> Tous les forums > Forum Sécurité
 infection rogue et Trojan:Win32/Agent.BI
Ajouter un message à la discussion
Pages : [1] 2 ... Fin
Page 1 sur 2 [Fin]
cocoadsl
  Posté le 23/10/2011 @ 20:13 
Aller en bas de la page 
Astucienne

Tout est dans le titre.

mon ordi se met à ramer sérieusement, surtout quand je veux aller sur ma messagerie hotmail. Je n'arrive pas à ouvrir les pages.

j'ai fais un nettoyage ccleaner et fais une analyse avec malwarebyte qui n'a rien trouvé.

mon antivirus antivir a trouvé ceci :

je n'ai pas téléchargé de logiciel d'anglais

ci dessous le rapport RSIT si vous pouvez m'aider.... merci à tous

Logfile of random's system information tool 1.08 (written by random/random)
Run by Corine at 2011-10-23 20:02:56
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 39 GB (34%) free of 114 GB
Total RAM: 1023 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:03:06, on 23/10/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Philips\SPC230NC\Monitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\Documents and Settings\Corine\Bureau\RSIT.exe
C:\Program Files\trend micro\Corine.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file)
O4 - HKLM\..\Run: [SPC230NC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe
O4 - HKLM\..\Run: [SPC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110823074321
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} (ExtraFilm Uploader Control) - http://www.extrafilm.fr/ExtraFilmUploader6.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {F3DCFC89-8C6E-4052-9176-B7806D188FD5} (Image Uploader Control) - http://www.mypix.com/fr/fr/fw_model/domain/library/aurigma/ImageUploaderPHP/Scripts/ImageUploader7.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{51D58159-664C-49F5-BD55-745B71571195}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{DEFC450F-59A3-404B-87EA-B8A08975FF62}: NameServer = 156.154.70.25,156.154.71.25
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Corine/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 8623 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-04-24 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-28 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-28 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]
{21FA44EF-376D-4D53-9B0F-8A89D3229068}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SPC230NC_Monitor"=C:\WINDOWS\Philips\SPC230NC\Monitor.exe [2007-12-10 323584]
"SPC_Monitor"=C:\WINDOWS\Philips\SPC230NC\Monitor.exe [2007-12-10 323584]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-02-04 281768]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2011-10-20 2497352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-20 15360]
"Gadwin PrintScreen 2.6"=C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [2003-07-16 913408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-09-05 35736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2007-12-22 222080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2007-06-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-11 689488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-20 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R220 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE [2005-03-09 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen 2.6]
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [2003-07-16 913408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-07-01 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-10-29 249064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-04-24 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^dcu.lnk.disabled]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Gestionnaire de lancement d'application fax.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Notification de cadeaux MSN.lnk]
C:\DOCUME~1\Corine\APPLIC~1\MICROS~1\NOTIFI~1\lsnfier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de détection de support Picture Motion Browser.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~3\SonyTray.exe [2003-11-21 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk.disabled]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk]
C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE [2003-12-17 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk.disabled]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TomTom HOME.lnk]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-07-04 139264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSMBalloonTip"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe"="C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe:*:Enabled:Philips Intelligent Agent"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.reg - open - regedit.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-10-21 13:50:24 ----A---- C:\WINDOWS\system32\drivers\sonyhcs.sys
2011-10-21 13:50:23 ----D---- C:\Drivers
2011-10-21 13:50:23 ----A---- C:\WINDOWS\system32\SONYHCY.DLL
2011-10-21 13:50:23 ----A---- C:\WINDOWS\system32\drivers\sonypvs1.sys
2011-10-21 13:50:23 ----A---- C:\WINDOWS\system32\drivers\Sonyhcp.dll
2011-10-21 13:50:23 ----A---- C:\WINDOWS\system32\drivers\sonyhcc.sys
2011-10-21 13:50:23 ----A---- C:\WINDOWS\system32\drivers\sonyhcb.sys
2011-10-21 13:45:45 ----D---- C:\USB_DRV
2011-10-21 13:02:07 ----A---- C:\WINDOWS\system32\cmdcsr.dll

======List of files/folders modified in the last 1 months======

2011-10-23 20:02:58 ----D---- C:\Program Files\Trend Micro
2011-10-23 20:01:39 ----D---- C:\WINDOWS\Prefetch
2011-10-23 19:37:09 ----D---- C:\Mes téléchargements
2011-10-23 19:36:29 ----D---- C:\WINDOWS\system32\NtmsData
2011-10-23 19:35:50 ----SHD---- C:\System Volume Information
2011-10-23 19:28:59 ----D---- C:\WINDOWS\Registration
2011-10-23 19:27:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-10-23 19:24:25 ----D---- C:\WINDOWS\system32\drivers
2011-10-23 19:13:29 ----D---- C:\WINDOWS
2011-10-23 18:58:03 ----D---- C:\WINDOWS\Temp
2011-10-23 18:56:27 ----D---- C:\WINDOWS\system32\CatRoot2
2011-10-23 18:01:03 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-10-22 11:50:06 ----D---- C:\WINDOWS\Help
2011-10-21 17:49:10 ----A---- C:\WINDOWS\NeroDigital.ini
2011-10-21 17:38:11 ----D---- C:\Documents and Settings\Corine\Application Data\vlc
2011-10-21 17:33:30 ----A---- C:\WINDOWS\cdplayer.ini
2011-10-21 14:49:46 ----D---- C:\WINDOWS\system32\CatRoot
2011-10-21 14:49:36 ----HD---- C:\WINDOWS\inf
2011-10-21 14:49:35 ----D---- C:\WINDOWS\system32
2011-10-21 13:50:23 ----HD---- C:\Program Files\InstallShield Installation Information
2011-10-21 12:57:28 ----SHD---- C:\WINDOWS\Installer
2011-10-17 15:02:44 ----D---- C:\Documents and Settings\Corine\Application Data\BitTorrent
2011-10-17 15:02:35 ----D---- C:\WINDOWS\Debug
2011-10-14 06:53:56 ----D---- C:\Program Files\Microsoft Silverlight
2011-10-13 07:08:02 ----D---- C:\Config.Msi
2011-10-13 07:03:32 ----AC---- C:\WINDOWS\system32\MRT.exe
2011-10-11 18:35:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-10-07 19:47:10 ----A---- C:\WINDOWS\system32\guard32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ElbyVCD;ElbyVCD; C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [2002-11-28 22016]
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2011-10-07 97760]
R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [2004-04-02 21760]
R0 nvatabus;nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [2004-06-03 79360]
R0 ohci1394;Contrôleurs hôte IEEE 1394 compatible OHCI; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2004-08-04 61056]
R0 si3112r;Silicon Image SiI 3112 SATARaid Controller; C:\WINDOWS\system32\drivers\si3112r.sys [2003-05-09 89749]
R0 SiFilter;SATALink driver accelerator; C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys [2003-02-12 9600]
R0 SiWinAcc;SiWinAcc; C:\WINDOWS\system32\drivers\SiWinAcc.sys [2003-02-12 9600]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-03-24 715248]
R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-20 41600]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-08-30 138192]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2003-03-06 3840]
R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-12-03 13566]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2011-10-07 492768]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2011-10-07 31704]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-08-30 66616]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-02-28 15440]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-07-04 3230720]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2002-11-28 15360]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\DRIVERS\itchfltr.sys [2003-11-09 12953]
R3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys [2003-11-07 51486]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys [2003-11-07 70798]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-05-25 48640]
R3 NVENET;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2004-01-29 93764]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-05-25 396032]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-20 21248]
R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-05-20 288896]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-20 14848]
S3 aha6xdoi;aha6xdoi; C:\WINDOWS\system32\drivers\aha6xdoi.sys []
S3 BDSelfPr;BDSelfPr; C:\WINDOWS\system32\drivers\BDSelfPr.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\System32\drivers\CDANT.SYS []
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 fbxusb;FreeBox USB Network Adapter; C:\WINDOWS\System32\DRIVERS\fbxusb.sys [2003-12-31 18848]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 PAEAFLT.sys;USB Composite Device; C:\WINDOWS\system32\DRIVERS\PAEAFLT.sys [2007-09-26 8576]
S3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2007-08-04 47360]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
S3 SPC230NC;Philips SPC230NC Webcam; C:\WINDOWS\system32\DRIVERS\SPC230NC.SYS [2007-12-31 461056]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-23 6912]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-05-27 136360]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-08-30 269480]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-07-04 561152]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2011-10-07 1883328]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-28 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-05 71096]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-07-03 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2010-07-19 259440]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S4 C-DillaSrv;C-DillaSrv; C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE [2003-04-01 46080]
S4 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-23 323584]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

le deuxième :

info.txt logfile of random's system information tool 1.08 2011-10-23 20:17:13

======Uninstall list======

-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe -maintain activex
Adobe Photoshop Album 2.0 Edition Découverte-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader X (10.1.1) - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AA1000000001}
alleycat Screensaver-->pysoft_uninstaller.exe /u C:\WINDOWS\System32\alleycat.scr
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x40c
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}\setup.exe" -l0x40c
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVIcodec (remove only)-->"C:\Program Files\AVIcodec\uninst.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bink and Smacker-->C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG
BitTorrent-->C:\Program Files\BitTorrent\uninst.exe
BSPlayer-->"C:\Program Files\BSPlayer\uninstall.exe"
Canon MP Navigator EX 2.0-->"C:\Program Files\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 2.0\uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
CanoScan LiDE 200 Scanner Driver-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807 /L0x000c
CanoScan Toolbox 4.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}\setup.exe" -l0x40c anything
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
CloneCD-->"C:\Program Files\Elaborate Bytes\CloneCD\ccd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneCD"
COMODO Internet Security-->MsiExec.exe /I{FD8E178D-8B4E-42DA-B434-EFF270329B1C}
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
EAX Unified-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1DF4AC80-F76B-42AE-A263-15D2313D4472}\SETUP.EXE" -l0x40c UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x40c UNINST
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Print CD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x40c -SYSTEM
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
ESPR220 Guide util.-->C:\Program Files\EPSON\TPMANUAL\ESPR220\REF_G\DOCUNINS.EXE
ffdshow v1.1.3562 [2010-09-07]-->"C:\Program Files\ffdshow\unins000.exe"
Free - Kit de connexion-->C:\Program Files\Free.fr\uninstall.exe
Gadwin PrintScreen-->C:\Program Files\Gadwin Systems\PrintScreen\Uninstall.exe
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
Java(TM) 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216024FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
K-Lite Codec Pack 7.1.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Light Image Resizer 4.0.8.0-->"C:\Program Files\ObviousIdea\Image Resizer 4\unins000.exe"
Logiciel iTouch de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" -l0x40c UNINSTALL
Logitech MouseWare 9.79 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x40c -l040c UNINSTALL
Ma-Config.com-->MsiExec.exe /X{207BB01A-0163-43E0-8CE9-BE494505BE0F}
Malwarebytes' Anti-Malware version 1.51.2.1300-->"C:\Program Files\Malwarebytes' Anti-Malware\unins001.exe"
Manual CanoScan 3200,3200F-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9C54C44-BB5A-4B03-8907-C01A9790195A}\setup.exe" -l0x40c
Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync 3.8-->"C:\WINDOWS\ISUN040C.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Text To Speech Engine-->MsiExec.exe /X{647B6F8B-645C-4992-99D8-49202C689C05}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{6AFCA4E1-9B78-3640-8F72-A7BF33448200}
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Essentials-->MsiExec.exe /X{66EBD70F-A42C-475F-AEDF-277378151036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
NVIDIA nForce Drivers-->C:\WINDOWS\System32\NVUninst.exe Uninstall C:\WINDOWS\System32\NVU001.nvu,NVIDIA nForce Drivers
NvMixer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Philips Intelligent Agent-->"C:\Program Files\Philips\Intelligent Agent\Uninst\unins000.exe"
Philips SPC230NC Webcam-->C:\Program Files\InstallShield Installation Information\{05F350C6-FA6A-40D0-A130-FB941B39152C}\Setup.exe -runfromtemp -l0x040c -removeonly
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Picture Package-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x40c UNINSTALL
PIF DESIGNER-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x40c anything
Pilote Webcam pour DiMAGE KONICA_MINOLTA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99E67091-D392-4031-AD2A-E9547F3615F8}\setup.exe" -l0x40c
QuickTime-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1036
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Revo Uninstaller 1.92-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
SATARaid-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91649626-E343-11D5-BCEF-005004748D87}\Setup.exe" -l0x9
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sierra Utilities-->C:\Program Files\Sierra On-Line\sutil32.exe uninstall
Sony USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
TeamViewer 6-->C:\Program Files\TeamViewer\Version6\uninstall.exe
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
TreeSize Professional 3-->"C:\Program Files\JAM Software\TreeSize Professional\unins000.exe"
Ulead DVD PictureShow 2 SE Basic-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9212616-FCA2-4173-BD99-5C741EB3A068}\setup.exe" -l0x40c
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VDownloader 1.13-->"C:\Program Files\VDownloader 1.13\unins000.exe"
VLC media player 1.1.11-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{B3B487E7-6171-4376-9074-B28082CEB504}
Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 hi.studioaperto.net
127.0.0.1 www.webbrowser.tv
127.0.0.1 www.wazzupnet.com
127.0.0.1 gueb.com
127.0.0.1 kabex.com

======Security center information======

AV: Bitdefender Antivirus (outdated)
AV: AntiVir Desktop
FW: COMODO Firewall

======System event log======

Computer Name: PC-CORINE
Event Code: 7036
Message: Le service NLA (Network Location Awareness) est entré dans l'état : en cours d'exécution.

Record Number: 4571
Source Name: Service Control Manager
Time Written: 20110825125515.000000+120
Event Type: Informations
User:

Computer Name: PC-CORINE
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.

Record Number: 4570
Source Name: Service Control Manager
Time Written: 20110825125515.000000+120
Event Type: Informations
User:

Computer Name: PC-CORINE
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).

Record Number: 4569
Source Name: Service Control Manager
Time Written: 20110825125515.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: PC-CORINE
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.

Record Number: 4568
Source Name: Service Control Manager
Time Written: 20110825125515.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: PC-CORINE
Event Code: 7036
Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.

Record Number: 4567
Source Name: Service Control Manager
Time Written: 20110825125514.000000+120
Event Type: Informations
User:

=====Application event log=====

Computer Name: PC-CORINE
Event Code: 11729
Message: Produit : Microsoft Office XP Professional -- La configuration a échoué.

Record Number: 8107
Source Name: MsiInstaller
Time Written: 20110415071454.000000+120
Event Type: Informations
User: PC-CORINE\Corine

Computer Name: PC-CORINE
Event Code: 1001
Message: Échec de détection du produit '{9211040C-6000-11D3-8CFE-0050048383C9}', fonctionnalité 'ProductNonBootFiles' lors de la demande du composant '{1FCD556D-BEFF-4EC5-AAB2-5735D6AB8027}'

Record Number: 8106
Source Name: MsiInstaller
Time Written: 20110415071453.000000+120
Event Type: Avertissement
User: PC-CORINE\Corine

Computer Name: PC-CORINE
Event Code: 1004
Message: Échec de détection du produit '{9211040C-6000-11D3-8CFE-0050048383C9}', fonctionnalité 'ProductNonBootFiles', composant '{19D39DFE-675D-4FF8-80BD-092CF5894B84}. La ressource 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{42042206-2D85-11D3-8CFF-005004838597}' n'existe pas

Record Number: 8105
Source Name: MsiInstaller
Time Written: 20110415071453.000000+120
Event Type: Avertissement
User: PC-CORINE\Corine

Computer Name: PC-CORINE
Event Code: 11729
Message: Produit : Microsoft Office XP Professional -- La configuration a échoué.

Record Number: 8104
Source Name: MsiInstaller
Time Written: 20110415071453.000000+120
Event Type: Informations
User: PC-CORINE\Corine

Computer Name: PC-CORINE
Event Code: 1001
Message: Échec de détection du produit '{9211040C-6000-11D3-8CFE-0050048383C9}', fonctionnalité 'ProductNonBootFiles' lors de la demande du composant '{354C28B3-3BD8-4DD8-8C26-38826E53675B}'

Record Number: 8103
Source Name: MsiInstaller
Time Written: 20110415071453.000000+120
Event Type: Avertissement
User: PC-CORINE\Corine

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Fichiers communs\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------



Modifié par cocoadsl le 29/10/2011 14:57
Publicité
chrifleur
 Posté le 23/10/2011 à 21:24 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

bonsoir

rapport en examen

chrifleur
 Posté le 23/10/2011 à 21:30 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

à faire examiner sur virus total

Virus Total - Tutoriel

C:\WINDOWS\system32\drivers\aha6xdoi.sys

cocoadsl
 Posté le 24/10/2011 à 07:04 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucienne

chrifleur, et merci pour votre aide

je viens d'aller voir dans windows - system32 - drivers, mais il n'y a pas ce fichier quev ous m'indiquez dedant ...



Modifié par cocoadsl le 24/10/2011 07:17
chrifleur
 Posté le 24/10/2011 à 07:42 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

as tu alcoohol?

cocoadsl
 Posté le 24/10/2011 à 14:46 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucienne

non

chrifleur
 Posté le 24/10/2011 à 19:04 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

poste ce rapport stp

  • Télécharge OTL (de Old_Timer) sur ton bureau,
  • Double-clique sur son icône pour le démarrer. Si tu es sous Vista ou 7, démarre par clic droit, exécuter en tant qu'administrateur. Assure toi d'avoir fermé le maximum de fenêtres ouvertes, avant ce qui suit.
  • Coche la case "Tous les utilisateurs",
  • Dans la fenêtre "Personnalisation", colle ces lignes :

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
SAVEMBR:0
%ALLUSERSPROFILE\%Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
wininit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Clique ensuite sur le bouton "Analyse" puis patiente pour que l'outil analyse le pc. Cela peut durer quelques minutes, selon l'état du système.
  • A la fin de l'analyse, la fenêtre du bloc-note s'ouvre. Elle s'appelle OTL.txt
  • Copie-colle ce texte dans ta prochaine réponse. Si un message d'erreur apparait, c'est parce que le rapport est trop long. Il faut alors l'éditer en plusieurs messages sans rien oublier.
  • Pour sélectionner le texte : CTRL+A
  • Pour copier le texte sélectionné : CTRL+C,
  • Pour coller le texte dans ta prochaine réponse : CRTL+V
cocoadsl
 Posté le 25/10/2011 à 19:09 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucienne

voilà le résultat du scan de OTL - Petite précision : une fois le rapport posté, j'ai laissé cette fenêtre ouverte (et seulement elle) et au bout de 2 minutes, mon antivirus m'a dit qu'il a trouvé ceci (les2 premières lignes) :

OTL logfile created on: 25/10/2011 18:53:09 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Corine\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1023,48 Mb Total Physical Memory | 432,31 Mb Available Physical Memory | 42,24% Memory free
2,41 Gb Paging File | 1,88 Gb Available in Paging File | 77,99% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,78 Gb Total Space | 37,91 Gb Free Space | 33,92% Space Free | Partition Type: NTFS

Computer Name: PC-CORINE | User Name: Corine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011/10/25 07:04:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Corine\Bureau\OTL.exe
PRC - [2011/10/20 13:58:40 | 002,497,352 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/10/07 19:47:13 | 001,883,328 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/08/30 17:40:35 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/05/27 13:57:28 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/02/04 12:08:48 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/03/05 00:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2010/01/14 21:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2007/12/10 16:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\Philips\SPC230NC\Monitor.exe
PRC - [2007/06/13 15:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2003/07/16 11:29:24 | 000,913,408 | ---- | M] (Gadwin Systems, Inc.) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2001/02/23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2010/06/17 14:28:02 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/03/05 00:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2004/09/16 11:49:04 | 000,009,216 | ---- | M] () -- C:\WINDOWS\system32\tpfmon.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- -- (usnjsvc)
SRV - [2011/10/07 19:47:13 | 001,883,328 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/08/30 17:40:35 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/27 13:57:28 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/07/19 14:59:54 | 000,259,440 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2010/03/05 00:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2007/06/01 11:21:30 | 000,271,920 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/05/28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2005/04/04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/04/01 12:21:48 | 000,046,080 | ---- | M] (C-Dilla Ltd) [Disabled | Stopped] -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE -- (C-DillaSrv)
SRV - [2001/02/23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011/10/07 19:48:02 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/10/07 19:48:01 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/10/07 19:48:00 | 000,492,768 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/08/30 17:40:39 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/08/30 17:40:39 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/01 14:05:04 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2009/11/12 15:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/07/04 08:33:33 | 003,230,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/05/20 10:01:00 | 000,288,896 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/03/24 15:31:22 | 000,715,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/12/31 17:19:50 | 000,461,056 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPC230NC.SYS -- (SPC230NC)
DRV - [2007/09/26 15:28:46 | 000,008,576 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PAEAFLT.sys -- (PAEAFLT.sys)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/04 08:08:21 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/06/03 10:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2004/05/25 15:58:04 | 000,396,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2004/05/25 15:58:02 | 000,048,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2004/04/02 15:40:00 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2004/01/29 01:45:50 | 000,093,764 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2003/12/31 12:35:16 | 000,018,848 | ---- | M] (FreeBox SA) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fbxusb.sys -- (fbxusb)
DRV - [2003/12/03 18:44:58 | 000,013,566 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2003/11/09 00:24:17 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2003/11/07 11:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/11/07 11:50:00 | 000,051,486 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2003/09/20 08:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/05/09 11:55:02 | 000,089,749 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112r.sys -- (si3112r)
DRV - [2003/04/01 12:23:22 | 000,058,288 | ---- | M] (Macrovision) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CDANT.SYS -- (C-Dilla)
DRV - [2003/03/06 14:48:08 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2003/02/12 08:37:48 | 000,009,600 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiWinAcc)
DRV - [2003/02/12 08:37:48 | 000,009,600 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2002/11/28 16:18:04 | 000,015,360 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2002/11/28 12:43:49 | 000,022,016 | ---- | M] (Elaborate Bytes AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys -- (ElbyVCD)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2001/08/17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1409082233-343818398-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-21-1409082233-343818398-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1409082233-343818398-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-1409082233-343818398-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D9 FD 68 D7 1B 17 CC 01 [binary data]
IE - HKU\S-1-5-21-1409082233-343818398-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/04/24 07:22:04 | 000,000,000 | ---D | M]

[2006/11/02 11:13:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/10/25 18:57:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2006/10/26 17:36:45 | 002,078,344 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

[color=#E56717]========== Chrome ==========[/color]


O1 HOSTS File: ([2011/04/06 21:54:29 | 000,360,356 | -HS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 babe.the-killer.bz
O1 - Hosts: 127.0.0.1 babe.k-lined.com
O1 - Hosts: 127.0.0.1 did.i-used.cc
O1 - Hosts: 127.0.0.1 coolwwwsearch.com
O1 - Hosts: 127.0.0.1 coolwebsearch.com
O1 - Hosts: 127.0.0.1 hi.studioaperto.net
O1 - Hosts: 127.0.0.1 www.webbrowser.tv
O1 - Hosts: 127.0.0.1 www.wazzupnet.com
O1 - Hosts: 127.0.0.1 gueb.com
O1 - Hosts: 127.0.0.1 kabex.com
O1 - Hosts: 127.0.0.1 www.hityou.com
O1 - Hosts: 127.0.0.1 miosearch.com
O1 - Hosts: 127.0.0.1 wazzupnet.com
O1 - Hosts: 127.0.0.1 213.131.225.2
O1 - Hosts: 127.0.0.1 www.blue-elefant.com
O1 - Hosts: 127.0.0.1 babeweb.de
O1 - Hosts: 127.0.0.1 start-seite.com
O1 - Hosts: 127.0.0.1 sexolymp.com
O1 - Hosts: 127.0.0.1 toriii.cc
O1 - Hosts: 127.0.0.1 www.xtipp.de
O1 - Hosts: 127.0.0.1 urawa.cool.ne.jp
O1 - Hosts: 127.0.0.1 777search.com
O1 - Hosts: 127.0.0.1 ace-webmaster.com
O1 - Hosts: 127.0.0.1 aifind.info
O1 - Hosts: 12409 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1409082233-343818398-682003330-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1409082233-343818398-682003330-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [SPC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SPC230NC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKU\S-1-5-21-1409082233-343818398-682003330-1003..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-343818398-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1409082233-343818398-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1409082233-343818398-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110823074321 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} http://www.extrafilm.fr/ExtraFilmUploader6.cab (ExtraFilm Uploader Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F3DCFC89-8C6E-4052-9176-B7806D188FD5} http://www.mypix.com/fr/fr/fw_model/domain/library/aurigma/ImageUploaderPHP/Scripts/ImageUploader7.cab (Image Uploader Control)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51D58159-664C-49F5-BD55-745B71571195}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51D58159-664C-49F5-BD55-745B71571195}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEFC450F-59A3-404B-87EA-B8A08975FF62}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEFC450F-59A3-404B-87EA-B8A08975FF62}: NameServer = 156.154.70.25,156.154.71.25
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) -C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\dimsntfy: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Corine/LOCALS~1/Temp/msohtml1/01/clip_image002.gif
O24 - Desktop Components:1 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Corine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Corine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 17:23:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^dcu.lnk.disabled - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Gestionnaire de lancement d'application fax.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^McAfee Security Scan Plus.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Notification de cadeaux MSN.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de détection de support Picture Motion Browser.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe - (Sony Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk.disabled - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe - (Sony Corporation.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk.disabled - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TomTom HOME.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: eMuleAutoStart - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: EPSON Stylus Photo R220 Series - hkey= - key= - File not found
MsConfig - StartUpReg: Gadwin PrintScreen 2.6 - hkey= - key= - C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc.)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - File not found
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Fichier Lisez-moi d'Internet Explorer
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {12322000-FC00-BC00-0000-123220000001} - Free - Kit de connexion
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Lecteur Windows Media Microsoft 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {839117ee-2132-4bae-a56a-42b50204c9b9} - KB889293
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{CB58DED6-4AF3-4080-9DF1-DEE72075169F} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: WriteRegStr -

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: MSACM.CEGSM - C:\WINDOWS\System32\mobileV.acm ()
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin



Modifié par cocoadsl le 25/10/2011 19:59
cocoadsl
 Posté le 25/10/2011 à 19:59 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucienne

la suite :

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/10/25 07:04:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Corine\Bureau\OTL.exe
[2011/10/24 15:20:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Corine\Recent
[2011/10/21 17:34:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Corine\Bureau\samba
[2011/10/21 14:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Corine\Bureau\camescope mike2
[2011/10/21 13:50:24 | 000,299,923 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\sonyhcs.sys
[2011/10/21 13:50:23 | 000,102,220 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\sonypvs1.sys
[2011/10/21 13:50:23 | 000,053,248 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\SONYHCY.DLL
[2011/10/21 13:50:23 | 000,038,739 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\sonyhcc.sys
[2011/10/21 13:50:23 | 000,006,097 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\sonyhcb.sys
[2011/10/21 13:50:23 | 000,000,000 | ---D | C] -- C:\Drivers
[2011/10/21 13:45:45 | 000,000,000 | ---D | C] -- C:\USB_DRV
[2011/10/21 13:02:07 | 000,033,984 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2011/10/17 18:14:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Corine\Bureau\CALENDRIER
[2011/10/10 19:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Corine\Bureau\pour Aimée
[2011/10/03 17:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Corine\Bureau\musiques pour elèves
[2011/09/26 07:25:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\VideoLAN
[2011/08/08 20:32:47 | 003,210,008 | ---- | C] (TeamViewer GmbH) -- C:\Program Files\TeamViewer_Setup_fr.exe
[2010/07/04 13:36:42 | 002,131,336 | ---- | C] (Ask.com ) -- C:\Program Files\Fichiers communs\AskToolbarInstaller.exe
[2009/09/06 10:08:01 | 003,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\malwarebyte.exe
[2007/08/04 19:48:42 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Corine\Application Data\pcouffin.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[470 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/10/25 18:55:36 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/10/25 18:45:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/25 07:04:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Corine\Bureau\OTL.exe
[2011/10/23 19:40:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011/10/23 17:04:55 | 000,935,042 | ---- | M] () -- C:\Documents and Settings\Corine\Bureau\notice samsung.PDF
[2011/10/22 13:40:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011/10/21 17:49:10 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/10/21 17:49:08 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Corine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/21 17:33:30 | 000,010,631 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011/10/21 14:13:00 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/10/21 14:03:41 | 000,002,559 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Microsoft Word.lnk
[2011/10/21 12:52:24 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/20 06:56:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/17 18:00:00 | 000,000,424 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/10/16 13:40:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/10/07 19:48:02 | 000,097,760 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/10/07 19:48:01 | 000,031,704 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/10/07 19:48:00 | 000,492,768 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/10/07 19:47:59 | 000,018,056 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/10/07 19:47:11 | 000,033,984 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2011/10/07 19:47:10 | 000,300,200 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2011/09/26 10:23:50 | 739,309,704 | ---- | M] () -- C:\Documents and Settings\Corine\Bureau\les femmes du 6em etage.avi
[2011/09/26 07:25:07 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\Corine\Mes documents\VLC media player.lnk
[2011/09/26 07:23:23 | 021,073,936 | ---- | M] () -- C:\Documents and Settings\Corine\Mes documents\vlc-1.1.11-win32.exe
[2011/09/26 07:22:15 | 001,178,704 | ---- | M] () -- C:\Documents and Settings\Corine\Mes documents\MAJ_premio st3.53.bin
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[470 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/10/25 07:08:47 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/10/23 17:04:52 | 000,935,042 | ---- | C] () -- C:\Documents and Settings\Corine\Bureau\notice samsung.PDF
[2011/10/21 13:50:23 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2011/09/26 13:52:07 | 739,309,704 | ---- | C] () -- C:\Documents and Settings\Corine\Bureau\les femmes du 6em etage.avi
[2011/09/26 07:25:07 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\Corine\Mes documents\VLC media player.lnk
[2011/09/26 07:23:08 | 021,073,936 | ---- | C] () -- C:\Documents and Settings\Corine\Mes documents\vlc-1.1.11-win32.exe
[2011/09/26 07:22:13 | 001,178,704 | ---- | C] () -- C:\Documents and Settings\Corine\Mes documents\MAJ_premio st3.53.bin
[2011/07/18 18:39:16 | 000,000,246 | ---- | C] () -- C:\Documents and Settings\Corine\Local Settings\Application Data\Images.fl
[2011/06/11 13:03:45 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/06/11 13:03:41 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/05/26 12:10:47 | 000,631,808 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/01/14 21:50:07 | 000,337,080 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/11 19:59:02 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/11/11 15:48:33 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/11/06 11:44:27 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/02/17 19:59:08 | 001,188,864 | ---- | C] () -- C:\Documents and Settings\Corine\Application Data\questdb.v12
[2010/02/17 19:59:08 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Corine\Application Data\CDRusersDB.v12
[2009/02/16 15:41:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/01/09 21:31:28 | 000,000,842 | ---- | C] () -- C:\WINDOWS\System32\SPC230NC.INI
[2008/07/23 13:12:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/07/04 04:48:42 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/07/04 04:48:42 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/07/04 04:48:42 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/06/10 23:50:17 | 000,174,819 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/01/02 14:29:35 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/09 11:03:03 | 000,003,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\118300.34
[2007/12/09 11:02:58 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe
[2007/12/09 11:02:58 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\Machnm64.sys
[2007/12/09 11:02:58 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2007/12/02 21:10:26 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2007/12/02 19:35:52 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/11/17 13:26:29 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/08/04 19:48:42 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Corine\Application Data\inst.exe
[2007/08/04 19:48:42 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Corine\Application Data\pcouffin.cat
[2007/08/04 19:48:42 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Corine\Application Data\pcouffin.inf
[2007/01/17 09:20:34 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\tpfmon.dll
[2006/11/02 11:12:02 | 000,000,341 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/26 21:28:39 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/03/28 21:48:53 | 000,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2006/03/28 21:48:52 | 000,006,850 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2006/03/28 21:48:52 | 000,006,057 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2006/03/09 15:09:14 | 000,000,018 | ---- | C] () -- C:\WINDOWS\Winzip32.ini
[2006/01/16 19:50:39 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/01/16 19:50:38 | 000,094,486 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/01/16 19:50:38 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/01/16 19:50:38 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2006/01/16 19:50:38 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2006/01/16 19:50:38 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2006/01/16 19:50:38 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2006/01/16 19:50:38 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2006/01/16 19:50:38 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2006/01/16 19:50:38 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2006/01/16 19:50:38 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2006/01/16 19:50:38 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2006/01/16 19:50:38 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2006/01/16 19:50:38 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2006/01/16 19:50:38 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2006/01/16 19:50:38 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2006/01/16 19:50:38 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2006/01/16 19:46:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER220.ini
[2005/10/13 09:11:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sirenacm(2).dll
[2005/09/29 14:25:51 | 000,010,631 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/09/27 17:44:25 | 000,000,011 | ---- | C] () -- C:\WINDOWS\Ikosoft.ini
[2005/09/27 17:44:22 | 000,057,344 | R--- | C] () -- C:\WINDOWS\System32\cp8lib.dll
[2005/09/27 17:44:22 | 000,049,664 | R--- | C] () -- C:\WINDOWS\System32\cp8srv.exe
[2005/09/27 17:44:22 | 000,000,158 | R--- | C] () -- C:\WINDOWS\System32\icchscr.ini
[2005/03/14 14:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005/03/04 15:10:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2004/12/16 16:36:04 | 000,262,144 | ---- | C] () -- C:\WINDOWS\SDL_mixer.dll
[2004/12/16 16:36:04 | 000,225,280 | ---- | C] () -- C:\WINDOWS\SDL.dll
[2004/12/16 16:35:36 | 000,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2004/12/05 12:45:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/12/03 14:17:37 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2004/12/03 11:22:11 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/12/02 14:36:20 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2004/12/02 14:33:43 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/12/02 14:32:26 | 000,000,674 | ---- | C] () -- C:\WINDOWS\TSC.INI
[2004/12/02 09:55:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wrauclt.exe
[2004/10/13 14:27:27 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/10/09 12:30:34 | 000,070,656 | ---- | C] () -- C:\WINDOWS\pysoft_uninstaller.exe
[2004/10/09 12:30:16 | 000,665,088 | ---- | C] () -- C:\WINDOWS\Enchanted Forest.exe
[2004/10/09 12:30:16 | 000,334,336 | ---- | C] () -- C:\WINDOWS\Psychedelico.exe
[2004/10/09 12:30:16 | 000,000,056 | ---- | C] () -- C:\WINDOWS\Enchanted Forest.dat
[2004/10/09 12:30:16 | 000,000,040 | ---- | C] () -- C:\WINDOWS\Psychedelico.dat
[2004/10/09 12:30:07 | 000,338,176 | ---- | C] () -- C:\WINDOWS\Blaze.exe
[2004/10/09 12:30:07 | 000,054,784 | ---- | C] () -- C:\WINDOWS\UnInstallX.exe
[2004/10/09 12:30:07 | 000,004,240 | ---- | C] () -- C:\WINDOWS\Blaze.com
[2004/10/09 12:29:36 | 000,000,026 | ---- | C] () -- C:\WINDOWS\brassi.dat
[2004/10/09 12:29:17 | 000,000,102 | ---- | C] () -- C:\WINDOWS\ministry.ini
[2004/09/25 12:16:34 | 000,042,771 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2004/09/20 17:06:04 | 000,000,050 | ---- | C] () -- C:\WINDOWS\3D Text Factory.INI
[2004/09/14 15:47:04 | 000,065,536 | ---- | C] () -- C:\Documents and Settings\Corine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/03 17:16:34 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\Docobj.dll
[2004/09/03 14:26:26 | 000,150,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\MLTCAP.sys
[2004/08/31 17:45:18 | 000,000,282 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/08/31 17:40:00 | 000,000,660 | ---- | C] () -- C:\WINDOWS\disney.ini
[2004/08/28 17:05:06 | 000,000,037 | ---- | C] () -- C:\WINDOWS\HFREP.INI
[2004/08/28 17:05:03 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WD.INI
[2004/08/27 15:47:46 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2004/08/27 15:22:02 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2004/08/27 15:15:01 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2004/08/27 15:10:11 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/08/27 15:10:11 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/08/27 15:10:11 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/08/27 15:10:11 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/08/27 15:10:11 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/08/27 15:10:11 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/08/27 14:08:27 | 000,000,601 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/26 18:45:41 | 000,000,291 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2004/08/26 18:44:53 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2004/08/26 18:44:21 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/08/26 18:44:11 | 000,010,519 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/08/26 18:43:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\MMAVILNG.exe
[2004/08/26 18:32:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/26 18:31:39 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2004/08/26 18:10:19 | 000,003,611 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2004/08/26 18:10:02 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004/08/26 17:44:26 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/26 17:43:39 | 000,173,872 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/26 17:25:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/26 17:21:31 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/11/07 05:00:00 | 000,413,760 | R--- | C] () -- C:\WINDOWS\System32\mpg4c32.dll
[2002/11/07 05:00:00 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/11/07 05:00:00 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2002/11/01 17:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/08/29 12:18:54 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/07/04 16:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/04/09 18:17:14 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004728_.tmp.dll
[2001/12/14 14:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/08/28 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/28 14:00:00 | 000,501,192 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2001/08/28 14:00:00 | 000,432,978 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/28 14:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2001/08/28 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/28 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/28 14:00:00 | 000,081,004 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2001/08/28 14:00:00 | 000,067,742 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/28 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/28 14:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2001/08/28 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/28 14:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004696_.tmp.dll
[2001/08/28 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

[color=#E56717]========== Custom Scans ==========[/color]


Invalid Environment Variable: ALLUSERSPROFILE\

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
[2011/05/02 20:35:44 | 000,198,984 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Comodo\Installer\ComodoCleanup.exe
[5 C:\Documents and Settings\All Users\Application Data\Comodo\Installer\*.tmp files -> C:\Documents and Settings\All Users\Application Data\Comodo\Installer\*.tmp -> ]
[2011/10/11 18:35:13 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

[color=#A23BEC]< %APPDATA%\*. >[/color]
[2011/04/28 14:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\.purple
[2011/05/01 20:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\Adobe
[2005/09/17 14:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\AdobeAUM
[2008/06/22 21:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\AdobeUM
[2010/11/11 15:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\Ahead
[2007/12/16 17:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\Apple Computer
[2009/06/23 16:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\ArcSoft
[2005/06/09 15:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\AVG7
[2011/05/26 17:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\Avira
[2011/07/18 18:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\BeSpotted
[2007/12/02 20:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\Bitdefender
[2011/10/17 15:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\BitTorrent
[2010/11/06 11:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\Canneverbe Limited
[2010/06/12 18:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\Canon
[2004/09/03 13:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\DIMAGE
[2009/08/26 20:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\DivX
[2011/02/27 15:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\dvdcss
[2006/03/14 14:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\Elaborate Bytes
[2006/01/16 20:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\EPSON
[2009/10/05 18:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\Google
[2011/04/15 19:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\gtk-2.0
[2004/08/26 18:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\Help
[2005/06/20 10:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\Identities
[2009/12/28 17:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\ImgBurn
[2009/01/09 21:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\InstallShield
[2004/08/31 10:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\InterVideo
[2010/01/10 15:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\Lavasoft
[2005/09/17 14:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\Leadertech
[2004/10/08 13:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\Macromedia
[2009/09/06 10:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\Malwarebytes
[2011/06/15 15:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\Media Player Classic
[2011/05/26 09:49:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Corine\Application Data\Microsoft
[2011/08/23 09:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\ObviousIdea
[2009/09/26 11:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\Real
[2011/04/22 08:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\Samsung
[2004/08/27 15:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\ScanSoft
[2007/04/16 08:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\Screenshot Sender
[2009/01/23 20:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\Sony Corporation
[2006/08/05 13:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\Sun
[2006/11/02 14:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\Talkback
[2011/08/08 20:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\TeamViewer
[2010/11/14 12:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\thecleaner
[2011/05/23 18:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\U3
[2004/09/03 12:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\Ulead Systems
[2011/04/29 09:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\Uniblue
[2010/12/26 20:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\uTorrent
[2011/10/21 17:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\vlc
[2010/07/04 18:10:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\Vso
[2004/12/19 19:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corine\Application Data\XnView

[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2010/07/04 18:10:13 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Corine\Application Data\inst.exe
[2007/01/11 08:51:08 | 023,489,040 | ---- | M] ( ) -- C:\Documents and Settings\Corine\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
[2011/05/26 09:49:52 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Corine\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2011/04/15 18:42:54 | 000,086,576 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Corine\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
[2011/04/15 18:42:54 | 000,132,672 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Corine\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
[2006/08/15 10:15:04 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Corine\Application Data\U3\temp\cleanup.exe

[color=#A23BEC]< %temp%\.exe /s >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[470 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[2008/03/24 15:31:22 | 000,715,248 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2004/08/26 18:42:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/26 18:42:44 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/26 18:42:44 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2004/12/16 17:15:38 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/12/16 17:15:38 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010/07/30 07:14:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\agp440.sys
[2004/08/04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004/08/04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2002/08/29 12:17:04 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/12/16 17:15:38 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/12/16 17:15:38 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010/07/30 07:14:58 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\sp3.cab:atapi.sys
[2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\atapi.sys
[2004/08/04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0019\DriverFiles\i386\atapi.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2004/08/20 01:09:25 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/20 01:09:25 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/20 01:09:25 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\system32\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\eventlog.dll

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2004/08/20 01:09:53 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 15:10:53 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=B795475444D6D57A572C14B9E1A29839 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 15:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007/06/13 15:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\explorer.exe
[2007/06/13 15:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\netlogon.dll
[2004/08/20 01:09:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/20 01:09:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/20 01:09:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 20:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 20:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

[color=#A23BEC]< MD5 for: NVATABUS.SYS >[/color]
[2004/06/03 10:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\WINDOWS\system32\drivers\nvatabus.sys

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2004/08/20 01:09:39 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/20 01:09:39 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/20 01:09:39 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\system32\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\scecli.dll

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2004/08/20 01:10:04 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/08/20 01:10:04 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004/08/20 01:10:04 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\system32\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\winlogon.exe

[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/05 15:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/05 15:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/05 15:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/05 15:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/05 15:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/05 15:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

PS : ça vaut rien malwarebyte, il n'a pas trouvé de logiciel nuisible alors que Antivir l'a trouvé.....



Modifié par cocoadsl le 25/10/2011 20:54
Publicité
chrifleur
 Posté le 26/10/2011 à 10:45 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

malwarebytes n'est pas un antivirus! comme son nom l'indique..

on continue

  • Relance OTL
  • Copie-colle ceci dans la fenêtre personnalisation :

Instructions :

:OTL
[2007/12/09 11:03:03 | 000,003,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\118300.34
[2007/08/04 19:48:42 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Corine\Application Data\inst.exe
[2002/11/01 17:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/04/09 18:17:14 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004728_.tmp.dll
[2001/08/28 14:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004696_.tmp.dll
[2010/07/04 18:10:13 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Corine\Application Data\inst.exe
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^dcu.lnk.disabled - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Gestionnaire de lancement d'application fax.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^McAfee Security Scan Plus.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Notification de cadeaux MSN.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de détection de support Picture Motion Browser.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk.disabled - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk.disabled - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TomTom HOME.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: eMuleAutoStart - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: EPSON Stylus Photo R220 Series - hkey= - key= - File not found
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - File not found
MsConfig - StartUpReg: swg - hkey= - key= - File not found

:files

c:\Mes téléchargements\vdownloader1.23_anglais_38422.exe

:commands
[EmptyTemp]
[EmptyFlash]
[Purity]
[ResetHosts]

  • Clique ensuite sur Correction et laisse l'outil travailler.
  • Poste le contenu du nouveau rapport (il s'agit d'un fichier "LOG" contenant les dates et heures du pc, sauvegardé dans le dossier %racine%\_OTL\MovedFiles) qui doit s'ouvrir avec le bloc-notes. Comme précédemment, tu peux utiliser les raccourcis clavier (CTRL+A, CTRL+C et CTRL+V)

fais ce scan en ligne et poste le rapport

ESET Online Scanner - Tutoriel

cocoadsl
 Posté le 26/10/2011 à 19:57 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucienne

euh, tu veux bien m'expliquer ce que ce genre de manipulation va provoquer.... ça me fait très peur là...

chrifleur
 Posté le 26/10/2011 à 21:19 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

cela va supprimer des fichers infectieux..

[2007/12/09 11:03:03 | 000,003,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\118300.34 => Infection Rogue

http://forum.malekal.com/virus-coriace-t33084.html


[2007/08/04 19:48:42 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Corine\Application Data\inst.exe => Infection BT (Adware.Agent)


[2002/11/01 17:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini => Infection Diverse->ADS:vthwi - Trojan:Win32/Agent.BI


[2002/04/09 18:17:14 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004728_.tmp.dll => Infection Diverse

http://forum.malekal.com/virus-rootkit-win32-agent-dwi-t20090.html


[2001/08/28 14:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004696_.tmp.dll => Infection Diverse

http://forum.malekal.com/virus-rootkit-win32-agent-dwi-t20090.html


[2010/07/04 18:10:13 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Corine\Application Data\inst.exe => Infection BT (Adware.Agent)

c:\Mes téléchargements\vdownloader1.23_anglais_38422.exe ==< que tu m'as désigné


et cela va supprimer des clés qui mènent vers des fichiers manquants (supprimés)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^dcu.lnk.disabled - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Gestionnaire de lancement d'application fax.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^McAfee Security Scan Plus.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Notification de cadeaux MSN.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de détection de support Picture Motion Browser.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk.disabled - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk.disabled - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TomTom HOME.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: eMuleAutoStart - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: EPSON Stylus Photo R220 Series - hkey= - key= - File not found
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - File not found
MsConfig - StartUpReg: swg - hkey= - key= - File not found


:commands
[EmptyTemp] ==> va vider tes fichiers temporaires
[EmptyFlash] ==> va vider ton cache java
[Purity] ==> fais une recherche sur cette vieille infection
[ResetHosts] ==> va remettre ton fichier host à 0

mais tu fais comme bon te semble, tu n'es pas obligée de me faire confiance....



Modifié par chrifleur le 26/10/2011 21:22
cocoadsl
 Posté le 27/10/2011 à 07:53 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucienne

ce n'est pas du tout ce que je voulais dire. Je te fais confiance bien sûr, mais c'est en moi que je n'ai pas confiance, et j'avais peur de mettre le souk dans mon ordi et de ne pas savoir comment réagir ensuite. Je ferais ce que tu m'as dit ce soir, et en plus, j'aurais appris des choses.

Est ce qu'il un site en particulier où j'aurais pu prendre tous ces virus ? {#}

je ne me promène que très rarement sur des sites inconnus, et ce sont souvent ceux que les pcastuciens donnent en lien...

y a t'il des outils que je peux télécharger pour éviter leur retour ?

voilà tous les doutes que j'ai en tête mais ça ne vient pas de toi bien sûr.

chrifleur
 Posté le 27/10/2011 à 14:39 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

un site en particulier pas vraiment, il suffit qu'en installant un logiciel tu aies accepté par inadvertance une toolbar proposée, et elle t'a infectée...

pour le rogue, c'est souvent un logiciel soit disant gratuit qui te force ensuite à l'acheter.. et qui installe d'autres choses..

j'ai vu que tu avais ad aware et spybot qui sont à mon avis, obsolètes désormais!!

je conseille malwarebytes qui est de loin bien plus performant, mais attention il ne fait pas tout lui aussi!

tu peux bien evidemment conserver ZHPDiag et faire vérifier de temps en temps que ton Pc est propre...

cocoadsl
 Posté le 27/10/2011 à 15:57 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucienne

je pensais avoir désinstallé ad-aware et spybot depuis longtemps, il reste des traces ?

chrifleur
 Posté le 27/10/2011 à 16:42 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

oui il en reste..

si tu veux on regardera en fin comment les enlever définitivement

cocoadsl
 Posté le 27/10/2011 à 18:57 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucienne

oui je veux bien merci

voici le rapport OTL une fois la rectification faite :

All processes killed
Error: Unable to interpret <Instructions :> in the current context!
========== OTL ==========
C:\Documents and Settings\All Users\Application Data\118300.34 moved successfully.
C:\Documents and Settings\Corine\Application Data\inst.exe moved successfully.
C:\WINDOWS\aucfg.ini moved successfully.
C:\WINDOWS\system32\_004728_.tmp.dll moved successfully.
C:\WINDOWS\system32\_004696_.tmp.dll moved successfully.
File C:\Documents and Settings\Corine\Application Data\inst.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^dcu.lnk.disabled\ deleted successfully.
File Reg Error: Value error. not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Gestionnaire de lancement d'application fax.lnk\ deleted successfully.
File Reg Error: Value error. not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^McAfee Security Scan Plus.lnk\ deleted successfully.
File C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Notification de cadeaux MSN.lnk\ deleted successfully.
C:\WINDOWS\pss\Notification de cadeaux MSN.lnkCommon Startup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de détection de support Picture Motion Browser.lnk\ deleted successfully.
File Reg Error: Value error. not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk.disabled\ deleted successfully.
File Reg Error: Value error. not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk.disabled\ deleted successfully.
File Reg Error: Value error. not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TomTom HOME.lnk\ deleted successfully.
File Reg Error: Value error. not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ctfmon.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\eMuleAutoStart\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\EPSON Stylus Photo R220 Series\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\MsnMsgr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\swg\ deleted successfully.
========== FILES ==========
File\Folder c:\Mes téléchargements\vdownloader1.23_anglais_38422.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 258 bytes
->Temporary Internet Files folder emptied: 4045973 bytes
->Flash cache emptied: 627 bytes

User: All Users

User: Corine
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 19746275 bytes
->Java cache emptied: 8147196 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1059 bytes

User: Default User
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 115616 bytes
->Temporary Internet Files folder emptied: 33438 bytes
->Flash cache emptied: 348 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 529610 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3194810 bytes
%systemroot%\System32 .tmp files removed: 118566288 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 52416218 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 347522 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 198,00 mb


[EMPTYFLASH]

User: Administrateur
->Flash cache emptied: 0 bytes

User: All Users

User: Corine
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 10272011_185259

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Corine\Local Settings\Temp\Mutuelle not found!
File\Folder C:\Documents and Settings\Corine\Local Settings\Temp\~DF5F75.tmp not found!
File\Folder C:\Documents and Settings\Corine\Local Settings\Temp\~DFFDA8.tmp not found!
C:\Documents and Settings\Corine\Local Settings\Temporary Internet Files\Content.IE5\XTFQDJ34\ads[7].htm moved successfully.
C:\Documents and Settings\Corine\Local Settings\Temporary Internet Files\Content.IE5\QNWTAUPJ\ads[6].htm moved successfully.
C:\Documents and Settings\Corine\Local Settings\Temporary Internet Files\Content.IE5\G39FILM4\ads[6].htm moved successfully.
C:\Documents and Settings\Corine\Local Settings\Temporary Internet Files\Content.IE5\CWPMSU12\ads[10].htm moved successfully.
C:\Documents and Settings\Corine\Local Settings\Temporary Internet Files\Content.IE5\CWPMSU12\ads[9].htm moved successfully.
C:\Documents and Settings\Corine\Local Settings\Temporary Internet Files\Content.IE5\CWPMSU12\pouvez_vous_regarder_mon_rapport_rsit_svp-f25s61528[2].htm moved successfully.
C:\Documents and Settings\Corine\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

Publicité
chrifleur
 Posté le 27/10/2011 à 20:10 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

as tu encore des alertes ?

cocoadsl
 Posté le 27/10/2011 à 20:43 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucienne

voici le log.txt de ESET ONLINE

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1b2b9cd521d6624b9c28a39c6a6389c2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-27 06:41:23
# local_time=2011-10-27 08:41:23 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 341471 341471 0 0
# compatibility_mode=769 16774142 0 2 121522875 121522875 0 0
# compatibility_mode=1797 16775141 100 93 83743 53898337 76326 0
# compatibility_mode=3073 16777213 80 71 540148 1725710 0 0
# compatibility_mode=8192 67108863 100 0 246 246 0 0
# scanned=84778
# found=1
# cleaned=0
# scan_time=5598
C:\Documents and Settings\Corine\Mes documents\webinstaller(gravureDVD).exe multiple threats (unable to clean) 00000000000000000000000000000000 I

cocoadsl
 Posté le 27/10/2011 à 20:47 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucienne

euh...des alertes comment ?

ce qui a changé : rien de visible en tout cas.

et mon ordi ne rame plus.

et j'ai encore ça : l'exécution d'un module complémentaire..... c'est quoi ?



Modifié par cocoadsl le 27/10/2011 20:51
chrifleur
 Posté le 28/10/2011 à 20:42 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

j'ai fait remettre les paramètres à 0 pour inernet et c'est suremet à cause de cela que tu as cette alarme..

si tout va bien maintenant,

1/

  • Ouvre ZHPFix dans C:\Program files\ZHPDiag
  • Clique sur ces boutons pour supprimer tous les éléments de la quarantaine et pour supprimer les outils utilisés :

.
2/
Tu peux par contre, garderMalwarebytes'Anti-malware et CCleaner. Utilise CCleaner tous les soirs avant de couper le PC (ne prends que quelques secondes!).

N'oublie pas de vacicner tes clés USB, disques durs externes etc...

Cela permet d'éviter un certain nombre d'infections utilisant ce moyen pour se propager.

Tu peux lire cet article qui explique les risques d'infections par supports amovibles.
Tu peux télécharger USBSet de Loup Blanc. Voici un tuto pour configurer correctement l'outil préventif. Comment c'est le cas pour tout vaccin, il n'évitera pas toutes les infections par ce type de support mais permet de réduire le facteur de risques en configurant correctement la machine et la clé.

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.


3/ J'aimerais que tu fasses une petite chose pour moi; modifie le titre de ton sujet. Comme on connait l'infection,
je te propose de le modifier afin de faciliter la lecture et la recherche, pour tous les autres astuciens/nes.

Replace-toi sur ton premier message du sujet, clique sur ce bouton -> et modifie ton titre de cette manière :
infection rogue et Trojan:Win32/Agent.BI

et clique sur "Publier le message". Merci!


.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
4/

Il est fortement recommandé d'avoir tous ses logiciels de sécurité à jour, afin d'éviter les failles par lesquelles s'engouffrent les infections.
Cela englobe les mises à jour de windows, du navigateur, de Java, des lecteurs pdf, et notamment reader.

Pour Java, il est possible d'utiliser Javara. Cela permet d'installer la dernière version De Java et d'effacer les anciennes versions.

Pour le lecteur pdf, on peut utiliser des lecteurs alternatifs plus légers, comme Sumatra pdf, à la place de reader.

Pour tester les vulnérabilités et les logiciels non à jour, il est possible de se rendre sur le site de Secunia et de faire une analyse de la machine.

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
5/

/!\ Maintenant que ton PC n'est plus infecté, désactive la "Restauration du système" afin de créer un point de restauration sain.

Pour désactiver ou activer la Restauration du système, tu dois ouvrir une session Administrateur sous Windows XP.

Désactivation :
Clique droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > coche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer et Ok.

Ré-activation :
Suivre le même chemin ; décoche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer et Ok. Redémarre l'ordinateur.

Comment faire pour désactiver la Restauration du système sous XP

Vider les points de Restauration système sous Vista

Activerou désactiver la Restauration du système sous Windows 7

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

6/ Il est très important d'adopter un logiciel permettant de créer des images de son système. En cas de gros plantage, de défaillance matérielle, d'infection incurable, on peut ainsi en quelques minutes remettre sa machine sur pied à partir d'un CD de démarrage spécialement conçu à cet effet. On peut alors conserver une image disque sur sa machine et sur un support extérieur (Disque dur externe). Il existe des solutions commerciales payantes de qualité (Acronis true type, Ghost, Paragon), mais aussi des versions bridées gratuites de ces outils.

Voici DiskWizard, qui est une version bridée gratuite du logiciel Acronis. Elle s'utilise pour les disques de marque Seagate.
Téléchargement : Diskwizard
Tuto : Diskwizard

Pour les disques Western Digital :
Téléchargement : Acronis True Image WD Edition
Tuto : Acronis True Image WD Edition

Pour les disques Maxtor :
Téléchargement : Maxblast
Tuto : Maxblast

Le programme Macrium permet lui aussi de créer des images disques. Un tuto présenté sur cette page.
Il y a aussi DriveImage, qui offre des fonctionnalités intéressantes. Voici un tuto bien sur le site libellule.
Enfin, on peut aussi citer Drive Backup 9 free edition.

Pour windows7, il y a l'outil natif intégré à cette architecture qui est décrit ici.

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

/!\ Pour améliorer la sécurité de ton PC, prends quelques instants pour lire...

Sécuriser son PC +WIFI (versions "hot" & "light") : https://forum.pcastuces.com/sujet.asp?f=25&s=25892

Prévention et protection - Comment vous prémunir : https://forum.pcastuces.com/sujet.asp?f=25&s=36131

Les risques sécuritaires du peer-to-peer en 10 points : http://www.libellules.ch/phpBB2/les-risques-securitaires-du-peer-to-peer-en-10-points-t28947.html

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

S'il te plait, note ton sujet [Résolu] en cliquant sur Marquer comme résolu, à gauche, en bas de la page ou

dans la barre de titre de ton sujet. Merci !

Prudence sur Internet et parle de PC Astuces autour de toi!

Bon surf et sois prudent !

cocoadsl
 Posté le 29/10/2011 à 14:55 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucienne

je trouve pas ce ZHP dont tu me parles dans C:/

chrifleur
 Posté le 30/10/2011 à 08:43 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

il est encore sutr ton Bureau?

c'est le même, c'est ZHPFix, je vais changer mon canned..

bon w e, je ne reviens pas avant demain, j'ai mes petits enfants à la maison et je vais en profiter car je les vois peu {#}

{#}

cocoadsl
 Posté le 30/10/2011 à 09:31 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucienne

je ne comprends pas, sur mon bureau, il y a OTL.EXE et RSIT.EXE c'est l'un de ces 2 là ?

chrifleur
 Posté le 30/10/2011 à 10:12 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

non

autant pour moi! {#}oublie ZHPFix, je ne te l'ai pas fait utiliser, mais comme c'est mon outil de prédilection, je n'y ai ,pas pensé! je te présente mes excuses pour cela {#}

relance OTL et clique sur "purge outil", cela supprimera tous les outils utilisés, comme le fait aussi ZHP...

cocoadsl
 Posté le 30/10/2011 à 12:20 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucienne

ah ! bon ! ça me rassure, je pensais être vraiment nulle

ok c'est fait.

merci à toi.

Une dernière question : j'ai sauvegardé le disque C:/ sur un disque dur externe, comment dois-je procéder pour l'examiner lui aussi et voir si le virus n'est pas là aussi ?



Modifié par cocoadsl le 30/10/2011 13:33
Publicité
Pages : [1] 2 ... Fin
Page 1 sur 2 [Fin]

Vous devez être connecté pour poster des messages. Cliquez ici pour vous identifier.

Vous n'avez pas de compte ? Créez-en un gratuitement !


Sujets relatifs
Infection par win32.Banker.fs Trojan.Spy.Agent.DA
infection: trojan-proxy.win32.agent.kj
Infection par trojan Ramsom.win32.foreign.ecma
trojan downloader.win32.agent!E2
Trojan.agent/GenFake-MSN - Rogue.component/Trace
Trojan.Agent & Rogue.Multiple
Infection Win32.FraudLoad / Win32.Agent.ieu
Trojan win32.agent.fbx dangereux?
infection par Trojan:Win32/Lodap!rts
Trojan win32.agent.bkr
Plus de sujets relatifs à infection rogue et Trojan:Win32/Agent.BI
 > Tous les forums > Forum Sécurité