-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp IE - HKU\S-1-5-21-3772207033-867971002-628142789-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-3772207033-867971002-628142789-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-3772207033-867971002-628142789-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ IE - HKU\S-1-5-21-3772207033-867971002-628142789-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-3772207033-867971002-628142789-1008\..\URLSearchHook: {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSof1.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3772207033-867971002-628142789-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3772207033-867971002-628142789-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-3772207033-867971002-628142789-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:28091 O1 HOSTS File: ([2010/03/02 22:16:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR) O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll () O2 - BHO: (Softonic France FF Toolbar) - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSof1.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Softonic France FF Toolbar) - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSof1.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3772207033-867971002-628142789-1008\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-3772207033-867971002-628142789-1008\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found. O3 - HKU\S-1-5-21-3772207033-867971002-628142789-1008\..\Toolbar\WebBrowser: (Softonic France FF Toolbar) - {6D6B212B-2245-4898-8B16-9A11B81FF9E1} - C:\Program Files\Softonic_France_FF\tbSof1.dll (Conduit Ltd.) O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.) O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe (MusicMatch) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company) O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.) O4 - HKU\S-1-5-21-3772207033-867971002-628142789-1008..\Run: [Connexion SFR 9props.exe] C:\Program Files\SFR\Kit\9props.exe (SFR) O4 - HKU\S-1-5-21-3772207033-867971002-628142789-1008..\Run: [gaakwpim] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\oytjautyv\cpaajnudlta.exe File not found O4 - HKU\S-1-5-21-3772207033-867971002-628142789-1008..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKU\S-1-5-21-3772207033-867971002-628142789-1008..\Run: [Magentic] C:\Program Files\Magentic\bin\Magentic.exe () O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe (Mio Technology) O4 - Startup: C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Démarrage\widget_programmes.lnk = C:\Program Files\widget_programmes\widget_programmes.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3772207033-867971002-628142789-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3772207033-867971002-628142789-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-3772207033-867971002-628142789-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-3772207033-867971002-628142789-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm () O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.11\AMVConverter\grab.html () O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.11\MediaManager\grab.html () O9 - Extra Button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm () O9 - Extra 'Tools' menuitem : Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-3772207033-867971002-628142789-1008\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2001/07/27 20:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering) ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366) ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.JDCT - C:\WINDOWS\System32\jl_jdct.drv (JEILIN Tech.) Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/10/20 16:56:54 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Propriétaire\Bureau\OTL.exe [2010/10/20 10:48:53 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Propriétaire\Bureau\mbam-setup.exe [2010/10/20 10:40:58 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Propriétaire\Bureau\sniffle.exe [2010/10/19 11:15:23 | 000,716,800 | ---- | C] (EMKR) -- C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\syssvc.exe [2010/10/06 10:34:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Propriétaire\Bureau\Dual Mode Camera [2010/10/06 10:34:01 | 000,000,000 | ---D | C] -- C:\Program Files\JL2005C [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/10/20 16:57:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Propriétaire\Bureau\OTL.exe [2010/10/20 11:53:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/10/20 10:48:53 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Propriétaire\Bureau\mbam-setup.exe [2010/10/20 10:40:59 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Propriétaire\Bureau\sniffle.exe [2010/10/19 18:12:13 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT [2010/10/19 18:02:23 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/10/19 12:14:01 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/10/19 11:15:29 | 000,716,800 | ---- | M] (EMKR) -- C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\syssvc.exe [2010/10/17 09:32:55 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk [2010/10/17 09:20:32 | 000,026,756 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat [2010/10/11 19:32:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/10/06 10:33:35 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Video Journal.lnk [2010/10/03 15:30:46 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/02 18:19:46 | 000,001,923 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk [2010/09/20 17:17:41 | 000,153,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/10/06 10:33:35 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Video Journal.lnk [2010/10/02 18:19:46 | 000,001,923 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk [2010/03/01 20:03:02 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\rbuwzv.dat [2009/08/03 12:47:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI [2009/05/05 11:22:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt [2009/05/05 11:11:44 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2008/12/17 20:47:01 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2008/08/17 22:20:17 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2008/07/13 08:59:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI [2008/06/14 16:48:37 | 000,000,035 | ---- | C] () -- C:\WINDOWS\iltwain.ini [2008/04/30 09:53:52 | 000,000,212 | ---- | C] () -- C:\WINDOWS\disneysy.ini [2008/04/03 18:28:04 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib [2008/01/18 21:17:21 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\$_hpcst$.hpc [2007/12/23 10:31:23 | 000,000,072 | ---- | C] () -- C:\WINDOWS\MediaManager.INI [2007/12/20 12:56:15 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2007/12/04 21:26:11 | 000,000,285 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini [2007/11/17 13:58:30 | 000,000,788 | ---- | C] () -- C:\WINDOWS\disney.ini [2007/09/22 13:13:57 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI [2007/09/15 19:22:10 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2007/09/15 19:22:10 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2007/08/14 18:37:31 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll [2007/08/14 18:37:31 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll [2007/07/31 11:34:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI [2007/07/15 12:25:04 | 000,000,308 | ---- | C] () -- C:\WINDOWS\ka.ini [2007/06/29 09:29:23 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/06/26 18:53:03 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007/06/24 18:49:35 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/06/24 18:32:49 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2007/06/24 14:15:10 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\fusioncache.dat [2007/03/30 13:31:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\dec_jl6.dll [2006/03/06 11:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll [2005/04/30 04:29:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005/01/19 23:45:40 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll [2005/01/19 23:45:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll [2005/01/01 21:36:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/01/01 21:34:12 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2005/01/01 21:34:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2005/01/01 21:34:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2005/01/01 21:34:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2005/01/01 21:34:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2005/01/01 21:34:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2005/01/01 21:07:36 | 000,013,281 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS [2005/01/01 21:07:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll [2005/01/01 20:40:01 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini [2005/01/01 20:38:03 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll [2005/01/01 20:38:03 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll [2005/01/01 20:37:38 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll [2004/11/23 23:21:24 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS [2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS [2004/07/27 06:17:16 | 000,000,659 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2003/04/10 23:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll [2001/06/02 14:00:00 | 000,207,360 | ---- | C] () -- C:\WINDOWS\System32\LAME_ENC.DLL [1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [color=#E56717]========== LOP Check ==========[/color] [2009/11/09 15:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alexandra Ledermann 8 [2008/04/02 19:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astonsoft [2007/06/24 18:29:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2008/04/03 18:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes [2010/02/09 20:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts [2008/03/26 14:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM [2008/03/26 14:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail [2010/06/19 09:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail [2008/11/10 10:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games [2007/06/24 18:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2009/08/21 14:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/07/15 15:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft [2007/11/01 19:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2007/07/15 12:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games [2010/07/02 10:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/11/02 14:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010/06/06 20:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\AdSigner [2007/08/23 18:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Canon [2008/09/06 17:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\com.adobe.example.widget-programmes.40247E01796E652D304FB5752B197AB47987A585.1 [2009/08/12 18:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\com.adobe.example.widget.33A7EEEDEE7A114BE5163F740489DD413641A8EC.1 [2010/03/17 13:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\com.smashingideas.ICanBeGrandPrize.955FB31728C43225F1147BC469B6F02AA2FCF43E.1 [2008/04/02 18:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\DeepBurner [2007/06/26 18:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\InterVideo [2007/08/06 18:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Leadertech [2009/03/17 20:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\LimeWire [2009/11/30 18:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mindscape [2007/06/24 19:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\MSNInstaller [2010/04/14 18:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\My Stitch [2009/08/21 13:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Playrix Entertainment [2010/10/19 11:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\PriceGong [2005/01/01 21:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\SampleView [2009/05/05 11:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Samsung [2007/06/24 18:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\ScanSoft [2008/05/12 09:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\TaoUSign [2007/11/01 19:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Viewpoint [2005/01/01 21:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView [2005/01/01 21:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Invité\Application Data\SampleView [2005/01/01 21:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MANON\Application Data\SampleView [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color] [2009/02/18 21:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2009/11/09 15:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alexandra Ledermann 8 [2007/12/20 12:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL [2009/02/04 09:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple [2009/02/04 09:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2008/04/02 19:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astonsoft [2008/04/03 18:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU [2007/06/24 18:29:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2008/01/05 14:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink [2008/04/03 18:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes [2010/02/09 20:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts [2010/09/19 15:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google [2008/03/26 14:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM [2008/03/26 14:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail [2005/01/01 21:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield [2007/10/21 11:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Knowledge Adventure [2010/03/01 21:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/09/19 15:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2010/06/19 09:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail [2007/07/31 11:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime [2008/11/10 10:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games [2005/01/01 20:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI [2007/06/24 18:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2007/06/25 18:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec [2009/08/21 14:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/07/15 15:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft [2007/11/01 19:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2007/07/15 12:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games [2008/02/29 09:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2010/07/02 10:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/11/02 14:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color] [2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe [2010/07/02 10:15:28 | 000,072,504 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe [2010/07/02 10:06:51 | 000,071,992 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe [2010/06/23 09:08:58 | 000,501,936 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\gtb1AB.tmp.exe [color=#A23BEC]< %APPDATA%\*. >[/color] [2009/03/05 19:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Adobe [2008/05/10 08:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\AdobeUM [2010/06/06 20:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\AdSigner [2008/01/05 14:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Ahead [2007/12/20 12:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\AOL [2009/11/02 15:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Apple Computer [2007/09/27 15:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\ArcSoft [2010/06/25 14:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\AVS4YOU [2007/08/23 18:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Canon [2008/09/06 17:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\com.adobe.example.widget-programmes.40247E01796E652D304FB5752B197AB47987A585.1 [2009/08/12 18:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\com.adobe.example.widget.33A7EEEDEE7A114BE5163F740489DD413641A8EC.1 [2010/03/17 13:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\com.smashingideas.ICanBeGrandPrize.955FB31728C43225F1147BC469B6F02AA2FCF43E.1 [2008/04/02 18:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\DeepBurner [2009/12/19 12:36:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\dvdcss [2008/10/17 19:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Google [2007/07/31 11:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Help [2004/11/25 05:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Identities [2008/07/06 19:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\InstallShield [2007/06/26 18:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\InterVideo [2007/08/06 18:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Leadertech [2009/03/17 20:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\LimeWire [2007/06/24 14:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Macromedia [2010/03/01 21:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Malwarebytes [2010/09/19 15:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft [2009/11/30 18:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mindscape [2007/06/24 19:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\MSNInstaller [2010/04/14 18:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\My Stitch [2009/08/21 13:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Playrix Entertainment [2010/10/19 11:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\PriceGong [2005/01/01 21:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\SampleView [2009/05/05 11:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Samsung [2007/06/24 18:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\ScanSoft [2007/08/06 18:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Sonic [2007/08/24 20:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Sun [2005/01/01 21:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Symantec [2008/05/12 09:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\TaoUSign [2007/11/01 19:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Viewpoint [2009/02/24 20:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\vlc [2007/06/24 14:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\You've Got Pictures Screensaver [color=#A23BEC]< %APPDATA%\*.exe /s >[/color] [2008/02/15 12:26:22 | 004,506,256 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe [2010/04/04 09:06:59 | 000,038,784 | ---- | M] () -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2007/07/11 21:24:22 | 000,001,406 | R--- | M] () -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{650D1904-ED7F-4F37-9325-33C2815D260C}\_26e91eb.exe [2007/07/11 21:24:22 | 000,001,406 | R--- | M] () -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{650D1904-ED7F-4F37-9325-33C2815D260C}\_5af141bb.exe [2007/07/11 21:24:22 | 000,001,406 | R--- | M] () -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{650D1904-ED7F-4F37-9325-33C2815D260C}\_bb32ea6.exe [2007/12/23 10:18:56 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_2D2D731803B8B77B57C5E6.exe [2007/12/23 10:18:56 | 000,001,518 | R--- | M] () -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_6465AF365163FF7F30CA6F.exe [2007/12/23 10:18:56 | 000,000,766 | R--- | M] () -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_6FEFF9B68218417F98F549.exe [2007/12/23 10:18:56 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_75EE7E24ECBEA720E10628.exe [2007/12/23 10:18:56 | 000,002,550 | R--- | M] () -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_D86C9C76D7DFD59A900ABC.exe [2007/12/23 10:18:56 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_D91555127BFA62CFF3DBA9.exe [2010/02/08 19:53:46 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2010/09/19 15:04:02 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Live Search\Suppression-Live-Search.exe [2010/09/19 15:03:59 | 000,086,576 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe [2010/09/19 15:03:59 | 000,132,672 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe [2008/05/05 22:47:18 | 001,474,423 | ---- | M] () -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\My Stitch\mystitch.exe [2010/04/14 18:49:09 | 000,696,784 | ---- | M] () -- C:\Documents and Settings\Compaq_Propriétaire\Application Data\My Stitch\unins000.exe [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2001/05/24 13:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2001/05/24 13:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008/09/23 20:20:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys [2004/08/05 20:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008/10/25 08:59:23 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2004/08/05 06:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys [2008/10/25 08:59:23 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008/09/23 20:20:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys [2004/08/05 20:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008/10/25 08:59:23 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2004/08/05 06:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys [2008/10/25 08:59:23 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2004/08/04 06:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004/08/04 06:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2004/08/04 06:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys [2004/08/04 06:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/05 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008/09/23 20:20:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:cdrom.sys [2004/08/05 20:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2008/10/25 08:59:23 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2004/08/05 06:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:cdrom.sys [2008/10/25 08:59:23 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2004/08/05 20:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [2004/08/05 20:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: CHANGER.SYS >[/color] [2008/09/23 20:20:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:Changer.sys [2004/08/05 20:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys [2008/10/25 08:59:23 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys [2004/08/05 06:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:Changer.sys [2008/10/25 08:59:23 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys [color=#A23BEC]< MD5 for: DISK.SYS >[/color] [2008/09/23 20:20:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:disk.sys [2004/08/05 20:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys [2008/10/25 08:59:23 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys [2004/08/05 06:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys [2008/10/25 08:59:23 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys [2004/08/05 20:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys [2004/08/05 20:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\dllcache\disk.sys [2004/08/05 20:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004/08/05 20:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2004/08/05 20:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2004/08/05 20:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2004/08/05 20:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2004/08/05 20:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=4C33E5B9A6197B6ED215F6CFBA0A2DAA -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007/06/13 15:10:53 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=B795475444D6D57A572C14B9E1A29839 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2007/06/13 15:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2007/06/13 15:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\ERDNT\cache\explorer.exe [2007/06/13 15:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\explorer.exe [2007/06/13 15:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\system32\dllcache\explorer.exe [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2004/08/05 20:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [2004/08/05 20:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ERDNT\cache\ndis.sys [2004/08/05 20:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys [2004/08/05 20:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2004/08/05 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2004/08/05 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2004/08/05 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\system32\dllcache\netlogon.dll [2004/08/05 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\system32\netlogon.dll [color=#A23BEC]< MD5 for: RASACD.SYS >[/color] [2004/08/05 06:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys [2004/08/05 06:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys [color=#A23BEC]< MD5 for: RDPWD.SYS >[/color] [2005/06/10 06:06:01 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=047BEA21274C8A4A233674A76C958C2C -- C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys [2005/06/10 06:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys [2005/06/10 06:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\system32\dllcache\rdpwd.sys [2005/06/10 06:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\system32\drivers\rdpwd.sys [2004/08/05 20:00:00 | 000,139,400 | ---- | M] (Microsoft Corporation) MD5=D4F5643D7714EF499AE9527FDCD50894 -- C:\WINDOWS\$NtUninstallKB899591$\rdpwd.sys [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2004/08/05 20:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2004/08/05 20:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\ERDNT\cache\scecli.dll [2004/08/05 20:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\system32\dllcache\scecli.dll [2004/08/05 20:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\system32\scecli.dll [color=#A23BEC]< MD5 for: SFLOPPY.SYS >[/color] [2008/09/23 20:20:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:Sfloppy.sys [2004/08/05 20:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys [2008/10/25 08:59:23 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Sfloppy.sys [2004/08/05 06:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:Sfloppy.sys [2008/10/25 08:59:23 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Sfloppy.sys [2004/08/05 20:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys [2004/08/05 20:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\system32\dllcache\sfloppy.sys [2004/08/05 20:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\system32\drivers\sfloppy.sys [color=#A23BEC]< MD5 for: SPLITTER.SYS >[/color] [2008/09/23 20:20:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:splitter.sys [2004/08/05 20:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys [2008/10/25 08:59:23 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:splitter.sys [2004/08/05 06:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:splitter.sys [2008/10/25 08:59:23 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:splitter.sys [2006/06/14 10:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\$NtServicePackUninstall$\splitter.sys [2006/06/14 10:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\Driver Cache\i386\splitter.sys [2006/06/14 10:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\system32\dllcache\splitter.sys [2006/06/14 10:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\system32\drivers\splitter.sys [2004/08/04 07:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=8E186B8F23295D1E42C573B82B80D548 -- C:\WINDOWS\$NtUninstallKB920872$\splitter.sys [2006/06/14 10:50:19 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=9BB1DD670CB7505A90FC4E61D4AA8227 -- C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys [color=#A23BEC]< MD5 for: SWMIDI.SYS >[/color] [2008/09/23 20:20:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:swmidi.sys [2008/10/25 08:59:23 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:swmidi.sys [2008/10/25 08:59:23 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:swmidi.sys [2001/08/18 06:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\$NtServicePackUninstall$\swmidi.sys [2001/08/18 06:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\system32\dllcache\swmidi.sys [2001/08/18 06:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\system32\drivers\swmidi.sys [color=#A23BEC]< MD5 for: TCPIP.SYS >[/color] [2006/04/20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys [2008/06/20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys [2008/06/20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\ERDNT\cache\tcpip.sys [2008/06/20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\dllcache\tcpip.sys [2008/06/20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\drivers\tcpip.sys [2007/10/30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys [2008/06/20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys [2007/10/30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys [2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys [2004/08/05 20:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys [2008/06/20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys [2006/04/20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys [color=#A23BEC]< MD5 for: TDPIPE.SYS >[/color] [2004/08/05 20:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys [2004/08/05 20:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\system32\dllcache\tdpipe.sys [2004/08/05 20:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\system32\drivers\tdpipe.sys [color=#A23BEC]< MD5 for: TDTCP.SYS >[/color] [2004/08/05 20:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys [2004/08/05 20:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\system32\dllcache\tdtcp.sys [2004/08/05 20:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\system32\drivers\tdtcp.sys [color=#A23BEC]< MD5 for: USBPRINT.SYS >[/color] [2008/09/23 20:20:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:usbprint.sys [2004/08/05 20:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys [2008/10/25 08:59:23 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbprint.sys [2004/08/05 06:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:usbprint.sys [2008/10/25 08:59:23 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbprint.sys [2004/08/03 23:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\WINDOWS\$NtServicePackUninstall$\usbprint.sys [2004/08/03 23:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\WINDOWS\system32\dllcache\usbprint.sys [2004/08/03 23:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\WINDOWS\system32\drivers\usbprint.sys [color=#A23BEC]< MD5 for: USBSCAN.SYS >[/color] [2008/09/23 20:20:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:usbscan.sys [2004/08/05 20:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys [2008/10/25 08:59:23 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbscan.sys [2004/08/05 06:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:usbscan.sys [2008/10/25 08:59:23 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbscan.sys [2004/08/03 22:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\$NtServicePackUninstall$\usbscan.sys [2004/08/03 22:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\system32\dllcache\usbscan.sys [2004/08/03 22:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\system32\drivers\usbscan.sys [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2004/08/05 20:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2004/08/05 20:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\ERDNT\cache\userinit.exe [2004/08/05 20:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\system32\dllcache\userinit.exe [2004/08/05 20:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\system32\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004/08/05 20:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2004/08/05 20:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2004/08/05 20:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\system32\dllcache\winlogon.exe [2004/08/05 20:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\system32\winlogon.exe [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:680086AB @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E36F5B57 < End of report >

Code: Tout sélectionner: OTL Extras logfile created on: 20/10/2010 17:03:19 - Run 1 OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Compaq_Propriétaire\Bureau Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 382,00 Mb Total Physical Memory | 208,00 Mb Available Physical Memory | 54,00% Memory free 921,00 Mb Paging File | 839,00 Mb Available in Paging File | 91,00% Paging File free Paging file location(s): C:\pagefile.sys 576 1152 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 145,19 Gb Total Space | 15,25 Gb Free Space | 10,51% Space Free | Partition Type: NTFS Drive D: | 3,84 Gb Total Space | 0,37 Gb Free Space | 9,59% Space Free | Partition Type: FAT32 Computer Name: NOM-EB85C523610 | User Name: Compaq_Propriétaire | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-3772207033-867971002-628142789-1008\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.) "C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe" = C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" = C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.) "C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.) "C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.) "C:\Program Files\IncrediMail\bin\ImLc.exe" = C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.) "C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe" = C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer -- () "C:\Program Files\Magentic\bin\MgImp.exe" = C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic -- (IncrediMail, Ltd.) "C:\Program Files\Magentic\bin\Magentic.exe" = C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic -- () "C:\Program Files\Magentic\bin\MgApp.exe" = C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic -- () "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC) "C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net) "C:\Documents and Settings\MANON\Local Settings\temp\ImInstaller\incredimail_installer.exe" = C:\Documents and Settings\MANON\Local Settings\temp\ImInstaller\incredimail_installer.exe:*:Enabled:IncrediMail Installer -- (IncrediMail Ltd.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160 "{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11 "{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player "{3BB53C4E-97B3-4504-B4C3-6C5012FBCD83}" = Mission Equitation 2 "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{3EBC0693-0A27-4B50-90A1-A8B688911C7A}" = Samsung PC Studio 3 "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{49F00501-E02F-458F-8AED-85949AB9656F}" = MioTransfer "{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1 "{5E97F3BD-CDDC-4188-9D98-532E14FABB5D}" = IncrediMail "{650D1904-ED7F-4F37-9325-33C2815D260C}" = MioMap v3 Updater "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Les Sims 2 "{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes "{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer "{7C979B2E-B5B9-E33F-6958-2301034CDB7D}" = Barbie I Can Be "{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Connexion Facile à Internet "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2 "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5 "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.11 "{9028040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional avec FrontPage "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player "{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Clé Internet de prêt "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9901E703-D169-7139-1EA3-11AA788D09E6}" = EA Download Manager UI "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack "{9CE14C25-0395-4DDA-8B47-06A944DF9E5F}" = Mon Petit Poney "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support 4.0 "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio "{AC76BA86-7AD7-1036-7B44-A70000000000}" = Adobe Reader 7.0 - Français "{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1 "{C29302BF-32F8-7834-A4C8-780349DE9659}" = La Chaîne Météo "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Codeur Windows Media Série 9 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{EEE76149-DC7F-4D3E-B021-6152DF574FA6}" = Alexandra Ledermann 8 "{F715F7A4-67BA-11DD-93EF-B74D56D89593}" = Alexandra Ledermann - La colline aux chevaux sauvages "Adibou V.3.00 on C" = Adibou V.3.00 on C "ADIBOUd'CHOU V.1.00 on C" = ADIBOUd'CHOU V.1.00 on C "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Agere Systems Soft Modem" = Agere Systems PCI Soft Modem "Alexandra Ledermann 6" = Alexandra Ledermann 6 "ATI Display Driver" = ATI Display Driver "avast!" = avast! Antivirus "Barbie(TM) Horse Adventures(TM)" = Barbie(TM) Horse Adventures(TM) "Briberry_is1" = Briberry 1.2 "com.adobe.example.widget.33A7EEEDEE7A114BE5163F740489DD413641A8EC.1" = La Chaîne Météo "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI "com.smashingideas.ICanBeGrandPrize.955FB31728C43225F1147BC469B6F02AA2FCF43E.1" = Barbie I Can Be "dBpowerAMP Musepack Codec" = dBpowerAMP Musepack Codec "Dogz" = Dogz (remove only) "Dual Mode Camera_is1" = Uninstall Dual Mode Camera "DVD Shrink_is1" = DVD Shrink 3.2 "EA Download Manager" = EA Download Manager "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "Easy-WebPrint" = Easy-WebPrint "eMule" = eMule "Enregistrement utilisateur de Canon MP160" = Enregistrement utilisateur de Canon MP160 "FormatFactory" = FormatFactory 2.50 "Frankie Maternelle - Moyenne section" = Frankie Maternelle - Moyenne section "Help and Support Additions" = Compléments d'aide et de support "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "IncrediMail" = IncrediMail 2.0 "InstallShield_{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows "InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Connexion Facile à Internet "LimeWire" = LimeWire 4.16.6 "Magentic" = Magentic "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mio Technology Speedcam Synchronisation" = Mio Technology Speedcam Synchronisation 1.1.16.04.06 "Mio Technology Speedcam Synchronisation ( PNA Version )" = Mio Technology Speedcam Synchronisation ( PNA Version ) 1.2.10.07.06 "Mio Technology SpeedCam Tool" = Mio Technology SpeedCam Tool "Mon Petit Poney" = Mon Petit Poney "MP Navigator 3.0" = Canon MP Navigator 3.0 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "MusicMatch Jukebox" = MusicMatch Jukebox "My Stitch_is1" = My Stitch 1.1 "NATHAN Vacances CP V.1.00 (C:)" = NATHAN Vacances CP V.1.00 (C:) "Neuf_TV_PC" = TV sur PC "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PhoTagsExpress" = PhoTags Express "PhotoMail" = PhotoMail Maker "PS2" = PS2 "Puppy Grandit & Connaît ton Nom_is1" = Puppy Grandit & Connaît ton Nom "Python 2.2.3" = Python 2.2.3 "pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203) "RealPlayer 6.0" = RealPlayer Basic "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SFR_Kit" = SFR - Kit de connexion "Softonic_France_FF Toolbar" = Softonic France FF Toolbar "spirit-9.17fr" = Spirit (remove only) "StreetPlugin" = Learn2 Player (Uninstall Only) "Studio de création numérique de Lapin Malin" = Studio de création numérique de Lapin Malin "SuperEleves_11FM" = SdLL - Superélèves CP "Video Journal_is1" = Video Journal Version 2.04 "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VideoLAN VLC media player 0.8.4a "WIC" = Windows Imaging Component "Windows Media Encoder 9" = Codeur Windows Media Série 9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Lecteur Windows Media 11 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Antivirus Events ] Error - 25/03/2008 13:06:01 | Computer Name = NOM-EB85C523610 | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\autorun.exe failed, 0000001E. Error - 19/08/2008 05:25:05 | Computer Name = NOM-EB85C523610 | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\2008-05-17 avril 08\avril 08 028.JPG failed, 0000001E. [ Application Events ] Error - 10/10/2010 11:33:59 | Computer Name = NOM-EB85C523610 | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 7.0.6000.16735, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 10/10/2010 11:39:08 | Computer Name = NOM-EB85C523610 | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 7.0.6000.16735, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 10/10/2010 14:00:28 | Computer Name = NOM-EB85C523610 | Source = Bonjour Service | ID = 100 Description = 248: ERROR: read_msg errno 10054 (Une connexion existante a dû être fermée par l'hôte distant.) Error - 13/10/2010 08:57:08 | Computer Name = NOM-EB85C523610 | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 7.0.6000.16735, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 16/10/2010 11:25:32 | Computer Name = NOM-EB85C523610 | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 7.0.6000.16735, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 16/10/2010 13:23:21 | Computer Name = NOM-EB85C523610 | Source = Bonjour Service | ID = 100 Description = 388: ERROR: read_msg errno 10054 (Une connexion existante a dû être fermée par l'hôte distant.) Error - 16/10/2010 13:23:24 | Computer Name = NOM-EB85C523610 | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 7.0.6000.16735, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 17/10/2010 03:25:45 | Computer Name = NOM-EB85C523610 | Source = Bonjour Service | ID = 100 Description = 388: ERROR: read_msg errno 10054 (Une connexion existante a dû être fermée par l'hôte distant.) Error - 17/10/2010 03:26:54 | Computer Name = NOM-EB85C523610 | Source = Application Hang | ID = 1002 Description = Application bloquée IncMail.exe, version 6.1.4.4697, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 17/10/2010 08:16:21 | Computer Name = NOM-EB85C523610 | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 7.0.6000.16735, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. [ Canal+ Events ] Error - 14/09/2009 12:18:54 | Computer Name = NOM-EB85C523610 | Source = VideoOnDemand | ID = 0 Description = ServicesAdapter::ProcessRequest : Un problème s'est produit au niveau du composant de la gestion des droits numériques (DRM). Contactez le Support technique Microsoft. Error - 14/09/2009 12:19:18 | Computer Name = NOM-EB85C523610 | Source = VideoOnDemand | ID = 0 Description = ContentsManager.Update : Un problème s'est produit au niveau du composant de la gestion des droits numériques (DRM). Contactez le Support technique Microsoft. Error - 15/09/2009 13:36:22 | Computer Name = NOM-EB85C523610 | Source = VideoOnDemand | ID = 0 Description = ContentsManager.Update : Un problème s'est produit au niveau du composant de la gestion des droits numériques (DRM). Contactez le Support technique Microsoft. Error - 15/09/2009 13:36:22 | Computer Name = NOM-EB85C523610 | Source = VideoOnDemand | ID = 0 Description = ServicesAdapter::ProcessRequest : Un problème s'est produit au niveau du composant de la gestion des droits numériques (DRM). Contactez le Support technique Microsoft. Error - 16/09/2009 03:13:37 | Computer Name = NOM-EB85C523610 | Source = VideoOnDemand | ID = 0 Description = ServicesAdapter::ProcessRequest : Un problème s'est produit au niveau du composant de la gestion des droits numériques (DRM). Contactez le Support technique Microsoft. Error - 16/09/2009 03:13:38 | Computer Name = NOM-EB85C523610 | Source = VideoOnDemand | ID = 0 Description = ContentsManager.Update : Un problème s'est produit au niveau du composant de la gestion des droits numériques (DRM). Contactez le Support technique Microsoft. Error - 17/09/2009 12:33:07 | Computer Name = NOM-EB85C523610 | Source = VideoOnDemand | ID = 0 Description = ContentsManager.Update : Un problème s'est produit au niveau du composant de la gestion des droits numériques (DRM). Contactez le Support technique Microsoft. Error - 17/09/2009 12:33:07 | Computer Name = NOM-EB85C523610 | Source = VideoOnDemand | ID = 0 Description = ServicesAdapter::ProcessRequest : Un problème s'est produit au niveau du composant de la gestion des droits numériques (DRM). Contactez le Support technique Microsoft. Error - 18/09/2009 06:49:39 | Computer Name = NOM-EB85C523610 | Source = VideoOnDemand | ID = 0 Description = ContentsManager.Update : Un problème s'est produit au niveau du composant de la gestion des droits numériques (DRM). Contactez le Support technique Microsoft. Error - 18/09/2009 06:49:39 | Computer Name = NOM-EB85C523610 | Source = VideoOnDemand | ID = 0 Description = ServicesAdapter::ProcessRequest : Un problème s'est produit au niveau du composant de la gestion des droits numériques (DRM). Contactez le Support technique Microsoft. [ System Events ] Error - 13/10/2010 12:33:11 | Computer Name = NOM-EB85C523610 | Source = Service Control Manager | ID = 7000 Description = Le service Service de l’iPod n'a pas pu démarrer en raison de l'erreur : %%1053 Error - 19/10/2010 12:07:13 | Computer Name = NOM-EB85C523610 | Source = DCOM | ID = 10010 Description = Le serveur {80BCA063-A0D1-4F29-888C-6B67C392F5DA} ne s'est pas enregistré sur DCOM avant la fin du temps imparti. Error - 20/10/2010 04:24:24 | Computer Name = NOM-EB85C523610 | Source = sfsync02 | ID = 262156 Description = Error - 20/10/2010 04:25:17 | Computer Name = NOM-EB85C523610 | Source = DCOM | ID = 10005 Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 20/10/2010 04:25:55 | Computer Name = NOM-EB85C523610 | Source = Service Control Manager | ID = 7026 Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : Aavmker4 AmdK8 Fips StarOpen Error - 20/10/2010 04:27:55 | Computer Name = NOM-EB85C523610 | Source = Ntfs | ID = 262199 Description = La structure du système de fichiers sur le disque est endommagée et inutilisable. Veuillez exécuter l'utilitaire chkdsk sur le volume C:. Error - 20/10/2010 05:45:16 | Computer Name = NOM-EB85C523610 | Source = DCOM | ID = 10005 Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 20/10/2010 05:53:27 | Computer Name = NOM-EB85C523610 | Source = sfsync02 | ID = 262156 Description = Error - 20/10/2010 05:53:45 | Computer Name = NOM-EB85C523610 | Source = DCOM | ID = 10005 Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 20/10/2010 05:54:58 | Computer Name = NOM-EB85C523610 | Source = Service Control Manager | ID = 7026 Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : Aavmker4 AmdK8 Fips StarOpen < End of report >

jeanmimigab · le 20 Oct 2010 18:16

hello,

il y a du monde là dedans :lol:

* Fais un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:Files
C:\WINDOWS\System32\drivers\ojqusb.sys
C:\Program Files\Softonic_France_FF\tbSof1.dll
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\syssvc.exe
C:\Documents and Settings\Compaq_Propriétaire\Application Data\rbuwzv.dat
C:\Documents and Settings\Compaq_Propriétaire\Application Data\PriceGong
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\gtb1AB.tmp.exe

:OTL
DRV - (eolu) -- C:\WINDOWS\System32\drivers\ojqusb.sys File not found
IE - HKU\S-1-5-21-3772207033-867971002-628142789-1008\..\URLSearchHook: {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSof1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3772207033-867971002-628142789-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3772207033-867971002-628142789-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:28091
O2 - BHO: (Softonic France FF Toolbar) - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic France FF Toolbar) - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSof1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3772207033-867971002-628142789-1008\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3772207033-867971002-628142789-1008\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-3772207033-867971002-628142789-1008\..\Toolbar\WebBrowser: (Softonic France FF Toolbar) - {6D6B212B-2245-4898-8B16-9A11B81FF9E1} - C:\Program Files\Softonic_France
O4 - HKU\S-1-5-21-3772207033-867971002-628142789-1008\..\Run: [gaakwpim] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\oytjautyv\cpaajnudlta.exe File not found
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3772207033-867971002-628142789-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3772207033-867971002-628142789-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player

:Commands
[emptytemp]
[EMPTYFLASH]
[PURITY]

* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport va s'ouvrir "OTL.Txt"
* Copie et colle le rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

dodremi · le 20 Oct 2010 19:03

Bonsoir

Voici le rapport

A vous de jouer et merci...

Code: Tout sélectionner: All processes killed ========== FILES ========== File\Folder C:\WINDOWS\System32\drivers\ojqusb.sys not found. C:\Program Files\Softonic_France_FF\tbSof1.dll moved successfully. C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\syssvc.exe moved successfully. C:\Documents and Settings\Compaq_Propriétaire\Application Data\rbuwzv.dat moved successfully. C:\Documents and Settings\Compaq_Propriétaire\Application Data\PriceGong\Data folder moved successfully. C:\Documents and Settings\Compaq_Propriétaire\Application Data\PriceGong folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully. C:\Documents and Settings\Compaq_Propriétaire\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully. C:\Documents and Settings\Compaq_Propriétaire\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully. C:\Documents and Settings\Compaq_Propriétaire\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully. C:\Documents and Settings\Compaq_Propriétaire\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully. C:\Documents and Settings\Compaq_Propriétaire\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully. C:\Documents and Settings\Compaq_Propriétaire\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully. C:\Documents and Settings\Compaq_Propriétaire\Application Data\Viewpoint folder moved successfully. C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\gtb1AB.tmp.exe moved successfully. ========== OTL ========== Service eolu stopped successfully! Service eolu deleted successfully! File C:\WINDOWS\System32\drivers\ojqusb.sys File not found not found. Registry value HKEY_USERS\S-1-5-21-3772207033-867971002-628142789-1008\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6d6b212b-2245-4898-8b16-9a11b81ff9e1} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}\ deleted successfully. File C:\Program Files\Softonic_France_FF\tbSof1.dll not found. HKU\S-1-5-21-3772207033-867971002-628142789-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKU\S-1-5-21-3772207033-867971002-628142789-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}\ not found. File C:\Program Files\Softonic_France_FF\tbSof1.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6d6b212b-2245-4898-8b16-9a11b81ff9e1} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}\ not found. File C:\Program Files\Softonic_France_FF\tbSof1.dll not found. Registry value HKEY_USERS\S-1-5-21-3772207033-867971002-628142789-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found. Registry value HKEY_USERS\S-1-5-21-3772207033-867971002-628142789-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found. Registry value HKEY_USERS\S-1-5-21-3772207033-867971002-628142789-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6D6B212B-2245-4898-8B16-9A11B81FF9E1} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D6B212B-2245-4898-8B16-9A11B81FF9E1}\ not found. File C:\Program Files\Softonic_France not found. Registry value HKEY_USERS\S-1-5-21-3772207033-867971002-628142789-1008\\Software\Microsoft\Windows\CurrentVersion\Run\\gaakwpim deleted successfully. Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_USERS\S-1-5-21-3772207033-867971002-628142789-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-3772207033-867971002-628142789-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Compaq_PropriÃ©taire ->Temp folder emptied: 0 bytes User: Compaq_Propriétaire ->Temp folder emptied: 2251177 bytes ->Temporary Internet Files folder emptied: 19833667 bytes ->Java cache emptied: 1740528 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 89329 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 41620 bytes User: Invité ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: MANON ->Temp folder emptied: 37386334 bytes ->Temporary Internet Files folder emptied: 188650535 bytes ->Flash cache emptied: 42754 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 870715 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1946 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 239,00 mb [EMPTYFLASH] User: All Users User: Compaq_PropriÃ©taire User: Compaq_Propriétaire ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Invité User: LocalService User: MANON ->Flash cache emptied: 0 bytes User: NetworkService Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.16.0 log created on 10202010_195010

jeanmimigab · le 20 Oct 2010 20:42

c'est pas mal,

ouvre malwarebyte et fais sa mise à jours

Puis fais un scan rapide en mode normal (pas en mode sans échec)

Poste le rapport stp... :wink:

dodremi · le 21 Oct 2010 07:25

bonjour

Ok je m'en occupe ce soir (je suis au boulot).
Par contre j'ai essayé hier soir en mode normal, et mon PC ne se lancait pas.
si cela ne marche pas puis je le faire en mode sans échec ? ou pas ...

Merci encore

jeanmimigab · le 21 Oct 2010 16:00

hello,

pas de soucis...

j'ai du mal à interpréter tes propos, ton PC ne démarre pas en mode normal uo bien c'est Malwarebyte qui ne se lance pas quand tu est en mode normal ?

@++ :wink:

dodremi · le 21 Oct 2010 17:51

Bonsoir,

Je ne peux pas lancer mon PC en mode normal, il plante et ne s'ouvre pas.
J'ai donc fait la mise à jour en MSE et voici le rapport.
Je n'ai pas cliqué sur "supprimer la sélection", comme tu ne me l'avais pas demandé ....

Merci encore ...

Code: Tout sélectionner: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4904 Windows 5.1.2600 Service Pack 2 (Safe Mode) Internet Explorer 7.0.5730.13 21/10/2010 18:45:16 mbam-log-2010-10-21 (18-45-16).txt Type d'examen: Examen rapide Elément(s) analysé(s): 160546 Temps écoulé: 5 minute(s), 38 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.

jeanmimigab · le 21 Oct 2010 18:29

mouai,
désactive ton Anti-virus le temps de faire ces manipulations.

>>Télécharge Winsockxpfix sur ton bureau et passe à la suite.

========================================================================================================

ensuite...

Télécharge Combofix sur ton Bureau (et pas ailleurs)
pour cela fais un clic droit sur Combofix.exe ,choisis "enregistrer la cible du lien sous..." choisis ton bureau et cliques sur "enregistrer"

Double clique ComboFix.exe pour démarrer le scan et suis les instructions indiquées par combofix.
Si Combofix te demande te demande l'autorisation de télécharger et installer la console de récupération Windows, acceptes et suis les instructions.
Lorsque le scan sera complet, un rapport apparaîtra, enregistre le sur ton bureau.
Redémarre impérativement ton pc !!
Copie/colle le rapport combofix dans ta prochaine réponse et dit moi si tu peut redémarrer en mode normal.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NOTE : Ne pas cliquer dans la fenêtre de Combofix durant l'analyse ; ceci provoquerait le gel du programme.

========================================================================================================

si a tout hasard ta connexion internet n'est plus active après le redémarrage du pc fait cela pour la réparer...

Fais un double-clic sur l'icône de WinsockXPFix pour le lancer.
>>clique sur "Fix" > et si ton pc ne redémarre pas,redémarre le manuellement.

dodremi · le 21 Oct 2010 19:24

Je n'ai jamais réussi à désaxtiver mon antivirus, et pourtant j'ai essayer, même le pare feu de mon ordi...
Je vais redémarrer en espérant que je fonctionne en mode normal...Je te tiens au courant (enfin j'espère ..)
ci après le rapport :
J'attends tes instructions ...
A tout'

Code: Tout sélectionner: ComboFix 10-10-20.04 - Compaq_Propriétaire 21/10/2010 20:04:29.2.1 - x86 NETWORK Lancé depuis: c:\documents and settings\Compaq_Propriétaire\Bureau\ComboFix.exe AV: avast! antivirus 4.7.1098 [VPS 080215-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((( Fichiers créés du 2010-09-21 au 2010-10-21 )))))))))))))))))))))))))))))))))))) . 2010-10-21 16:34 . 2010-10-21 16:34 711168 ----a-w- c:\windows\isRS-000.tmp 2010-10-20 17:50 . 2010-10-20 17:50 -------- d-----w- C:\_OTL 2010-10-06 08:34 . 2010-10-06 08:34 -------- d-----w- c:\program files\JL2005C . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] 2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-08-24 353736] "Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-03-09 480648] "Connexion SFR 9props.exe"="c:\program files\SFR\Kit\9props.exe" [2009-10-15 959808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-06 339968] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344] "PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968] "MMTray"="c:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe" [2000-08-17 102400] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-06-24 26112] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] MioSync.lnk - c:\program files\Mio Technology\MioSync\mioSync.exe [2007-7-11 638976] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"= "c:\\Program Files\\Magentic\\bin\\MgImp.exe"= "c:\\Program Files\\Magentic\\bin\\Magentic.exe"= "c:\\Program Files\\Magentic\\bin\\MgApp.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/02/2010 10:59 135664] . Contenu du dossier 'Tâches planifiées' 2010-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 08:59] 2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 08:59] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.foozir.com/ mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.11\AMVConverter\grab.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.11\MediaManager\grab.html . - - - - ORPHELINS SUPPRIMES - - - - AddRemove-ADIBOUd'CHOU V.1.00 on C - c:\coktel\adiboudchou\Uninst.exe AddRemove-HijackThis - c:\documents and settings\Compaq_Propriétaire\Bureau\HijackThis.exe . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(596) c:\windows\system32\Ati2evxx.dll . Heure de fin: 2010-10-21 20:18:51 ComboFix-quarantined-files.txt 2010-10-21 18:18 Avant-CF: 16 595 787 776 octets libres Après-CF: 16 581 894 144 octets libres - - End Of File - - 4785E6F55D9CBCCB39579E7C4CD54513

J'ai redémarrer en mode normal...OUF !!!
J'ai remis en route mon pare feux ....

J'attends de te lire ....

jeanmimigab · le 21 Oct 2010 19:47

Ok c'est cool,

reste en mode normal pour la suite...

crée un nouveau document texte sur ton bureau
pour cela clic droit sur le bureau > Nouveau > document texte > copie et colle le contenu de la citation ci-dessous à l'intérieur.

KillAll::

File::
c:\windows\isRS-000.tmp

DirLook::
c:\program files\JL2005C

Ensuite clic sur fichier > enregistrer sous...
Dans la fenêtre d'enregistrement choisie le bureau comme destination > dans type choisie tous les fichiers > et dans nom du fichier tape CFScript.txt>ensuite clic sur enregistrer et ferme le document texte.
FaiS un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur cette capture.

Une fenêtre bleue va apparaître > au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises,c'est normal!
Ne touche à rien tant que le scan n'est pas terminé
Une fois le scan achevé, un rapport va s'afficher,poste son contenu dans ta prochaine réponse.
Si le rapport ne s'ouvre pas, il se trouve à cet emplacement C:\ComboFix.txt

dodremi · le 21 Oct 2010 21:49

Bonsoir,

La manip au dessus n'a pas fonctionné ou alors je n'ai pas su faire ...
Jamais je n'ai eu le choix du 1 ou du 2 pour valider comme tu me l'avais indiqué, et j'ai laissé tourner le programme 2 heures au moins sans que rien ne se passe...
J'ai même rééssayé la manip une 2 eme fois et rien....
j'ai dû faire le process de reconnexion internet (avec le fix) car cela ne fonctionnait plus.
Où ai je donc râter la route ????
Merci de ton aide.
Je me reconnecte demain, car dodo, et boulot !

Bonsoir et à demain
Thanks

Virus Win 32/nuquel.E

Virus Win 32/nuquel.E

Re: Virus Win 32/nuquel.E

Re: Virus Win 32/nuquel.E

Re: Virus Win 32/nuquel.E

Re: Virus Win 32/nuquel.E

Re: Virus Win 32/nuquel.E

Re: Virus Win 32/nuquel.E

Re: Virus Win 32/nuquel.E

Re: Virus Win 32/nuquel.E

Re: Virus Win 32/nuquel.E

Re: Virus Win 32/nuquel.E

Re: Virus Win 32/nuquel.E

Re: Virus Win 32/nuquel.E

Re: Virus Win 32/nuquel.E

Re: Virus Win 32/nuquel.E

Sujets similaires

Qui est en ligne