> Tous les forumsSécurité

 Problème google erreur 404 nginxSujet résolu
Statut du sujet : RESOLU (08/10/2011 à 08:22) Imprimer
 laetimaria
  Posté le 06/10/2011 @ 19:34  
 Petite astucienne

22 Messages

Bonjour,

Voilà, j'ai un problème pour ouvrir ma page google, quel que soit le serveur internet et apparemment je ne suis pas la seule. La page blanche 404 not found nginx apparait lorsque j'essaie d'ouvrir google.

J'ai nettoyé l'ordi avec CCleaner et il a été scanné mais rien a signaler.

J'ai Windows xp

Quelqu'un pourrait-il m'aider svp ? Merci

 
 Aller en bas de la page  
 
Publicité
 Fill  Posté le 06/10/2011 à 19:50  
  Groupe Sécurité


25504 Messages

Salut,

  • Télécharge OTL (de Old_Timer) sur ton bureau,
  • Double-clique sur son icône pour le démarrer. Si tu es sous Vista ou 7, démarre par clic droit, exécuter en tant qu'administrateur. Assure toi d'avoir fermé le maximum de fenêtres ouvertes, avant ce qui suit.
  • Coche la case "Tous les utilisateurs",
  • Dans la fenêtre "Personnalisation", colle ces lignes :

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
SAVEMBR:0
%ALLUSERSPROFILE\%Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
wininit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Clique ensuite sur le bouton "Analyse" puis patiente pour que l'outil analyse le pc. Cela peut durer quelques minutes, selon l'état du système.
  • A la fin de l'analyse, la fenêtre du bloc-note s'ouvre. Elle s'appelle OTL.txt
  • Copie-colle ce texte dans ta prochaine réponse. Si un message d'erreur apparait, c'est parce que le rapport est trop long. Il faut alors l'éditer en plusieurs messages sans rien oublier.
  • Pour sélectionner le texte : CTRL+A
  • Pour copier le texte sélectionné : CTRL+C,
  • Pour coller le texte dans ta prochaine réponse : CRTL+V
  • Edite aussi le rapoprt Extra.txt.
  • Tu peux t'aider de ceci pour joindre les fichiers : Insérer un rapport

Fill

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 laetimaria  Posté le 07/10/2011 à 07:30  
Petite astucienne

22 Messages

OTL logfile created on: 7/10/2011 6:46:13 - Run 1

OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Frédérique\Mes documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

1022,16 Mb Total Physical Memory | 469,17 Mb Available Physical Memory | 45,90% Memory free

2,40 Gb Paging File | 1,96 Gb Available in Paging File | 81,73% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111,76 Gb Total Space | 35,59 Gb Free Space | 31,84% Space Free | Partition Type: FAT32

Computer Name: ACER-D18848DB56 | User Name: Frédérique | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011/10/07 06:43:54 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frédérique\Mes documents\Downloads\OTL.exe

PRC - [2011/09/06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2011/09/06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2011/08/17 11:49:20 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

PRC - [2011/04/08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

PRC - [2010/06/26 19:03:30 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Frédérique\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

PRC - [2009/06/05 11:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2008/04/14 04:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/03/16 11:45:30 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

PRC - [2006/05/03 10:48:46 | 000,307,200 | ---- | M] (ta2027) -- C:\Program Files\Styler\Styler.exe

PRC - [2005/08/17 03:39:58 | 000,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2005/05/19 14:45:52 | 000,069,632 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe

PRC - [2005/04/18 11:41:34 | 000,081,920 | ---- | M] () -- C:\Program Files\Launch Manager\WButton.exe

PRC - [2005/03/30 15:29:48 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe

PRC - [2005/03/09 18:59:26 | 000,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Arcade\PCMService.exe

PRC - [2004/10/11 10:47:02 | 000,245,760 | ---- | M] () -- C:\Program Files\Launch Manager\OSDCtrl.exe

PRC - [2004/10/05 16:25:10 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

PRC - [2004/08/16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe

PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

PRC - [2002/08/30 15:02:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Launch Manager\Powerkey.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011/10/06 22:27:24 | 001,595,904 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11100601\algo.dll

MOD - [2011/10/06 11:55:24 | 000,212,640 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11100601\aswRep.dll

MOD - [2011/10/06 09:29:18 | 001,594,880 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11100600\algo.dll

MOD - [2011/09/30 16:14:34 | 000,212,640 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11100600\aswRep.dll

MOD - [2011/08/17 11:49:18 | 000,400,440 | ---- | M] () -- C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\13.0.782.215\ppgooglenaclpluginchrome.dll

MOD - [2011/08/17 11:49:16 | 004,118,072 | ---- | M] () -- C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\13.0.782.215\pdf.dll

MOD - [2011/08/17 11:48:26 | 000,351,288 | ---- | M] () -- C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\13.0.782.215\Locales\fr.dll

MOD - [2011/08/17 11:47:50 | 000,203,848 | ---- | M] () -- C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\13.0.782.215\avformat-52.dll

MOD - [2011/08/17 11:47:50 | 000,104,520 | ---- | M] () -- C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\13.0.782.215\avutil-50.dll

MOD - [2011/08/17 11:47:48 | 001,846,344 | ---- | M] () -- C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\13.0.782.215\avcodec-52.dll

MOD - [2009/08/16 17:06:04 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2005/05/01 12:10:10 | 000,159,744 | ---- | M] () -- C:\Program Files\Styler\UNRAR\unrar.dll

MOD - [2005/04/18 11:41:34 | 000,081,920 | ---- | M] () -- C:\Program Files\Launch Manager\WButton.exe

MOD - [2005/03/30 15:29:48 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe

MOD - [2004/10/11 10:47:02 | 000,245,760 | ---- | M] () -- C:\Program Files\Launch Manager\OSDCtrl.exe

MOD - [2002/08/30 15:02:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Launch Manager\Powerkey.exe

MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- -- (CTDevice_Srv)

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2011/09/06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2011/05/28 01:53:12 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\ScanQuery\scanquery133.exe -- (ScanQuery Service)

SRV - [2010/04/27 13:43:48 | 000,611,840 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2009/06/05 11:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2004/08/16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)

SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011/09/06 22:38:06 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011/09/06 22:37:54 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/09/06 22:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/09/06 22:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/09/06 22:36:24 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2011/09/06 22:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011/09/06 22:33:12 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2010/09/11 09:02:12 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2010/08/20 22:08:46 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)

DRV - [2010/04/12 19:57:50 | 000,163,712 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\vidstub.sys -- (BootScreen)

DRV - [2009/01/22 20:31:46 | 000,036,736 | ---- | M] (Advanced Card Systems Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a38usb.sys -- (ACSSCR)

DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008/04/13 20:40:50 | 000,149,376 | ---- | M] (M-Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tffsport.sys -- (tffsport)

DRV - [2005/08/19 02:31:52 | 003,644,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2005/04/05 06:58:48 | 001,035,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/03/04 16:37:26 | 000,008,704 | ---- | M] (Avocent/OSA Technologies Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)

DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)

DRV - [2004/12/21 03:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2004/12/15 00:18:30 | 000,200,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)

DRV - [2004/12/15 00:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2004/12/15 00:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

DRV - [2004/12/02 16:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)

DRV - [2004/09/14 02:40:56 | 000,146,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)

DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)

DRV - [2003/12/05 18:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)

DRV - [2003/04/28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey)

DRV - [2000/12/19 18:29:52 | 000,002,343 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Launch Manager\POWERKEY.SYS -- (POWERKEY)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://be.msn.com/defaultf.aspx

IE - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]

IE - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =

IE - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

IE - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://be.msn.com/defaultf.aspx?lang=fr-be&ocid=iehp

IE - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-be

IE - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE 56 30 A5 38 0D CA 01 [binary data]

IE - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005\..\URLSearchHook: {F08555B0-9CC3-11D2-AA8E-000000000567} - No CLSID value found

IE - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 82.66.124.146:8081

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.startup.homepage: "http://www.seeearch.com/"

FF - user.js..browser.startup.homepage: "http://www.seeearch.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crazyloader@spointer.com: C:\Program Files\CrazyLoader\spointer\extensions\crazyloader@spointer.com [2010/09/04 21:10:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\offerboxffx@offerbox.com: C:\Program Files\OfferBox\offerboxffx@offerbox.com [2010/09/04 21:07:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/08/29 06:57:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/07 19:12:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/08/07 19:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Frédérique\Application Data\Mozilla\Extensions

[2011/08/04 19:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/08/29 06:57:58 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF

[2010/08/10 07:56:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2009/02/19 06:28:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011/10/03 06:16:16 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010/01/01 10:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml

[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2010/01/01 10:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/01/01 10:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml

[2010/01/01 10:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml

[2010/01/01 10:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Yahoo! (Enabled)

CHR - default_search_provider: search_url = http://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}

CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Fr\u00E9d\u00E9rique\Local Settings\Application Data\Google\Chrome\Application\13.0.782.215\pdf.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Fr\u00E9d\u00E9rique\Local Settings\Application Data\Google\Chrome\Application\13.0.782.215\gears.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Fr\u00E9d\u00E9rique\Local Settings\Application Data\Google\Chrome\Application\13.0.782.215\gcswf32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Offerbox = C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjeikeheijdjdfjbmknpefojickbkmom\2.1.2613.41_0\

CHR - Extension: avast! WebRep = C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\

CHR - Extension: Zynga = C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\

CHR - Extension: AT_YannArthus-BertrandV2 = C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\plaekpceeonanmjojailaojkconcgofc\3_0\

O1 HOSTS File: ([2011/01/20 21:22:24 | 000,002,855 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 74.125.45.100 4-open-davinci.com

O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com

O1 - Hosts: 74.125.45.100 privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 getantivirusplusnow.com

O1 - Hosts: 74.125.45.100 secure-plus-payments.com

O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com

O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com

O1 - Hosts: 74.125.45.100 www.getavplusnow.com

O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com

O1 - Hosts: 74.125.45.100 urs.microsoft.com

O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com

O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com

O1 - Hosts: 74.125.45.100 paysoftbillsolution.com

O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com

O1 - Hosts: 68.168.222.226 www.google.com

O1 - Hosts: 68.168.222.226 google.com

O1 - Hosts: 68.168.222.226 google.com.au

O1 - Hosts: 68.168.222.226 www.google.com.au

O1 - Hosts: 68.168.222.226 google.be

O1 - Hosts: 68.168.222.226 www.google.be

O1 - Hosts: 68.168.222.226 google.com.br

O1 - Hosts: 68.168.222.226 www.google.com.br

O1 - Hosts: 68.168.222.226 google.ca

O1 - Hosts: 38 more lines...

O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Idea2 SidebarBrowserMonitor Class) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Interest recogniser for Crazyloader (powered by Spointer)) - {C5F65718-341D-4e7d-9842-FCB9CC89527E} - C:\Program Files\CrazyLoader\spointer\extensions\crazyloader_air_ie.dll (Crazyloader)

O2 - BHO: (OfferBox) - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Program Files\OfferBox\OfferBoxBHO.dll (Secure Digital Services Limited)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)

O3 - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3 - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O3 - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [BootSkin Startup Jobs] C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe ()

O4 - HKLM..\Run: [combofix] "C:\ComboFix\CF3750.cfxxe" /c "C:\ComboFix\C.bat" File not found

O4 - HKLM..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe (Wistron)

O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)

O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe ()

O4 - HKLM..\Run: [PCMService] C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PowerKey] C:\Program Files\Launch Manager\PowerKey.exe ()

O4 - HKLM..\Run: [preload] C:\WINDOWS\RUNXMLPL.EXE (Wistron)

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()

O4 - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" File not found

O4 - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005..\Run: [WahOO] "C:\Documents and Settings\Frédérique\Local Settings\Application Data\WahOO\WahOO.exe" silent File not found

O4 - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()

O4 - Startup: C:\Documents and Settings\Frédérique\Menu Démarrer\Programmes\Démarrage\DeliveryManager.lnk = File not found

O4 - Startup: C:\Documents and Settings\Frédérique\Menu Démarrer\Programmes\Démarrage\Styler.lnk = C:\Documents and Settings\Frédérique\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe ()

O4 - Startup: C:\Documents and Settings\Frédérique\Menu Démarrer\Programmes\Démarrage\Thoosje Sidebar.lnk = C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe ()

O4 - Startup: C:\Documents and Settings\Frédérique\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk = C:\Documents and Settings\Frédérique\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found

O9 - Extra Button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)

O9 - Extra 'Tools' menuitem : Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)

O16 - DPF: {26E6B759-DEEB-42A1-A21C-78CD29098411} http://games.bigfishgames.com/en_fitness-dash/online/FitnessDashWeb.1.0.0.11.cab (CPlayFirstFitnessDasControl Object)

O16 - DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} http://ua.foto.com/ImageUploader6.cab (Uploader Control)

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.extrafilm.fr/ImageUploader5.cab (Image Uploader Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187300854828 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187338105671 (MUWebControl Class)

O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.gamehouse.com/games/gamehouse/ghplayer.cab (GameHouse Games Player)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {8ADC4409-4FBF-4224-B73F-2392C721BCB4} http://games.bigfishgames.com/fr_butterfly-escape-jeu/online/GenimoWebGamesControl.cab (GenimoWebGames Control)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} http://games.bigfishgames.com/fr_bigcityadventuresa/online/JBGamePlayer.cab (Jolly Bear Games Player)

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.gamehouse.com/games/beje2/popcaploader.cab (PopCapLoader Object)

O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} http://www.gamehouse.com/games/WeddingDash.cab (CPlayFirstWeddingDashControl Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DFF3ACD-6028-4D73-A125-213774F33C8B}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Frédérique\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Frédérique\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{a463850f-fd0a-11dd-a70e-0014a46d38d2}\Shell - "" = AutoRun

O33 - MountPoints2\{a463850f-fd0a-11dd-a70e-0014a46d38d2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\m.exe /s

O33 - MountPoints2\{bb48889b-702f-11dd-a604-0014a46d38d2}\Shell\AutoRun\command - "" = E:\setupSNK.exe

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 laetimaria  Posté le 07/10/2011 à 07:31  
Petite astucienne

22 Messages

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

SafeBootMin: AppMgmt - File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {3F7924B9-D148-3141-87B1-68F36043A940} - .NET Framework

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 3.0 & Silverlight 2.0

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {72AD53CC-CCC0-3757-8480-9EE176866A7C} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider

ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework

ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)

ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate

ActiveX: {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - .NET Framework

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

ActiveX: >{e5ef2695-c1c8-4436-a42f-d90ff4ded775} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/10/06 19:00:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Frédérique\Recent

[2011/10/01 08:38:58 | 000,000,000 | -HSD | C] -- C:\FOUND.010

[2011/09/26 21:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frédérique\Menu Démarrer\Programmes\Google Chrome

[2011/09/25 20:36:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[8 C:\Documents and Settings\Frédérique\Mes documents\*.tmp files -> C:\Documents and Settings\Frédérique\Mes documents\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/10/07 06:51:14 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[2011/10/07 06:38:52 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Frédérique\Menu Démarrer\Programmes\Démarrage\Styler.lnk

[2011/10/07 06:38:22 | 000,000,097 | ---- | M] () -- C:\WINDOWS\ComponentList.xml

[2011/10/07 06:37:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/10/04 19:16:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/09/26 21:40:40 | 000,002,239 | ---- | M] () -- C:\Documents and Settings\Frédérique\Bureau\Google Chrome.lnk

[2011/09/26 21:40:40 | 000,002,217 | ---- | M] () -- C:\Documents and Settings\Frédérique\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/09/26 21:39:02 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011/09/26 19:18:14 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2011/09/26 19:08:58 | 000,001,048 | ---- | M] () -- C:\Documents and Settings\Frédérique\Menu Démarrer\Programmes\Démarrage\DeliveryManager.lnk

[2011/09/23 16:56:20 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\Frédérique\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/09/11 08:19:36 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\Frédérique\Bureau\Microsoft Office Word 2003.lnk

[2011/09/09 11:12:02 | 000,606,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll

[8 C:\Documents and Settings\Frédérique\Mes documents\*.tmp files -> C:\Documents and Settings\Frédérique\Mes documents\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/10/07 06:51:13 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin

[2011/09/26 21:40:39 | 000,002,239 | ---- | C] () -- C:\Documents and Settings\Frédérique\Bureau\Google Chrome.lnk

[2011/09/26 21:40:39 | 000,002,217 | ---- | C] () -- C:\Documents and Settings\Frédérique\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/08/08 14:00:14 | 000,000,037 | ---- | C] () -- C:\WINDOWS\DeliveryReader.INI

[2011/04/30 06:59:44 | 000,206,520 | ---- | C] () -- C:\Program Files\VLCSetup.exe

[2010/04/12 19:56:46 | 000,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys

[2009/10/14 14:11:04 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/10/14 14:11:04 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/07/09 16:46:54 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS79.DLL

[2009/06/28 17:56:25 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2009/06/27 16:14:32 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\usbr38.dll

[2009/04/26 22:33:42 | 000,000,703 | ---- | C] () -- C:\WINDOWS\disney.ini

[2008/11/28 19:36:56 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\Frédérique\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/08/22 12:07:53 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI

[2008/06/27 19:25:59 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01

[2008/03/20 21:12:55 | 000,036,864 | ---- | C] () -- C:\WINDOWS\gotouninstall.exe

[2007/09/26 14:13:13 | 000,011,345 | ---- | C] () -- C:\WINDOWS\hpwscr18.dat

[2007/08/27 15:05:55 | 000,000,160 | ---- | C] () -- C:\WINDOWS\pixcache.ini

[2007/08/27 15:05:48 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\PIXTHK32.DLL

[2007/08/27 15:05:48 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\PIXPCZ.DLL

[2007/08/27 15:05:48 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\PIXPNR.DLL

[2007/08/27 15:05:48 | 000,000,114 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2007/08/27 15:05:46 | 000,000,081 | ---- | C] () -- C:\WINDOWS\TB96.INI

[2007/08/27 15:03:54 | 000,000,991 | ---- | C] () -- C:\WINDOWS\Ulead32.ini

[2007/08/27 15:03:47 | 000,284,160 | ---- | C] () -- C:\WINDOWS\unin040c.exe

[2007/08/27 15:03:23 | 000,156,672 | ---- | C] () -- C:\WINDOWS\LANGMSG.DLL

[2007/08/27 15:03:23 | 000,014,082 | ---- | C] () -- C:\WINDOWS\PHMAKER3.INI

[2007/08/27 15:03:23 | 000,006,102 | ---- | C] () -- C:\WINDOWS\PHMAKER3.DAT

[2007/08/17 21:26:23 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin

[2007/08/17 17:31:30 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/08/17 10:21:27 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Frédérique\Local Settings\Application Data\fusioncache.dat

[2005/08/02 22:50:42 | 000,000,222 | ---- | C] () -- C:\WINDOWS\FlashSaver.dat

[2005/08/02 22:50:42 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini

[2005/04/08 19:09:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2005/04/07 15:28:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/04/07 15:06:32 | 000,513,986 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat

[2005/04/07 15:06:32 | 000,443,864 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2005/04/07 15:06:32 | 000,086,842 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat

[2005/04/07 15:06:32 | 000,072,938 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2005/04/07 14:30:12 | 000,455,656 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2005/04/07 14:24:10 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll

[2005/04/07 14:23:06 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll

[2005/04/07 14:23:06 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll

[2005/04/07 14:23:06 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll

[2005/04/07 14:23:06 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll

[2005/04/07 14:19:22 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Apire Series.ini

[2005/01/26 09:44:14 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat

[2004/12/22 01:32:56 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe

[2004/12/22 01:32:48 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE

[2004/12/20 17:48:50 | 000,081,342 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys

[2004/10/27 15:47:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2004/10/15 12:00:44 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/10/15 11:58:26 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/09/07 14:23:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2004/08/05 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/05 05:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat

[2004/08/05 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/05 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/05 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/05 05:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat

[2004/08/05 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/05 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/05 05:00:00 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/08/05 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2004/08/05 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/05/14 13:04:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\XMLAUNCH.EXE

[2004/03/01 20:16:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\XMLforLaunch.exe

[2004/02/19 18:06:12 | 000,081,920 | ---- | C] () -- C:\WINDOWS\Capsule.dll

[2004/01/14 07:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll

[2003/11/24 15:55:48 | 000,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll

[2003/11/24 15:55:32 | 000,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll

[2003/07/21 16:52:40 | 000,001,150 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2003/04/28 11:27:06 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys

[2002/09/12 22:41:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2002/09/12 22:41:26 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll

[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll

[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll

[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

[2000/04/12 23:24:10 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL

[1997/09/30 22:30:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL

[color=#E56717]========== Custom Scans ==========[/color]

Invalid Environment Variable: ALLUSERSPROFILE\

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]

[2008/06/17 02:40:58 | 002,354,414 | ---- | M] (Creative Technology Ltd. ) -- C:\Documents and Settings\All Users\Application Data\{7A246771-272C-415B-B2AB-AE698ADB7EEB}\setup.exe

[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DifXInstall32.exe

[2009/06/19 00:33:40 | 000,075,048 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

[2005/03/08 20:16:10 | 000,023,040 | ---- | M] (CANON INC.) -- C:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP5200 Installer\Inst2\Cnmvsa.exe

[2005/08/26 07:00:00 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP5200 Installer\Inst2\helpkicker.exe

[2011/08/21 18:36:54 | 000,527,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe

[2010/07/21 20:26:38 | 035,646,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\NokiaSoftwareUpdaterSetup_fr[1].exe

[2010/07/21 20:27:10 | 003,203,453 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\vcredistExec.exe

[2010/07/21 20:27:10 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\Sleep.exe

[2010/07/21 20:27:12 | 003,351,812 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\msxml6Exec.exe

[2011/05/28 01:53:12 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ScanQuery\scanquery133.exe

[2007/11/30 09:20:54 | 000,099,840 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\ZylomExtension\HardwareTest.exe

[color=#A23BEC]< %APPDATA%\*. >[/color]

[2004/10/15 12:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\Identities

[2004/10/15 11:51:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Frédérique\Application Data\Microsoft

[2007/08/16 23:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\Macromedia

[2007/08/17 10:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\Adobe

[2007/09/18 11:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\Help

[2008/02/13 14:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\PlayFirst

[2008/02/23 14:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\CyberLink

[2008/03/28 13:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\Leadertech

[2008/06/20 18:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\HP

[2009/02/17 16:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\U3

[2009/03/20 16:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\Apple Computer

[2009/07/01 16:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\InstallShield

[2009/07/05 20:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\Google

[2009/07/10 15:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\MSNInstaller

[2009/07/30 20:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\Hemera

[2009/08/20 08:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\Sun

[2009/10/08 07:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\WinRAR

[2010/01/09 15:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\Usenet.nl

[2010/04/12 08:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\Desktop Sidebar

[2010/04/12 09:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\Rainmeter

[2010/04/13 07:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\Styler

[2010/04/13 07:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\ViStart

[2010/06/30 16:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\MP3Rocket

[2010/07/21 21:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\PC Suite

[2010/08/19 19:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\BitDefender

[2010/09/03 19:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\CrazyLoader

[2010/09/04 21:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\OfferBox

[2010/09/11 09:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\DAEMON Tools Lite

[2010/10/24 18:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\WNR

[2010/10/25 20:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\uTorrent

[2010/11/04 19:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\FissaSearch

[2010/11/04 19:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\widestream

[2011/05/07 14:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\vlc

[2011/08/04 19:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\Mozilla

[2011/08/08 11:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\_dlytmp

[2011/08/08 11:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\Delivery

[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]

[2011/08/08 11:04:20 | 000,684,168 | ---- | M] (Immanens) -- C:\Documents and Settings\Frédérique\Application Data\_dlytmp\1312794244\_launcher_DeliveryAutoInstall.exe

[1 C:\Documents and Settings\Frédérique\Application Data\_dlytmp\1312794244\*.tmp files -> C:\Documents and Settings\Frédérique\Application Data\_dlytmp\1312794244\*.tmp -> ]

[2011/08/08 11:04:24 | 001,073,288 | ---- | M] (Immanens) -- C:\Documents and Settings\Frédérique\Application Data\Delivery\NewDeliveryManager.exe

[2010/09/23 10:12:32 | 000,006,656 | ---- | M] (Aedgency) -- C:\Documents and Settings\Frédérique\Application Data\FissaSearch\FissaUninstaller.exe

[2008/12/13 12:23:22 | 001,887,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Frédérique\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

[2010/04/13 07:31:14 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Frédérique\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe

[2010/04/13 07:31:14 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\Frédérique\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_7b12541d.exe

[2010/06/26 19:03:30 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Frédérique\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

[2010/06/26 19:03:34 | 000,086,576 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Frédérique\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe

[2010/06/26 19:03:32 | 000,132,672 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Frédérique\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe

[2006/12/07 10:45:12 | 003,096,576 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\Frédérique\Application Data\U3\temp\Launchpad Removal.exe

[2006/12/07 10:45:12 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Frédérique\Application Data\U3\temp\cleanup.exe

[color=#A23BEC]< %temp%\.exe /s >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[2009/07/30 20:25:02 | 000,040,960 | ---- | M] () -- C:\HTGD0003.exe

[1 C:\*.tmp files -> C:\*.tmp -> ]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]

[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]

[2004/10/15 11:50:56 | 000,430,080 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

[2004/10/15 11:50:56 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2004/10/15 11:50:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]

[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys

[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008/09/03 20:49:36 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2008/09/03 20:49:36 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]

[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys

[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008/09/03 20:49:36 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008/09/03 20:49:36 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]

[2004/08/05 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]

[2004/08/05 05:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=4C33E5B9A6197B6ED215F6CFBA0A2DAA -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

[2007/06/13 15:10:54 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=B795475444D6D57A572C14B9E1A29839 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

[2007/06/13 15:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[2008/04/14 04:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe

[2008/04/14 04:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]

[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

[2004/08/05 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]

[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

[2004/08/05 05:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]

[2004/08/05 05:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color]

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/03 06:16:06 | 000,715,144 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/03 06:16:06 | 000,715,144 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/03 06:16:06 | 000,715,144 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/03 06:16:14 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/03 06:16:14 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/03 06:16:14 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/08/17 11:49:20 | 001,017,912 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/08/17 11:49:20 | 001,017,912 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/08/17 11:49:20 | 001,017,912 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/08/17 11:49:20 | 001,017,912 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 14:05:38 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 14:05:38 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 14:05:38 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color]

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/03 06:16:06 | 000,715,144 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/03 06:16:06 | 000,715,144 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/03 06:16:06 | 000,715,144 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/03 06:16:14 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/03 06:16:14 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/03 06:16:14 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/08/17 11:49:20 | 001,017,912 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/08/17 11:49:20 | 001,017,912 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/08/17 11:49:20 | 001,017,912 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/08/17 11:49:20 | 001,017,912 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 14:05:38 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 14:05:38 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 14:05:38 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >

Voici le rapport OTL.TXT
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 laetimaria  Posté le 07/10/2011 à 07:32  
Petite astucienne

22 Messages

Et voici le EXTRAS.TXT.

OTL Extras logfile created on: 7/10/2011 6:46:14 - Run 1

OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Frédérique\Mes documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

1022,16 Mb Total Physical Memory | 469,17 Mb Available Physical Memory | 45,90% Memory free

2,40 Gb Paging File | 1,96 Gb Available in Paging File | 81,73% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111,76 Gb Total Space | 35,59 Gb Free Space | 31,84% Space Free | Partition Type: FAT32

Computer Name: ACER-D18848DB56 | User Name: Frédérique | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3959696064-1206557049-1473692605-1005\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)

"C:\Program Files\Usenet.nl\Usenet.nl.exe" = C:\Program Files\Usenet.nl\Usenet.nl.exe:*:Enabled:Usenet.nl -- ()

"C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\Fichiers communs\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Fichiers communs\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process

"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater

"C:\Documents and Settings\Frédérique\Local Settings\Temp\jdic_0_9_5\IeEmbed.exe" = C:\Documents and Settings\Frédérique\Local Settings\Temp\jdic_0_9_5\IeEmbed.exe:*:Disabled:JDesktop Integration Components binary

"C:\Program Files\CrazyLoader\crazyloader.exe" = C:\Program Files\CrazyLoader\crazyloader.exe:*:Enabled:CrazyLoader v1.2 -- (Vity)

"C:\Program Files\Java\JRE6\BIN\javaw.exe" = C:\Program Files\Java\JRE6\BIN\javaw.exe:*:Enabled:Javaw (x64) -- (Sun Microsystems, Inc.)

"C:\Program Files\Java\JRE6\BIN\javaws.exe" = C:\Program Files\Java\JRE6\BIN\javaws.exe:*:Enabled:Javaws (x64) -- (Sun Microsystems, Inc.)

"C:\Program Files\Java\JRE6\launch4j-tmp\crazyloader.exe" = C:\Program Files\Java\JRE6\launch4j-tmp\crazyloader.exe:*:Enabled:CrazyLoader (64) -- (Sun Microsystems, Inc.)

"C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe" = C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe:*:Enabled:Proxy Switcher

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent

"C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live

"{155796AE-16D0-45D2-8939-6AE3AD67147B}" = ACR38U PCSC Driver 1.1.6.0

"{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}" = Galerie de photos Windows Live

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Arcade 3.0

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5

"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra

"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger

"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes

"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6D737230-3B22-4502-B521-875241CC3D93}_is1" = VPNFacile.fr version 1

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA

"{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook

"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D6524E6-15CF-4852-BF70-04FE973A3DE1}" = Windows Live Toolbar

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Edition Découverte 3.2

"{A92D7264-1A13-45BE-B769-88445DD04FD6}" = Desktop Sidebar

"{AC76BA86-7AD7-1036-7B44-A82000000003}" = Adobe Reader 8.2.5 - Français

"{B06B842F-2450-494F-BBDE-217CDC151A37}" = NTI Backup NOW! 4

"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver

"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D01940CE-8BD3-4258-B4E2-42F185AE1968}" = Plus de 200 000 Cliparts et Photos

"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.0.8.3

"{DCD22647-6D31-479D-8F97-16D0AA934D9E}" = PC Connectivity Solution

"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live

"{E7A744FD-E1B8-4FF6-ADC1-EA4C32181457}" = TIxx21/x515

"{E98412A2-8AB2-4BCE-AB3F-384B0239557E}" = NTI CD & DVD-Maker

"{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}" = Styler

"{EF995A70-D512-4265-9269-BA28B38BFB0A}" = Adibou et les Voleurs d'Energie

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"504244733D18C8F63FF584AEB290E3904E791693" = Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

"63D34F1933B7427ED459B44216EF5F712A46E185" = Package de pilotes Windows - ACS (ACSSCR) SmartCardReader (01/23/2009 1.1.6.0)

"Adibou V.3.10 (C:)" = Adibou V.3.10 (C:)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe® Photoshop® Album Edition Découverte 3.2" = Adobe® Photoshop® Album Edition Découverte 3.2

"All ATI Software" = ATI - Utilitaire de désinstallation du logiciel

"ATI Display Driver" = ATI Display Driver

"avast" = avast! Free Antivirus

"BFG-4 Elements" = 4 Elements

"BFGC" = Big Fish Games Client

"BFG-Coffee Rush" = Coffee Rush

"BFG-Farm Frenzy 2" = Farm Frenzy 2

"BFG-Plantasia" = Plantasia (remove only)

"BFG-Ranch Rush" = Ranch Rush

"BootSkin" = BootSkin

"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter

"CANONBJ_Deinstall_CNMCP79.DLL" = Canon iP5200

"CCleaner" = CCleaner

"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_00801025" = SoftV90 Data Fax Modem with SmartCP

"CrazyLoader" = CrazyLoader

"Defraggler" = Defraggler

"GridVista" = Acer GridVista

"iCF Skin Pack" = iCF Skin Pack

"iColorFolder" = iColorFolder

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook

"InstallShield_{B06B842F-2450-494F-BBDE-217CDC151A37}" = NTI Backup NOW! 4

"InstallShield_{D01940CE-8BD3-4258-B4E2-42F185AE1968}" = Plus de 200 000 Cliparts et Photos

"InstallShield_{E7A744FD-E1B8-4FF6-ADC1-EA4C32181457}" = Texas Instruments PCIxx21/x515 drivers.

"InstallShield_{E98412A2-8AB2-4BCE-AB3F-384B0239557E}" = NTI CD & DVD-Maker Gold

"iPhoto Plus 4" = iPhoto Plus 4

"Logon Loader" = Logon Loader 3.0

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 7.0.1 (x86 fr)" = Mozilla Firefox 7.0.1 (x86 fr)

"MP3 Rocket" = MP3 Rocket

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"ObjectDock" = ObjectDock

"OfferBox" = OfferBox

"Ramdam Classique" = Ramdam Classique

"ScanQuery" = ScanQuery 1.0 build 133 powered by FIRST SEARCHBAR

"Super Card_is1" = SC Ver 2.71

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TextBridge Classic" = TextBridge Classic

"Usenet.nl_is1" = Usenet.nl

"VLC media player" = VLC media player 1.1.9

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Lecteur Windows Media 11

"Windows XP Service" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Installation Windows Live

"WinRAR archiver" = Logiciel d'archivage WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

"Xvid Video Codec 1.3.1" = Xvid Video Codec

"ZENStoneUG" = Guide de l'utilisateur Creative ZEN Stone

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 laetimaria  Posté le 07/10/2011 à 07:34  
Petite astucienne

22 Messages

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-3959696064-1206557049-1473692605-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"Notification de cadeaux MSN" = Notification de cadeaux MSN

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]

Error - 1/10/2011 4:08:02 | Computer Name = ACER-D18848DB56 | Source = Application Error | ID = 1000

Description = Application défaillante officelivesignin.exe, version 2.0.2313.0,

module défaillant officelivesignin.exe, version 2.0.2313.0, adresse de défaillance

0x00003ce4.

Error - 2/10/2011 3:59:35 | Computer Name = ACER-D18848DB56 | Source = Application Error | ID = 1000

Description = Application défaillante officelivesignin.exe, version 2.0.2313.0,

module défaillant officelivesignin.exe, version 2.0.2313.0, adresse de défaillance

0x00003ce4.

Error - 2/10/2011 13:44:22 | Computer Name = ACER-D18848DB56 | Source = PerfNet | ID = 2005

Description = Impossible de lire les données de performance du Service serveur. Aucune

donnée de performance du serveur ne sera renvoyée pour cet extrait. Le code d'erreur

renvoyé est la donnée DWORD 0, IOSB.Status est DWORD 1 et IOSB.Information est DWORD

2.

Error - 2/10/2011 13:44:22 | Computer Name = ACER-D18848DB56 | Source = PerfNet | ID = 2006

Description = Impossible de lire les données de performance de la file d'attente

serveur du Service serveur. Aucune donnée de performance de la file d'attente serveur

ne

sera renvoyée pour cet extrait. Le code d'erreur renvoyé est la donnée DWORD 0,

IOSB.Status est DWORD 1 et IOSB.Information est DWORD 2.

Error - 4/10/2011 13:57:39 | Computer Name = ACER-D18848DB56 | Source = Application Error | ID = 1000

Description = Application défaillante officelivesignin.exe, version 2.0.2313.0,

module défaillant officelivesignin.exe, version 2.0.2313.0, adresse de défaillance

0x00003ce4.

Error - 5/10/2011 12:24:01 | Computer Name = ACER-D18848DB56 | Source = Application Error | ID = 1000

Description = Application défaillante officelivesignin.exe, version 2.0.2313.0,

module défaillant officelivesignin.exe, version 2.0.2313.0, adresse de défaillance

0x00003ce4.

Error - 5/10/2011 13:35:25 | Computer Name = ACER-D18848DB56 | Source = Application Error | ID = 1000

Description = Application défaillante officelivesignin.exe, version 2.0.2313.0,

module défaillant officelivesignin.exe, version 2.0.2313.0, adresse de défaillance

0x00003ce4.

Error - 5/10/2011 13:40:27 | Computer Name = ACER-D18848DB56 | Source = Application Error | ID = 1000

Description = Application défaillante officelivesignin.exe, version 2.0.2313.0,

module défaillant officelivesignin.exe, version 2.0.2313.0, adresse de défaillance

0x00003ce4.

Error - 5/10/2011 14:42:22 | Computer Name = ACER-D18848DB56 | Source = Application Error | ID = 1000

Description = Application défaillante officelivesignin.exe, version 2.0.2313.0,

module défaillant officelivesignin.exe, version 2.0.2313.0, adresse de défaillance

0x00003ce4.

Error - 6/10/2011 1:17:12 | Computer Name = ACER-D18848DB56 | Source = Application Error | ID = 1000

Description = Application défaillante officelivesignin.exe, version 2.0.2313.0,

module défaillant officelivesignin.exe, version 2.0.2313.0, adresse de défaillance

0x00003ce4.

[ System Events ]

Error - 5/10/2011 14:20:27 | Computer Name = ACER-D18848DB56 | Source = Service Control Manager | ID = 7026

Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se

charger : abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp

amsint

asc

asc3350p

asc3550

cbidf

cd20xrnt

CmdIde

Cpqarray

dac2w2k

dac960nt

dpti2o

gagp30kx

hpn

i2omp

ini910u

IntelIde

mraid35x

perc2

perc2hib

ql1080

Ql10wnt

ql12160

ql1240

ql1280

sisagp

Sparrow

symc810

symc8xx

sym_hi

sym_u3

TosIde

UBHelper

ultra

viaagp

ViaIde

Error - 6/10/2011 0:04:34 | Computer Name = ACER-D18848DB56 | Source = Service Control Manager | ID = 7000

Description = Le service CT Device Query service n'a pas pu démarrer en raison de

l'erreur : %%2

Error - 6/10/2011 0:04:34 | Computer Name = ACER-D18848DB56 | Source = Service Control Manager | ID = 7009

Description = Délai (30000 millisecondes) d'attente pour une connexion du service

ScanQuery Service.

Error - 6/10/2011 0:04:35 | Computer Name = ACER-D18848DB56 | Source = Service Control Manager | ID = 7026

Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se

charger : abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp

amsint

asc

asc3350p

asc3550

cbidf

cd20xrnt

CmdIde

Cpqarray

dac2w2k

dac960nt

dpti2o

gagp30kx

hpn

i2omp

ini910u

IntelIde

mraid35x

perc2

perc2hib

ql1080

Ql10wnt

ql12160

ql1240

ql1280

sisagp

Sparrow

symc810

symc8xx

sym_hi

sym_u3

TosIde

UBHelper

ultra

viaagp

ViaIde

Error - 6/10/2011 12:49:07 | Computer Name = ACER-D18848DB56 | Source = Service Control Manager | ID = 7000

Description = Le service CT Device Query service n'a pas pu démarrer en raison de

l'erreur : %%2

Error - 6/10/2011 12:49:07 | Computer Name = ACER-D18848DB56 | Source = Service Control Manager | ID = 7009

Description = Délai (30000 millisecondes) d'attente pour une connexion du service

ScanQuery Service.

Error - 6/10/2011 12:49:08 | Computer Name = ACER-D18848DB56 | Source = Service Control Manager | ID = 7026

Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se

charger : abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp

amsint

asc

asc3350p

asc3550

cbidf

cd20xrnt

CmdIde

Cpqarray

dac2w2k

dac960nt

dpti2o

gagp30kx

hpn

i2omp

ini910u

IntelIde

mraid35x

perc2

perc2hib

ql1080

Ql10wnt

ql12160

ql1240

ql1280

sisagp

Sparrow

symc810

symc8xx

sym_hi

sym_u3

TosIde

UBHelper

ultra

viaagp

ViaIde

Error - 7/10/2011 0:37:39 | Computer Name = ACER-D18848DB56 | Source = Service Control Manager | ID = 7000

Description = Le service CT Device Query service n'a pas pu démarrer en raison de

l'erreur : %%2

Error - 7/10/2011 0:37:39 | Computer Name = ACER-D18848DB56 | Source = Service Control Manager | ID = 7009

Description = Délai (30000 millisecondes) d'attente pour une connexion du service

ScanQuery Service.

Error - 7/10/2011 0:37:40 | Computer Name = ACER-D18848DB56 | Source = Service Control Manager | ID = 7026

Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se

charger : abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp

amsint

asc

asc3350p

asc3550

cbidf

cd20xrnt

CmdIde

Cpqarray

dac2w2k

dac960nt

dpti2o

gagp30kx

hpn

i2omp

ini910u

IntelIde

mraid35x

perc2

perc2hib

ql1080

Ql10wnt

ql12160

ql1240

ql1280

sisagp

Sparrow

symc810

symc8xx

sym_hi

sym_u3

TosIde

UBHelper

ultra

viaagp

ViaIde

< End of report >

{#} Encore un grand merci de vous plonger sur mon problème!
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 
Publicité
 Fill  Posté le 07/10/2011 à 18:19  
  Groupe Sécurité


25504 Messages

Bonjour,

1/ Désinstalle ceci :

  • Crazyloader,
  • Offerbox.

2/

  • Télécharge UsbFix de Chiquitine29 sur ton Bureau,
  • L'outil peut faire réagir l'antivirus. Dans ce cas, tu ignores les alertes ou tu désactives temporairement ton antivirus.
  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
  • Double-clique sur UsbFix sur ton Bureau (Pour Vista, le programme doit être lancé via un clic droit, et il faut choisir d'exécuter en tant qu'administrateur). Choisis la langue (Français) puis l'option Recherche.
  • Poste le rapport UsbFix.txt
  • Tu as un tuto ici.

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.
(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)

3/

  • Télécharge Adwcleaner de Xplode sur ton Bureau (Pour Vista ou windows 7, il faut faire un clic droit et exécuter en tant qu'administrateur),
  • Clique sur Recherche,
  • Edite le rapport généré qui se trouve là : C:\AdwCleaner[R1].txt

Fill



Modifié par Fill le 07/10/2011 18:21
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 laetimaria  Posté le 07/10/2011 à 19:19  
Petite astucienne

22 Messages

rapport usb Fix

############################## | UsbFix V 7.061 | [Recherche]

Utilisateur: Frédérique (Administrateur) # ACER-D18848DB56

Mis à jour le 05/10/2011 par El Desaparecido

Lancé à 19:12:24 | 07/10/2011

Site Web: http://eldesaparecido.com

Fichier suspect ? : http://eldesaparecido.com/support.php

Contact: contact@eldesaparecido.com

PC: Acer (Aspire 5020) (X86-based PC) # Notebook

CPU: AMD Turion(tm) 64 Mobile Technology ML-32 (1799)

RAM -> [ Total : 1022 | Free : 438 ]

BIOS: Ver 1.00PARTTBL

BOOT: Normal boot

OS: Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3

WB: Windows Internet Explorer 8.0.6001.18702

SC: Security Center Service [ Enabled ]

WU: Windows Update Service [ Enabled ]

FW: Windows FireWall Service [ Enabled ]

C:\ (%systemdrive%) -> Disque fixe # 112 Go (35 Go libre(s) - 32%) [ACER] # FAT32

D:\ -> CD-ROM

F:\ -> Disque amovible # 4 Go (208 Mo libre(s) - 5%) [NOLIMIT] # FAT32

################## | Processus Actif |

C:\WINDOWS\System32\smss.exe (796)

C:\WINDOWS\system32\winlogon.exe (872)

C:\WINDOWS\system32\services.exe (916)

C:\WINDOWS\system32\lsass.exe (928)

C:\WINDOWS\system32\Ati2evxx.exe (1076)

C:\WINDOWS\system32\svchost.exe (1092)

C:\WINDOWS\System32\svchost.exe (1264)

C:\WINDOWS\System32\wltrysvc.exe (1764)

C:\WINDOWS\System32\bcmwltry.exe (1776)

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1832)

C:\WINDOWS\system32\spoolsv.exe (516)

C:\Acer\eManager\anbmServ.exe (672)

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1056)

C:\Program Files\Bonjour\mDNSResponder.exe (1140)

C:\Program Files\Java\jre6\bin\jqs.exe (1308)

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (1440)

C:\WINDOWS\System32\svchost.exe (1484)

C:\WINDOWS\System32\svchost.exe (1488)

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (1616)

C:\WINDOWS\system32\svchost.exe (1920)

C:\WINDOWS\system32\wbem\wmiapsrv.exe (2284)

C:\WINDOWS\system32\Ati2evxx.exe (3176)

C:\WINDOWS\Explorer.EXE (3392)

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (3788)

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (3832)

C:\WINDOWS\system32\WLTRAY.exe (3916)

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (4076)

C:\Program Files\Launch Manager\LaunchAp.exe (712)

C:\Program Files\Launch Manager\PowerKey.exe (280)

C:\Program Files\Launch Manager\HotkeyApp.exe (1296)

C:\Program Files\Launch Manager\OSDCtrl.exe (2072)

C:\Program Files\Launch Manager\Wbutton.exe (1088)

C:\Program Files\Arcade\PCMService.exe (2168)

C:\WINDOWS\SOUNDMAN.EXE (2204)

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe (2264)

C:\Program Files\iTunes\iTunesHelper.exe (2316)

C:\Program Files\Alwil Software\Avast5\avastUI.exe (2500)

C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (1592)

C:\WINDOWS\system32\ctfmon.exe (2708)

C:\Program Files\Styler\Styler.exe (3144)

C:\Documents and Settings\Frédérique\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (3052)

C:\Program Files\iPod\bin\iPodService.exe (3472)

C:\WINDOWS\System32\svchost.exe (2424)

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (3104)

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2380)

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2404)

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2452)

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (1844)

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (3988)

C:\WINDOWS\system32\rundll32.exe (1424)

C:\UsbFix\Go.exe (4016)

C:\WINDOWS\system32\wscntfy.exe (716)

################## | Processus Stoppés |

Stoppé! C:\WINDOWS\system32\Ati2evxx.exe (1076)

Stoppé! C:\WINDOWS\System32\wltrysvc.exe (1764)

Stoppé! C:\WINDOWS\System32\bcmwltry.exe (1776)

Stoppé! C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1832)

Stoppé! C:\WINDOWS\system32\spoolsv.exe (516)

Stoppé! C:\Acer\eManager\anbmServ.exe (672)

Stoppé! C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1056)

Stoppé! C:\Program Files\Bonjour\mDNSResponder.exe (1140)

Stoppé! C:\Program Files\Java\jre6\bin\jqs.exe (1308)

Stoppé! C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (1440)

Stoppé! C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (1616)

Stoppé! C:\WINDOWS\system32\wbem\wmiapsrv.exe (2284)

Stoppé! C:\WINDOWS\system32\Ati2evxx.exe (3176)

Stoppé! C:\WINDOWS\Explorer.EXE (3392)

Stoppé! C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (3788)

Stoppé! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (3832)

Stoppé! C:\WINDOWS\system32\WLTRAY.exe (3916)

Stoppé! C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (4076)

Stoppé! C:\Program Files\Launch Manager\LaunchAp.exe (712)

Stoppé! C:\Program Files\Launch Manager\PowerKey.exe (280)

Stoppé! C:\Program Files\Launch Manager\HotkeyApp.exe (1296)

Stoppé! C:\Program Files\Launch Manager\OSDCtrl.exe (2072)

Stoppé! C:\Program Files\Launch Manager\Wbutton.exe (1088)

Stoppé! C:\Program Files\Arcade\PCMService.exe (2168)

Stoppé! C:\WINDOWS\SOUNDMAN.EXE (2204)

Stoppé! C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe (2264)

Stoppé! C:\Program Files\iTunes\iTunesHelper.exe (2316)

Stoppé! C:\Program Files\Alwil Software\Avast5\avastUI.exe (2500)

Stoppé! C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (1592)

Stoppé! C:\WINDOWS\system32\ctfmon.exe (2708)

Stoppé! C:\Program Files\Styler\Styler.exe (3144)

Stoppé! C:\Documents and Settings\Frédérique\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (3052)

Stoppé! C:\Program Files\iPod\bin\iPodService.exe (3472)

Stoppé! C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (3104)

Stoppé! C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2380)

Stoppé! C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2404)

Stoppé! C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2452)

Stoppé! C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (1844)

Stoppé! C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (3988)

Stoppé! C:\WINDOWS\system32\rundll32.exe (1424)

Stoppé! C:\WINDOWS\system32\wscntfy.exe (716)

################## | Éléments infectieux |

################## | Registre |

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\E

Shell\AutoRun\Command = E:\LaunchU3.exe -a

HKCU\.\.\.\.\Explorer\MountPoints2\{a463850f-fd0a-11dd-a70e-0014a46d38d2}

Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\m.exe /s

HKCU\.\.\.\.\Explorer\MountPoints2\{bb48889b-702f-11dd-a604-0014a46d38d2}

Shell\AutoRun\Command = E:\setupSNK.exe

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F |

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 laetimaria  Posté le 07/10/2011 à 19:24  
Petite astucienne

22 Messages

# AdwCleaner v1.310 - Rapport créé le 07/10/2011 à 19:21:47

# Mis à jour le 07/10/11 à 19h par Xplode

# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)

# Nom d'utilisateur : Frédérique - ACER-D18848DB56 (Administrateur)

# Exécuté depuis : C:\Documents and Settings\Frédérique\Mes documents\Downloads\adwcleaner.exe

# Option [Recherche]

***** [Processus] *****

***** [Services] *****

***** [Fichiers / Dossiers] *****

Dossier Présent : C:\Documents and Settings\Frédérique\Application Data\CrazyLoader

Dossier Présent : C:\Documents and Settings\Frédérique\Application Data\OfferBox

Dossier Présent : C:\Documents and Settings\Frédérique\Local Settings\Application Data\Conduit

Dossier Présent : C:\Program Files\CrazyLoader

***** [Registre] *****

Clé Présente : HKCU\Software\JavaSoft\Prefs\crazyloader

Clé Présente : HKLM\SOFTWARE\Offerbox

Clé Présente : HKLM\SOFTWARE\Classes\pdfforge.DllInfo

Clé Présente : HKLM\SOFTWARE\Classes\pdfforge.PDF.PDF

Clé Présente : HKLM\SOFTWARE\Classes\pdfforge.PDF.PDFEncryptor

Clé Présente : HKLM\SOFTWARE\Classes\pdfforge.PDF.PDFText

Clé Présente : HKLM\SOFTWARE\Classes\pdfforge.Tools

Clé Présente : HKLM\SOFTWARE\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom

Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\CrazyLoader

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC}

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}

Valeur Présente : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v7.0.1 (fr)

Profil : ldketf7d.default

Fichier : C:\Documents and Settings\Frédérique\Application Data\Mozilla\Firefox\Profiles\ldketf7d.default\prefs.js

Présente : user_pref("browser.startup.homepage", "hxxp://www.seeearch.com/");

-\\ Google Chrome v13.0.782.215

Fichier : C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

***** [Autres] *****

[HKCU\..\Control Panel] - HomePage = 1 -> Présente

*************************

AdwCleaner[R1].txt - [3021 octets] - [07/10/2011 19:21:47]

########## EOF - C:\AdwCleaner[R1].txt - [3149 octets] ##########

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Fill  Posté le 07/10/2011 à 19:42  
  Groupe Sécurité


25504 Messages

Re,

Je vois que tu as utilisé Combofix récemment. Avant de poursuivre, je voudrais savoir si tu as commencé ou si tu suis une désinfection sur un autre forum.

Fill

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 laetimaria  Posté le 07/10/2011 à 19:47  
Petite astucienne

22 Messages

Non j'ai préféré ouvrir mon propre sujet avant de faire des bêtises donc rien n'a été fait.

Merci pour votre attention.

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 
Publicité
 Fill  Posté le 07/10/2011 à 19:53  
  Groupe Sécurité


25504 Messages

Re,

Ben tu en as fait. Il est formellement déconseillé d'utiliser Combofix de sa propre initiative. Voir ici.

As-tu le rapport C:\Combofix.txt ?

Fill

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 laetimaria  Posté le 07/10/2011 à 20:06  
Petite astucienne

22 Messages

Oups!

Je viens de regarder mais je ne trouve pas de rapport Combofix

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Fill  Posté le 07/10/2011 à 20:10  
  Groupe Sécurité


25504 Messages

Re,

Tant mieux. On fait quelques vérifications avant de nettoyer cela.

1/ Tu as une configuration en proxy via une ip free sur Internet explorer. Es-tu chez free et as-tu configuré ton navigateur volontairement ainsi ?

2/

  • Peux-tu tester ceci : C:\Documents and Settings\All Users\Application Data\ScanQuery\scanquery133.exe
  • Clique sur ce lien.
  • Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
  • Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.
  • Tu peux t'aider de ce tuto pour cela.

3/ Télécharge SystemLook de jpshortstuff sur ton Bureau à partir d'un des liens ci-dessous.
Miroir de téléchargement #1
Miroir de téléchargement #2

Donwload Mirror #3 64 bits version

  • Double-clique sur SystemLook.exe pour le lancer.
  • Clic droit|Copier le contenu du cadre ci-dessous et clic droit|Coller dans la zone texte de SystemLook :

Instructions:
:dir
C:\Documents and Settings\All Users\Application Data\ScanQuery /s
C:\Documents and Settings\Frédérique\Application Data\_dlytmp /s

  • Clique sur le bouton Look pour démarrer l'examen.
  • A la fin, le Bloc-notes s'ouvre avec le résultat de l'analyse. Copie-colle le rapport dans ta prochaine réponse.

Nota Bene : Le rapport peut aussi être trouvé sur ton Bureau sous le nom SystemLook.txt

Fill



Modifié par Fill le 07/10/2011 21:20
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 laetimaria  Posté le 07/10/2011 à 20:18  
Petite astucienne

22 Messages

1) J'ai racheté l'ordi à une collègue. Je viens de Belgique et utilise une connexion adsl de chez Belgacom. IP free ?

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Fill  Posté le 07/10/2011 à 21:00  
  Groupe Sécurité


25504 Messages
laetimaria a écrit :

1) J'ai racheté l'ordi à une collègue. Je viens de Belgique et utilise une connexion adsl de chez Belgacom. IP free ?

Re,

OK. Peux-tu joindre les autres rapports ?

Fill



Modifié par Fill le 07/10/2011 21:01
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 
Publicité
 laetimaria  Posté le 07/10/2011 à 21:11  
Petite astucienne

22 Messages
AntivirusVersionLast updateResult
AhnLab-V3 2011.10.07.03 2011.10.07 Adware/Win32.Zwangi
AntiVir 7.11.15.169 2011.10.07 TR/BHO.Zwangi.1758
Antiy-AVL 2.0.3.7 2011.10.07 AdWare/Win32.Zwangi.gen
Avast 6.0.1289.0 2011.10.07 Win32:Zwangi-BX [PUP]
AVG 10.0.0.1190 2011.10.07 OneStepSearcher.R
BitDefender 7.2 2011.10.07 Application.Generic.363740
ByteHero 1.0.0.1 2011.09.23 -
CAT-QuickHeal 11.00 2011.10.07 Trojan.Zwangi
ClamAV 0.97.0.0 2011.10.07 -
Commtouch 5.3.2.6 2011.10.07 W32/Zwangi.G.gen!Eldorado
Comodo 10374 2011.10.07 UnclassifiedMalware
DrWeb 5.0.2.03300 2011.10.07 -
Emsisoft 5.1.0.11 2011.10.07 BHO.Win32.Zwangi!IK
eSafe 7.0.17.0 2011.10.06 -
eTrust-Vet 36.1.8605 2011.10.07 -
F-Prot 4.6.2.117 2011.10.07 W32/Zwangi.G.gen!Eldorado
F-Secure 9.0.16440.0 2011.10.07 Application.Generic.363740
Fortinet 4.3.370.0 2011.10.07 Adware/Zwangi
GData 22 2011.10.07 Application.Generic.363740
Ikarus T3.1.1.107.0 2011.10.07 BHO.Win32.Zwangi
Jiangmin 13.0.900 2011.10.07 Adware/Zwangi.bxo
K7AntiVirus 9.115.5253 2011.10.07 Adware
Kaspersky 9.0.0.837 2011.10.07 not-a-virus:AdWare.Win32.Zwangi.god
McAfee 5.400.0.1158 2011.10.07 Generic PUP.x!pq
McAfee-GW-Edition 2010.1D 2011.10.07 Generic PUP.x!pq
Microsoft 1.7702 2011.10.07 BrowserModifier:Win32/Zwangi
NOD32 6525 2011.10.07 a variant of Win32/Adware.OneStep.AA
Norman 6.07.11 2011.10.07 W32/Suspicious_Gen2.NSAGO
nProtect 2011-10-07.01 2011.10.07 -
Panda 10.0.3.5 2011.10.07 Trj/CI.A
PCTools 8.0.0.5 2011.10.07 Trojan.Gen
Prevx 3.0 2011.10.07 -
Rising 23.77.04.01 2011.09.30 -
Sophos 4.70.0 2011.10.07 Zwangi
SUPERAntiSpyware 4.40.0.1006 2011.10.07 Adware.OneStep[PotentiallyUnwantedProgram]
Symantec 20111.2.0.82 2011.10.07 Trojan.Gen.2
TheHacker 6.7.0.1.318 2011.10.06 -
TrendMicro 9.500.0.1008 2011.10.07 -
TrendMicro-HouseCall 9.500.0.1008 2011.10.07 -
VBA32 3.12.16.4 2011.10.07 AdWare.Zwangi.gaq
VIPRE 10692 2011.10.07 Onestepsearch
ViRobot 2011.10.7.4707 2011.10.07 -
VirusBuster 14.0.253.0 2011.10.07 Adware.Zwangi.Gen.8
MD5: d4d3020195d3e312efc06da48e8ab271
SHA1: 340d86efd66ee20c27818f527865821991c4ad7b
SHA256: 2fa249309a1a6e2e4ae053cd1e5f654e75b9db0a84cf0570847aa2694883a79f
File size: 40960 bytes
Scan date: 2011-10-07 18:57:13 (UTC)
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 laetimaria  Posté le 07/10/2011 à 21:12  
Petite astucienne

22 Messages

SystemLook 30.07.11 by jpshortstuff

Log created at 21:12 on 07/10/2011 by Frédérique

Administrator - Elevation successful

No Context: Instructions:

========== dir ==========

C:\Documents and Settings\All Users\Application Data\ScanQuery - Parameters: "/s"

---Files---

scanquery133.exe--a---- 40960 bytes[03:43 28/05/2011][23:53 27/05/2011]

No folders found.

[2011 - Unable to find folder.

-= EOF =-

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Fill  Posté le 07/10/2011 à 21:21  
  Groupe Sécurité


25504 Messages

Re,

Peux-tu reprendre la manip avec systemlook ? J'ai modifié le script.

Fill

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 laetimaria  Posté le 07/10/2011 à 21:24  
Petite astucienne

22 Messages

SystemLook 30.07.11 by jpshortstuff

Log created at 21:24 on 07/10/2011 by Frédérique

Administrator - Elevation successful

No Context: Instructions:

========== dir ==========

C:\Documents and Settings\All Users\Application Data\ScanQuery - Parameters: "/s"

---Files---

scanquery133.exe--a---- 40960 bytes[03:43 28/05/2011][23:53 27/05/2011]

No folders found.

C:\Documents and Settings\Frédérique\Application Data\_dlytmp - Parameters: "/s"

---Files---

install.log--a---- 0 bytes[09:04 08/08/2011][09:07 08/08/2011]

C:\Documents and Settings\Frédérique\Application Data\_dlytmp\1312794244d------[09:04 08/08/2011]

_launcher_DeliveryAutoInstall.exe--a---- 684168 bytes[09:04 08/08/2011][09:04 08/08/2011]

C:\Documents and Settings\Frédérique\Application Data\_dlytmp\1312794244\.tmpd--h---[09:07 08/08/2011]

dummy.dly--ah--- 0 bytes[09:07 08/08/2011][09:07 08/08/2011]

-= EOF =-

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Fill  Posté le 07/10/2011 à 21:35  
  Groupe Sécurité


25504 Messages

Re,

1/

  • Exécute Adwcleaner de Xplode sur ton Bureau (Pour Vista ou windows 7, il faut faire un clic droit et exécuter en tant qu'administrateur),
  • Clique sur Suppression,
  • Edite le rapport généré qui se trouve là : C:\AdwCleaner[S1].txt

2/

  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
  • Double-clique sur le raccourci UsbFix sur ton Bureau (Pour Vista, le programme doit être lancé via un clic droit, et il faut choisir d'exécuter en tant qu'administrateur). Choisis l'option Suppression.
  • Cela va lancer la procédure de nettoyage des lecteurs amovibles branchés.
  • Le PC va redémarrer.
  • Après redémarrage, poste le rapport UsbFix.txt
  • Tu as un tuto ici.

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.
(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)

3/

  • Relance OTL
  • Copie-colle ceci dans la fenêtre personnalisation :

Instructions :
:OTL
IE - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 82.66.124.146:8081
FF - prefs.js..browser.startup.homepage: "http://www.seeearch.com/"
FF - user.js..browser.startup.homepage: "http://www.seeearch.com/"
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crazyloader@spointer.com: C:\Program Files\CrazyLoader\spointer\extensions\crazyloader@spointer.com [2010/09/04 21:10:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\offerboxffx@offerbox.com: C:\Program Files\OfferBox\offerboxffx@offerbox.com [2010/09/04 21:07:08 | 000,000,000 | ---D | M]
CHR - Extension: Offerbox = C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjeikeheijdjdfjbmknpefojickbkmom\2.1.2613.41_0\
CHR - Extension: Zynga = C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Interest recogniser for Crazyloader (powered by Spointer)) - {C5F65718-341D-4e7d-9842-FCB9CC89527E} - C:\Program Files\CrazyLoader\spointer\extensions\crazyloader_air_ie.dll (Crazyloader)
O2 - BHO: (OfferBox) - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Program Files\OfferBox\OfferBoxBHO.dll (Secure Digital Services Limited)
O3 - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [combofix] "C:\ComboFix\CF3750.cfxxe" /c "C:\ComboFix\C.bat" File not found
O4 - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" File not found
O4 - HKU\S-1-5-21-3959696064-1206557049-1473692605-1005..\Run: [WahOO] "C:\Documents and Settings\Frédérique\Local Settings\Application Data\WahOO\WahOO.exe" silent File not found
O4 - Startup: C:\Documents and Settings\Frédérique\Menu Démarrer\Programmes\Démarrage\DeliveryManager.lnk = File not found
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.gamehouse.com/games/beje2/popcaploader.cab (PopCapLoader Object)
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} http://www.gamehouse.com/games/WeddingDash.cab (CPlayFirstWeddingDashControl Object)
[2010/09/03 19:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\CrazyLoader
[2010/09/04 21:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\OfferBox
[2010/10/25 20:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\uTorrent
[2010/11/04 19:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\FissaSearch
SRV - [2011/05/28 01:53:12 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\ScanQuery\scanquery133.exe -- (ScanQuery Service)
[2011/08/08 11:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frédérique\Application Data\_dlytmp


:files
C:\Documents and Settings\All Users\Application Data\ScanQuery


:reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\eMule\emule.exe" = -
"C:\Program Files\CrazyLoader\crazyloader.exe" = -
"C:\Program Files\Java\JRE6\launch4j-tmp\crazyloader.exe" = -
"C:\Program Files\uTorrent\uTorrent.exe" = -

:commands
[EmptyTemp]
[EmptyFlash]
[ResetHosts]

  • Clique ensuite sur Correction et laisse l'outil travailler.
  • Poste le contenu du nouveau rapport (il s'agit d'un fichier "LOG" contenant les dates et heures du pc, sauvegardé dans le dossier %racine%\_OTL\MovedFiles) qui doit s'ouvrir avec le bloc-notes. Comme précédemment, tu peux utiliser les raccourcis clavier (CTRL+A, CTRL+C et CTRL+V)

4/ Fais une analyse avec malwarebyte's comme indiqué ici et édite le rapport.

5/ Branche tes supports amovibles et effectue une analyse en ligne comme indiqué dans ce tuto, puis édite le rapport.

Fill

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 
Publicité
 laetimaria  Posté le 07/10/2011 à 21:46  
Petite astucienne

22 Messages

# AdwCleaner v1.310 - Rapport créé le 07/10/2011 à 21:44:08

# Mis à jour le 07/10/11 à 19h par Xplode

# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)

# Nom d'utilisateur : Frédérique - ACER-D18848DB56 (Administrateur)

# Exécuté depuis : C:\Documents and Settings\Frédérique\Mes documents\Downloads\adwcleaner (1).exe

# Option [Suppression]

***** [KillNav] *****

# chrome.exe [PID:1080] -> Tué

# chrome.exe [PID:4060] -> Tué

# chrome.exe [PID:1776] -> Tué

***** [Processus] *****

***** [Services] *****

***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Documents and Settings\Frédérique\Application Data\CrazyLoader

Dossier Supprimé : C:\Documents and Settings\Frédérique\Application Data\OfferBox

Dossier Supprimé : C:\Documents and Settings\Frédérique\Local Settings\Application Data\Conduit

Dossier Supprimé : C:\Program Files\CrazyLoader

***** [Registre] *****

Clé Supprimée : HKCU\Software\JavaSoft\Prefs\crazyloader

Clé Supprimée : HKLM\SOFTWARE\Offerbox

Clé Supprimée : HKLM\SOFTWARE\Classes\pdfforge.DllInfo

Clé Supprimée : HKLM\SOFTWARE\Classes\pdfforge.PDF.PDF

Clé Supprimée : HKLM\SOFTWARE\Classes\pdfforge.PDF.PDFEncryptor

Clé Supprimée : HKLM\SOFTWARE\Classes\pdfforge.PDF.PDFText

Clé Supprimée : HKLM\SOFTWARE\Classes\pdfforge.Tools

Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom

Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\CrazyLoader

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}

Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v7.0.1 (fr)

Profil : ldketf7d.default

Fichier : C:\Documents and Settings\Frédérique\Application Data\Mozilla\Firefox\Profiles\ldketf7d.default\prefs.js

C:\Documents and Settings\Frédérique\Application Data\Mozilla\Firefox\Profiles\ldketf7d.default\user.js ... Supprimé !

Supprimée : user_pref("browser.startup.homepage", "hxxp://www.seeearch.com/");

-\\ Google Chrome v13.0.782.215

Fichier : C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

***** [Autres] *****

[HKCU\..\Control Panel] - HomePage = 1 -> Supprimée

*************************

AdwCleaner[R1].txt - [3150 octets] - [07/10/2011 19:21:47]

AdwCleaner[S1].txt - [3355 octets] - [07/10/2011 21:44:08]

*************************

Dossier Temporaire : 6 dossier(s) et 7 fichier(s) supprimé(s)

########## EOF - C:\AdwCleaner[S1].txt - [3577 octets] ##########

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 laetimaria  Posté le 07/10/2011 à 21:56  
Petite astucienne

22 Messages

############################## | UsbFix V 7.061 | [Suppression]

Utilisateur: Frédérique (Administrateur) # ACER-D18848DB56

Mis à jour le 05/10/2011 par El Desaparecido

Lancé à 21:49:43 | 07/10/2011

Site Web: http://eldesaparecido.com

Fichier suspect ? : http://eldesaparecido.com/support.php

Contact: contact@eldesaparecido.com

PC: Acer (Aspire 5020) (X86-based PC) # Notebook

CPU: AMD Turion(tm) 64 Mobile Technology ML-32 (1799)

RAM -> [ Total : 1022 | Free : 546 ]

BIOS: Ver 1.00PARTTBL

BOOT: Normal boot

OS: Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3

WB: Windows Internet Explorer 8.0.6001.18702

SC: Security Center Service [ Enabled ]

WU: Windows Update Service [ Enabled ]

FW: Windows FireWall Service [ Enabled ]

C:\ (%systemdrive%) -> Disque fixe # 112 Go (35 Go libre(s) - 32%) [ACER] # FAT32

D:\ -> CD-ROM

F:\ -> Disque amovible # 4 Go (208 Mo libre(s) - 5%) [NOLIMIT] # FAT32

################## | Processus Actif |

C:\WINDOWS\System32\smss.exe (796)

C:\WINDOWS\system32\winlogon.exe (872)

C:\WINDOWS\system32\services.exe (916)

C:\WINDOWS\system32\lsass.exe (928)

C:\WINDOWS\system32\svchost.exe (1092)

C:\WINDOWS\System32\svchost.exe (1264)

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1832)

C:\WINDOWS\System32\svchost.exe (1484)

C:\WINDOWS\System32\svchost.exe (1488)

C:\WINDOWS\system32\svchost.exe (1920)

C:\Program Files\Alwil Software\Avast5\avastUI.exe (2500)

C:\WINDOWS\System32\svchost.exe (2424)

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (2516)

C:\WINDOWS\system32\spoolsv.exe (3832)

C:\WINDOWS\explorer.exe (3172)

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (3992)

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (3756)

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (552)

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (528)

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (412)

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2564)

C:\UsbFix\Go.exe (2804)

C:\WINDOWS\system32\wscntfy.exe (2384)

################## | Processus Stoppés |

Stoppé! C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1832)

Stoppé! C:\Program Files\Alwil Software\Avast5\avastUI.exe (2500)

Stoppé! C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (2516)

Stoppé! C:\WINDOWS\system32\spoolsv.exe (3832)

Stoppé! C:\WINDOWS\explorer.exe (3172)

Stoppé! C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (3992)

Stoppé! C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (3756)

Stoppé! C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (552)

Stoppé! C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (528)

Stoppé! C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (412)

Stoppé! C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2564)

Stoppé! C:\WINDOWS\system32\wscntfy.exe (2384)

################## | Éléments infectieux |

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Mountpoints2 |

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\E

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{a463850f-fd0a-11dd-a70e-0014a46d38d2}

################## | Listing |

[15/10/2004 - 11:33:18 | D ]C:\I386

[15/10/2004 - 11:36:38 | D ]C:\DOCS

[15/10/2004 - 11:36:48 | D ]C:\SUPPORT

[15/10/2004 - 11:36:52 | D ]C:\VALUEADD

[29/02/2004 - 17:44:34 | N | 52576]C:\orange.bmp

[15/10/2004 - 11:37:00 | D ]C:\ELEMENTS

[15/10/2004 - 11:47:16 | D ]C:\WINDOWS

[15/10/2004 - 11:51:22 | D ]C:\Documents and Settings

[15/10/2004 - 11:59:30 | D ]C:\Program Files

[07/04/2005 - 14:12:34 | D ]C:\BOOK

[07/04/2005 - 14:12:36 | D ]C:\Sysinfo

[27/06/2009 - 16:16:56 | D ]C:\drivers

[15/10/2004 - 11:41:16 | N | 512]C:\BOOTSECT.DOS

[05/08/2004 - 05:00:00 | N | 4952]C:\Bootfont.bin

[03/09/2008 - 20:57:04 | N | 252240]C:\ntldr

[05/08/2004 - 05:00:00 | N | 47564]C:\NTDETECT.COM

[16/08/2007 - 23:29:00 | N | 194]C:\BOOT.INI

[07/04/2005 - 14:13:32 | N | 4]C:\wps.dat

[07/04/2005 - 14:19:08 | N | 167]C:\bcmwl5.log

[15/11/2005 - 15:50:44 | N | 67]C:\preload.rev

[15/11/2005 - 15:50:44 | N | 67]C:\preload.aaa

[06/12/2005 - 04:56:22 | N | 5680]C:\Patch.rev

[07/10/2011 - 18:58:02 | ASH | 1610612736]C:\pagefile.sys

[16/08/2007 - 23:29:02 | SHD ]C:\System Volume Information

[28/06/2009 - 18:08:06 | N | 1002846]C:\Starting PDF1.bmp

[25/07/2009 - 16:40:16 | N | 132]C:\httpdwl.dat

[02/11/2009 - 12:01:36 | D ]C:\FOUND.000

[30/07/2009 - 20:25:02 | N | 40960]C:\HTGD0003.exe

[15/12/2010 - 16:35:24 | D ]C:\FOUND.005

[19/02/2009 - 06:25:30 | D ]C:\1d3c2957fe934cbccd47cb8cb630

[11/02/2010 - 05:56:40 | D ]C:\FOUND.001

[16/08/2007 - 23:37:20 | D ]C:\Acer

[13/03/2010 - 13:39:04 | D ]C:\coktel

[16/08/2007 - 23:37:26 | N | 0]C:\MSDOS.SYS

[16/08/2007 - 23:37:26 | N | 0]C:\IO.SYS

[17/03/2010 - 12:38:08 | D ]C:\FOUND.002

[06/01/2011 - 07:36:48 | N | 45]C:\TEST.XML

[19/08/2010 - 19:37:36 | N | 6599]C:\bdlog.txt

[21/07/2010 - 20:33:50 | N | 2192]C:\NclRegPermissions(1).log

[21/07/2010 - 20:34:36 | N | 7978]C:\NclRegPermissions(2).log

[17/08/2010 - 19:01:50 | D ]C:\FOUND.003

[04/09/2010 - 21:09:40 | N | 2]C:\t.tmp

[29/09/2010 - 06:53:22 | D ]C:\FOUND.004

[16/12/2010 - 20:03:14 | N | 216]C:\prefs.js

[05/01/2011 - 07:42:08 | D ]C:\FOUND.006

[24/03/2011 - 10:38:04 | D ]C:\FOUND.007

[13/04/2011 - 20:16:08 | D ]C:\FOUND.008

[13/05/2011 - 05:34:16 | D ]C:\FOUND.009

[01/10/2011 - 08:38:58 | D ]C:\FOUND.010

[07/10/2011 - 06:51:14 | N | 512]C:\PhysicalMBR.bin

[07/10/2011 - 19:11:04 | D ]C:\UsbFix

[07/10/2011 - 21:49:16 | N | 3708]C:\UsbFix.txt

[07/10/2011 - 19:21:48 | N | 3150]C:\AdwCleaner[R1].txt

[07/10/2011 - 21:44:24 | N | 3578]C:\AdwCleaner[S1].txt

[17/08/2007 - 17:25:16 | SHD ]C:\Recycled

[17/08/2007 - 17:26:50 | RHD ]C:\MSOCache

[17/08/2007 - 22:08:48 | D ]C:\Config.Msi

[17/08/2007 - 22:48:48 | D ]C:\Pilotes et Bios

[17/08/2007 - 23:19:24 | N | 192]C:\BcBtRmv.log

[05/07/2009 - 20:36:06 | N | 244]C:\sqmnoopt00.sqm

[05/07/2009 - 20:36:06 | N | 268]C:\sqmdata00.sqm

[06/07/2009 - 14:54:28 | N | 244]C:\sqmnoopt01.sqm

[06/07/2009 - 14:54:30 | N | 268]C:\sqmdata01.sqm

[08/07/2009 - 19:30:08 | N | 244]C:\sqmnoopt02.sqm

[08/07/2009 - 19:30:10 | N | 268]C:\sqmdata02.sqm

[09/07/2009 - 16:08:42 | N | 244]C:\sqmnoopt03.sqm

[09/07/2009 - 16:08:42 | N | 268]C:\sqmdata03.sqm

[09/07/2009 - 21:14:32 | N | 244]C:\sqmnoopt04.sqm

[09/07/2009 - 21:14:32 | N | 268]C:\sqmdata04.sqm

[10/07/2009 - 14:18:46 | N | 244]C:\sqmnoopt05.sqm

[10/07/2009 - 14:18:46 | N | 268]C:\sqmdata05.sqm

[26/06/2009 - 15:11:12 | N | 244]C:\sqmnoopt06.sqm

[26/06/2009 - 15:11:12 | N | 268]C:\sqmdata06.sqm

[27/06/2009 - 02:51:50 | N | 244]C:\sqmnoopt07.sqm

[27/06/2009 - 02:51:52 | N | 268]C:\sqmdata07.sqm

[27/06/2009 - 16:20:02 | N | 244]C:\sqmnoopt08.sqm

[27/06/2009 - 16:20:02 | N | 268]C:\sqmdata08.sqm

[27/06/2009 - 18:52:28 | N | 244]C:\sqmnoopt09.sqm

[27/06/2009 - 18:52:28 | N | 268]C:\sqmdata09.sqm

[10/06/2008 - 12:01:04 | N | 488]C:\hpfr5550.xml

[27/06/2009 - 20:11:04 | N | 244]C:\sqmnoopt10.sqm

[27/06/2009 - 20:11:04 | N | 268]C:\sqmdata10.sqm

[28/06/2009 - 01:30:20 | N | 244]C:\sqmnoopt11.sqm

[28/06/2009 - 01:30:20 | N | 268]C:\sqmdata11.sqm

[28/06/2009 - 19:06:56 | N | 244]C:\sqmnoopt12.sqm

[28/06/2009 - 19:06:56 | N | 268]C:\sqmdata12.sqm

[29/06/2009 - 01:54:52 | N | 244]C:\sqmnoopt13.sqm

[29/06/2009 - 01:54:52 | N | 268]C:\sqmdata13.sqm

[29/06/2009 - 15:08:22 | N | 244]C:\sqmnoopt14.sqm

[29/06/2009 - 15:08:22 | N | 268]C:\sqmdata14.sqm

[30/06/2009 - 00:28:26 | N | 244]C:\sqmnoopt15.sqm

[30/06/2009 - 00:28:26 | N | 268]C:\sqmdata15.sqm

[01/07/2009 - 16:34:06 | N | 244]C:\sqmnoopt16.sqm

[01/07/2009 - 16:34:06 | N | 268]C:\sqmdata16.sqm

[01/07/2009 - 23:39:08 | N | 244]C:\sqmnoopt17.sqm

[01/07/2009 - 23:39:08 | N | 268]C:\sqmdata17.sqm

[03/07/2009 - 17:23:22 | N | 244]C:\sqmnoopt18.sqm

[03/07/2009 - 17:23:22 | N | 268]C:\sqmdata18.sqm

[05/07/2009 - 09:28:08 | N | 244]C:\sqmnoopt19.sqm

[05/07/2009 - 09:28:08 | N | 268]C:\sqmdata19.sqm

[13/02/2008 - 15:33:08 | N | 125]C:\ioSpecial.ini

[21/03/2008 - 18:01:30 | N | 2922]C:\playground.log

[18/11/2009 - 14:43:44 | N | 352768]F:\~WRL0225.tmp

[19/12/2009 - 16:57:54 | D ]F:\FILM

[04/10/2011 - 14:56:54 | N | 357376]F:\titi.doc

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F |

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 laetimaria  Posté le 07/10/2011 à 22:04  
Petite astucienne

22 Messages

All processes killed

Error: Unable to interpret <Instructions :> in the current context!

========== OTL ==========

HKU\S-1-5-21-3959696064-1206557049-1473692605-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Prefs.js: "http://www.seeearch.com/" removed from browser.startup.homepage

File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crazyloader@spointer.com: C:\Program Files\CrazyLoader\spointer\extensions\crazyloader@spointer.com not found.

File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\offerboxffx@offerbox.com: C:\Program Files\OfferBox\offerboxffx@offerbox.com not found.

File C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjeikeheijdjdfjbmknpefojickbkmom\2.1.2613.41_0 not found.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\Options folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\Media\rssItem folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\Media\popup folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\Media\icons\useful_components folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\Media\icons\urlGadget folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\Media\icons folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\Media\base64\searchBox folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\Media\base64\rssItem folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\Media\base64\ifarme folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\Media\base64\icons folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\Media\base64\dyamincMenu folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\Media\base64 folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\Media folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\services\translation folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\services\alerts folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\services folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\popup\view folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\popup folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\model folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\lib folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\items\xmlMenu\view folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\items\xmlMenu folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\items\urlGadget\view folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\items\urlGadget folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\items\multiRssItem\view folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\items\multiRssItem folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\items\menuPanel\view folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\items\menuPanel folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\items\dynamicMenu\view folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\items\dynamicMenu folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\items\contextMenu\view folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\items\contextMenu folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\items\container folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\items\components\view\InjectScript folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\items\components\view folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\items\components folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\items\about folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\items folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\css folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\controller folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\API\component\view folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\API\component folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js\API folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\js folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0\Css folder moved successfully.

C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\2.3.0.15_0 folder moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5F65718-341D-4e7d-9842-FCB9CC89527E}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5F65718-341D-4e7d-9842-FCB9CC89527E}\ not found.

File C:\Program Files\CrazyLoader\spointer\extensions\crazyloader_air_ie.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}\ not found.

File C:\Program Files\OfferBox\OfferBoxBHO.dll not found.

Registry value HKEY_USERS\S-1-5-21-3959696064-1206557049-1473692605-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_USERS\S-1-5-21-3959696064-1206557049-1473692605-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

Registry value HKEY_USERS\S-1-5-21-3959696064-1206557049-1473692605-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.

Registry value HKEY_USERS\S-1-5-21-3959696064-1206557049-1473692605-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\combofix deleted successfully.

Registry value HKEY_USERS\S-1-5-21-3959696064-1206557049-1473692605-1005\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.

Registry value HKEY_USERS\S-1-5-21-3959696064-1206557049-1473692605-1005\Software\Microsoft\Windows\CurrentVersion\Run\\WahOO deleted successfully.

C:\Documents and Settings\Frédérique\Menu Démarrer\Programmes\Démarrage\DeliveryManager.lnk moved successfully.

Starting removal of ActiveX control {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

C:\WINDOWS\Downloaded Program Files\popcaploader.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.

Starting removal of ActiveX control {EA6246B4-F380-443F-8727-9AEA3371146C}

C:\WINDOWS\Downloaded Program Files\WeddingDash.1.0.0.47.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EA6246B4-F380-443F-8727-9AEA3371146C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA6246B4-F380-443F-8727-9AEA3371146C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{EA6246B4-F380-443F-8727-9AEA3371146C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA6246B4-F380-443F-8727-9AEA3371146C}\ not found.

Folder C:\Documents and Settings\Frédérique\Application Data\CrazyLoader\ not found.

Folder C:\Documents and Settings\Frédérique\Application Data\OfferBox\ not found.

C:\Documents and Settings\Frédérique\Application Data\uTorrent folder moved successfully.

C:\Documents and Settings\Frédérique\Application Data\FissaSearch\@FissaPlugin\content folder moved successfully.

C:\Documents and Settings\Frédérique\Application Data\FissaSearch\@FissaPlugin folder moved successfully.

C:\Documents and Settings\Frédérique\Application Data\FissaSearch folder moved successfully.

Service ScanQuery Service stopped successfully!

Service ScanQuery Service deleted successfully!

C:\Documents and Settings\All Users\Application Data\ScanQuery\scanquery133.exe moved successfully.

C:\Documents and Settings\Frédérique\Application Data\_dlytmp\1312794244\.tmp folder moved successfully.

C:\Documents and Settings\Frédérique\Application Data\_dlytmp\1312794244 folder moved successfully.

C:\Documents and Settings\Frédérique\Application Data\_dlytmp folder moved successfully.

========== FILES ==========

C:\Documents and Settings\All Users\Application Data\ScanQuery folder moved successfully.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\eMule\emule.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\CrazyLoader\crazyloader.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Java\JRE6\launch4j-tmp\crazyloader.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32969 bytes

User: All Users

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 29344582 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 3341936 bytes

User: Frédérique

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 3857778 bytes

->Java cache emptied: 318176 bytes

->FireFox cache emptied: 65295100 bytes

->Google Chrome cache emptied: 102990368 bytes

->Flash cache emptied: 1894398 bytes

%systemdrive% .tmp files removed: 2 bytes

%systemroot% .tmp files removed: 19569 bytes

%systemroot%\System32 .tmp files removed: 102912 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 209703 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 198,00 mb

[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Frédérique

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.29.1 log created on 10072011_215814

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 laetimaria  Posté le 07/10/2011 à 22:24  
Petite astucienne

22 Messages

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Version de la base de données: 7896

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7/10/2011 22:23:20

mbam-log-2011-10-07 (22-23-20).txt

Type d'examen: Examen rapide

Elément(s) analysé(s): 167155

Temps écoulé: 6 minute(s), 53 seconde(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 5

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 1

Dossier(s) infecté(s): 1

Fichier(s) infecté(s): 5

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\activex.DLL (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\ScanQuery (Adware.ScanQuery) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScanQuery (Adware.ScanQuery) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):

HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=289&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):

c:\program files\scanquery (Adware.ScanQuery) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):

c:\documents and settings\frédérique\mes documents\downloads\crazysetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\documents and settings\frédérique\mes documents\downloads\crazysetup (1).exe (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\VLCSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

c:\program files\scanquery\scanquery.exe (Adware.ScanQuery) -> Quarantined and deleted successfully.

c:\program files\scanquery\uninstall.exe (Adware.ScanQuery) -> Quarantined and deleted successfully.

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 laetimaria  Posté le 08/10/2011 à 01:37  
Petite astucienne

22 Messages

C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP472\A0215017.exea variant of Win32/Adware.HotBar.H application

C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP472\A0215018.exea variant of Win32/Adware.OneStep.AA application

C:\_OTL\MovedFiles\10072011_215814\C_Documents and Settings\All Users\Application Data\ScanQuery\scanquery133.exea variant of Win32/Adware.OneStep.AA application

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 
Publicité
 Fill  Posté le 08/10/2011 à 07:03  
  Groupe Sécurité


25504 Messages

Bonjour,

1/

  • Exécute Adwcleaner de Xplode sur ton Bureau (Pour Vista ou windows 7, il faut faire un clic droit et exécuter en tant qu'administrateur),
  • Clique sur Désinstallation.

2/

  • Lance OTL.
  • Clique sur "Purge des outils" et clique sur OK.
  • Une liste apparaît dans la partie gauche d'OTL.
  • Un message apparaît pour confirmer le nettoyage. Confirme.
  • Les fichiers infectés qui se trouvent dans les quarantaines seront supprimés aussi.

3/

  • Télécharge gmer sur le bureau et dézippe-le (clic droit et extraire ici).
  • Double-clique sur gmer.exe sur le bureau. Si ton antivirus réagit, ne t'inquiète et ignore l'alerte.
  • Clique sur l'onglet "rootkit", puis vérifie que toutes les cases sont bien cochées,
  • Clique sur scan.
  • A la fin du scan, clique sur le bouton copy.
  • Dans démarrer>programmes>accessoires : ouvre le bloc-note et clique sur CTRL+V afin de copier le rapport dans ce même bloc-note.
  • Edite ce rapport dans ta prochaine réponse.

4/Comment se comporte le pc ?

Fill



Modifié par Fill le 08/10/2011 07:05
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 laetimaria  Posté le 08/10/2011 à 07:44  
Petite astucienne

22 Messages

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-10-08 07:43:23

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM120JC rev.YL100-19

Running: gmer.exe; Driver: C:\DOCUME~1\FRÉDÉR~1\LOCALS~1\Temp\uwnorpog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xEE5BD374]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xEE64C2B8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xEE5E1829]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xEE5BF996]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xEE5BF9EE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xEE5BFB04]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xEE5E11DD]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xEE5BF8EC]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xEE5BFA3E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xEE5BF940]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xEE5BFAB2]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xEE5BD398]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xEE5E1EEF]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xEE5E21A5]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xEE5BFD88]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEE5E1D5A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEE5E1BC5]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xEE64C368]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xEE5BD162]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xEE5BD3BC]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xEE5BFEFC]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xEE5BDE54]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xEE5BF9C6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xEE5BFA16]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xEE5BFB2E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xEE5E1539]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xEE5BF918]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xEE5BFBC0]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xEE5BFA7E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xEE5BF96E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xEE5BFCA4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xEE5BFADC]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xEE64C400]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xEE5E1A40]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xEE5BDD1A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xEE5E1892]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEE6546E2]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xEE5E0850]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xEE5BD3E0]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xEE5BD404]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xEE5BD1BC]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xEE5BD2F8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xEE5E1FF6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xEE5BD2D4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xEE5BD31C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xEE5BD428]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEE6619A6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2478 80501CB0 2 Bytes [98, D3]

.text ntkrnlpa.exe!ZwCallbackReturn + 2494 80501CCC 2 Bytes [88, FD] {MOV CH, BH}

.text ntkrnlpa.exe!ZwCallbackReturn + 2538 80501D70 2 Bytes [BC, D3]

.text ntkrnlpa.exe!ZwCallbackReturn + 2610 80501E48 2 Bytes [1A, DD] {SBB BL, CH}

PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B8EC 4 Bytes CALL EE5BE4AF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1DB4 5 Bytes JMP EE65D3DE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntkrnlpa.exe!ObInsertObject 805B8C2C 5 Bytes JMP EE65EE84 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C74CC 7 Bytes JMP EE6619AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF6ED723F]

.text win32k.sys!EngFreeUserMem + 674 BF809962 5 Bytes JMP EE5C0E48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngDeleteSurface + 45 BF813956 5 Bytes JMP EE5C0D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngSetLastError + 79A8 BF824309 5 Bytes JMP EE5C00DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateBitmap + F9C BF828C73 5 Bytes JMP EE5C0FB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316BE 5 Bytes JMP EE5C11BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnmapFontFileFD + B68E BF83A0FC 5 Bytes JMP EE5C0CC4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF8519C5 5 Bytes JMP EE5C0016 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E554 5 Bytes JMP EE5C0326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E5DF 5 Bytes JMP EE5C04CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreatePalette + 88 BF85F852 5 Bytes JMP EE5BFFFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreatePalette + 5454 BF864C1E 5 Bytes JMP EE5C0D7E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGetCurrentCodePage + 411E BF873F63 5 Bytes JMP EE5C04A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGradientFill + 26EE BF8947C0 5 Bytes JMP EE5C0EFA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngStretchBltROP + 583 BF895298 5 Bytes JMP EE5C1118 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCopyBits + 4DEC BF89DBD8 5 Bytes JMP EE5C014A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngEraseSurface + A9E0 BF8C2150 5 Bytes JMP EE5C01E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFillPath + 1517 BF8CA5B2 5 Bytes JMP EE5C0254 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFillPath + 1797 BF8CA832 5 Bytes JMP EE5C028E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2A7 5 Bytes JMP EE5BFF32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 19DF BF9133E5 5 Bytes JMP EE5C0096 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 25B3 BF913FB9 5 Bytes JMP EE5C01AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 4F12 BF916918 5 Bytes JMP EE5C05E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngPlgBlt + 18FC BF94638A 5 Bytes JMP EE5C1070 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Launch Manager\OSDCtrl.exe[176] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]

.text C:\Program Files\Launch Manager\Wbutton.exe[184] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]

.text C:\WINDOWS\SOUNDMAN.EXE[204] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]

.text C:\Program Files\Arcade\PCMService.exe[224] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]

.text C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe[236] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]

.text ...

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1936] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

.text C:\WINDOWS\System32\SCardSvr.exe[1968] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]

.text C:\DOCUME~1\FRÉDÉR~1\LOCALS~1\Temp\Rar$EX00.765\gmer.exe[2004] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[2140] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]

.text C:\Acer\eManager\anbmServ.exe[2240] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]

.text ...

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 00, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtMapViewOfSection + 6 7C91D524 1 Byte [28]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 03, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 00, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 01, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B91EC1A

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 02, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 01, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 02, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B91EC8B

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 00, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B91EDB9

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 01, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 02, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 1 Byte [68]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 03, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]

.text C:\WINDOWS\system32\wuauclt.exe[2948] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 00, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtMapViewOfSection + 6 7C91D524 1 Byte [28]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 03, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 00, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 01, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B91EC1A

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 02, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 01, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 02, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B91EC8B

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 00, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B91EDB9

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 01, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 02, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 1 Byte [68]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 03, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]

.text C:\Program Files\iPod\bin\iPodService.exe[3304] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3372] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3440] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]

.text C:\WINDOWS\System32\alg.exe[3624] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 00, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtMapViewOfSection + 6 7C91D524 1 Byte [28]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 03, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 00, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 01, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B91EC1A

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 02, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 01, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 02, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B91EC8B

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 00, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B91EDB9

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 01, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 02, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 1 Byte [68]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 03, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 00, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtMapViewOfSection + 6 7C91D524 1 Byte [28]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 03, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 00, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 01, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B91EC1A

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 02, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 01, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 02, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B91EC8B

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 00, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B91EDB9

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 01, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 02, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 1 Byte [68]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 03, 16, 00]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]

.text C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[916] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002

IAT C:\WINDOWS\system32\services.exe[916] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000

IAT C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2756] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010

IAT C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3052] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010

IAT C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3780] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010

IAT C:\Documents and Settings\Frédérique\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3976] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1B 0x5B 0x9D 0xF7 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x96 0xAD 0x69 0x8F ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD3 0x37 0x49 0x11 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1B 0x5B 0x9D 0xF7 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x96 0xAD 0x69 0x8F ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD3 0x37 0x49 0x11 ...

---- EOF - GMER 1.0.15 ----

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 laetimaria  Posté le 08/10/2011 à 07:48  
Petite astucienne

22 Messages

Bonjour,

je viens d'envoyer le rapport Gmer.

L'ordi se porte bien. Mon google est revenu! Je te remercie beaucoup!

Que dois-je faire mtn? Puis-je effacer tous les rapports? Dois-je faire des manipulations précises à l'avenir pour ne plus avoir le même genre de soucis?

Encore merci

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Fill  Posté le 08/10/2011 à 08:02  
  Groupe Sécurité


25504 Messages

Re,

Il faut faire attention à ce qu'on installe et ne pas cliquer sur n'importe quoi

1/

  • Télécharge Ccleaner Slim sur le Bureau,
  • Installe-le,
  • Ouvre ccleaner et clique sur "Lancer le nettoyage".

.
2/
Tu peux par contre, garderMalwarebytes'Anti-malware et CCleaner. Utilise CCleaner tous les soirs avant de couper le PC (ne prends que quelques secondes!).

N'oublie pas de vacicner tes clés USB, disques durs externes etc...

Cela permet d'éviter un certain nombre d'infections utilisant ce moyen pour se propager.

Tu peux lire cet article qui explique les risques d'infections par supports amovibles.
Tu peux télécharger USBSet de Loup Blanc. Voici un tuto pour configurer correctement l'outil préventif. Comment c'est le cas pour tout vaccin, il n'évitera pas toutes les infections par ce type de support mais permet de réduire le facteur de risques en configurant correctement la machine et la clé.

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.


3/

Il est fortement recommandé d'avoir tous ses logiciels de sécurité à jour, afin d'éviter les failles par lesquelles s'engouffrent les infections.
Cela englobe les mises à jour de windows, du navigateur, de Java, des lecteurs pdf, et notamment reader.

Pour Java, il est possible d'utiliser Javara. Cela permet d'installer la dernière version De Java et d'effacer les anciennes versions.

Pour le lecteur pdf, on peut utiliser des lecteurs alternatifs plus légers, comme Sumatra pdf, à la place de reader.

Pour tester les vulnérabilités et les logiciels non à jour, il est possible de se rendre sur le site de Secunia et de faire une analyse de la machine.

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
4/

/!\ Maintenant que ton PC n'est plus infecté, désactive la "Restauration du système" afin de créer un point de restauration sain.

Pour désactiver ou activer la Restauration du système, tu dois ouvrir une session Administrateur sous Windows XP.

Désactivation :
Clique droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > coche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer et Ok.

Ré-activation :
Suivre le même chemin ; décoche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer et Ok. Redémarre l'ordinateur.

Comment faire pour désactiver la Restauration du système sous XP

Vider les points de Restauration système sous Vista

Activerou désactiver la Restauration du système sous Windows 7

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

5/ Il est très important d'adopter un logiciel permettant de créer des images de son système. En cas de gros plantage, de défaillance matérielle, d'infection incurable, on peut ainsi en quelques minutes remettre sa machine sur pied à partir d'un CD de démarrage spécialement conçu à cet effet. On peut alors conserver une image disque sur sa machine et sur un support extérieur (Disque dur externe). Il existe des solutions commerciales payantes de qualité (Acronis true type, Ghost, Paragon), mais aussi des versions bridées gratuites de ces outils.

Voici DiskWizard, qui est une version bridée gratuite du logiciel Acronis. Elle s'utilise pour les disques de marque Seagate.
Téléchargement : Diskwizard
Tuto : Diskwizard

Pour les disques Western Digital :
Téléchargement : Acronis True Image WD Edition
Tuto : Acronis True Image WD Edition

Pour les disques Maxtor :
Téléchargement : Maxblast
Tuto : Maxblast

Le programme Macrium permet lui aussi de créer des images disques. Un tuto présenté sur cette page.
Il y a aussi DriveImage, qui offre des fonctionnalités intéressantes. Voici un tuto bien sur le site libellule.
Enfin, on peut aussi citer Drive Backup 9 free edition.

Pour windows7, il y a l'outil natif intégré à cette architecture qui est décrit ici.

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

/!\ Pour améliorer la sécurité de ton PC, prends quelques instants pour lire...

Sécuriser son PC +WIFI (versions "hot" & "light") : http://forum.pcastuces.com/sujet.asp?f=25&s=25892

Prévention et protection - Comment vous prémunir : http://forum.pcastuces.com/sujet.asp?f=25&s=36131

Les risques sécuritaires du peer-to-peer en 10 points : http://www.libellules.ch/phpBB2/les-risques-securitaires-du-peer-to-peer-en-10-points-t28947.html

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

S'il te plait, note ton sujet [Résolu] en cliquant sur Marquer comme résolu, à gauche, en bas de la page ou

dans la barre de titre de ton sujet. Merci !

Prudence sur Internet et parle de PC Astuces autour de toi!

Bon surf et sois prudente !

Fill

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 laetimaria  Posté le 08/10/2011 à 08:14  
Petite astucienne

22 Messages

Merci bcp!

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 
Publicité
 laetimaria  Posté le 08/10/2011 à 08:22  
Petite astucienne

22 Messages

Merci bcp!

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Haut de la page 

 > Tous les forumsSécurité

 
Forum PC Astuces© 1997-2014 WebastucesAller en haut de la page