> Tous les forums > Forum Sécurité
 spyware agent, divers adwaresSujet résolu
Ajouter un message à la discussion
Pages : [1] 2 3 4 5 ... Fin
Page 1 sur 5 [Fin]
staivys227
  Posté le 11/04/2011 @ 20:21 
Aller en bas de la page 
Petit astucien

bonsoir

depuis quelque temps naviguer sur la toile devient une horreur

En effet des que j ouvre explorer tres souvent une page advertise here vient se loger devant mon nez

ou bien une pub

Comment dois je procéder pour enlever cela?

Merci



Modifié par staivys227 le 20/04/2011 20:16
Publicité
Fill
 Posté le 11/04/2011 à 20:28 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Bonjour,

  • Télécharge OTL (de Old_Timer) sur ton bureau,
  • Double-clique sur son icône pour le démarrer. Si tu es sous Vista ou 7, démarre par clic droit, exécuter en tant qu'administrateur. Assure toi d'avoir fermé le maximum de fenêtres ouvertes, avant ce qui suit.
  • Coche la case "Tous les utilisateurs",
  • Sous l'emplacement "Personnalisation", copie colle le contenu ce qui suit :

CREATERESTOREPOINT

netsvcs
drivers32
SAVEMBR:0
%SYSTEMDRIVE%\*.exe
%APPDATA%\*.exe
/md5start
explorer.exe
winlogon.exe
wininit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

  • Clique ensuite sur le bouton "Analyse" puis patiente pour que l'outil analyse le pc. Cela peut durer quelques minutes, selon l'état du système.
  • A la fin de l'analyse, la fenêtre du bloc-note s'ouvre. Elle s'appelle OTL.txt
  • Copie-colle ce texte dans ta prochaine réponse. Si un message d'erreur apparait, c'est parce que le rapport est trop long. Il faut alors l'éditer en plusieurs messages sans rien oublier.
  • Pour sélectionner le texte : CTRL+A
  • Pour copier le texte sélectionné : CTRL+C,
  • Pour coller le texte dans ta prochaine réponse : CRTL+V

Fill

Fill
 Posté le 14/04/2011 à 23:44 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Salut,

Où en es-tu ? Sans retour, je laisse tomber.

Fill

staivys227
 Posté le 17/04/2011 à 12:17 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Désolé je n 'ai pas eu le temps de m en occuper

Voila je mis met de suite

Merci

staivys227
 Posté le 17/04/2011 à 13:07 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

OTL logfile created on: 17/04/2011 12:54:39 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 022,00 Mb Total Physical Memory | 409,00 Mb Available Physical Memory | 40,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116,51 Gb Total Space | 47,28 Gb Free Space | 40,58% Space Free | Partition Type: NTFS
Drive D: | 108,18 Gb Total Space | 106,10 Gb Free Space | 98,07% Space Free | Partition Type: NTFS
Drive E: | 8,19 Gb Total Space | 5,97 Gb Free Space | 72,95% Space Free | Partition Type: FAT32

Computer Name: RABUEL-0CBE03B3 | User Name: fred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011/04/17 12:53:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\OTL.exe
PRC - [2010/10/29 15:49:28 | 000,249,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/28 22:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/13 13:54:52 | 004,574,208 | ---- | M] (Shareaza Development Team) -- C:\Program Files\Shareaza\Shareaza.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/10/15 10:53:54 | 000,959,808 | ---- | M] (SFR) -- C:\Program Files\SFR\Kit\9props.exe
PRC - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/09/19 08:52:04 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008/06/09 10:21:58 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
PRC - [2008/06/03 08:02:34 | 000,119,808 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/18 16:10:32 | 000,271,360 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2007/05/29 10:41:22 | 000,721,408 | ---- | M] (Hercules) -- C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe
PRC - [2006/07/17 15:36:18 | 000,684,032 | ---- | M] (VIA Technologies, Inc.) -- C:\Program Files\VIAudioi\HDADeck\HDeck.exe
PRC - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/06/23 20:33:00 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
PRC - [1999/08/06 09:53:00 | 000,053,317 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2011/04/17 12:53:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\OTL.exe
MOD - [2010/08/23 18:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- -- (getPlus(R) Helper) getPlus(R)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/06/09 10:21:58 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010/10/29 11:32:56 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/02/11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 20:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2007/05/02 12:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007/05/02 12:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007/05/02 12:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007/02/22 12:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/02/22 12:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007/02/22 12:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007/02/22 12:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2006/12/01 11:00:32 | 000,395,648 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/07/17 18:33:18 | 000,137,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (HdAudAddService)
DRV - [2006/03/01 19:53:54 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)
DRV - [2004/10/01 04:14:34 | 000,162,304 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sis163u.sys -- (SIS163u)
DRV - [2003/09/23 11:38:34 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-484763869-2025429265-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-484763869-2025429265-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-21-484763869-2025429265-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-484763869-2025429265-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 1B 06 F0 E5 08 CB 01 [binary data]
IE - HKU\S-1-5-21-484763869-2025429265-725345543-1004\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - File not found
IE - HKU\S-1-5-21-484763869-2025429265-725345543-1004\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\prxtbSof0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-484763869-2025429265-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]


FF - HKLM\software\mozilla\Firefox\extensions\\offerboxffx@offerbox.com: C:\Program Files\OfferBox\offerboxffx@offerbox.com

[2010/12/16 16:41:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Application Data\Mozilla\Firefox\Profiles\gu23caa9.default\extensions
[2010/12/16 16:41:41 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Application Data\Mozilla\Firefox\Profiles\gu23caa9.default\extensions\support@predictad.com
[2010/12/11 19:43:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/17 12:30:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 12:30:27 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/03/27 13:20:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Softonic_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\prxtbSof0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (netbits) - {87574835-640a-a3a2-ede2-6f90ad9e425b} - C:\WINDOWS\system32\7b12f3eb-6b93-4aa7-ac45-6f7eb6ca31b9.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\prxtbSof0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-484763869-2025429265-725345543-1004\..\Toolbar\WebBrowser: (no name) - {1660B308-BECB-4062-890D-396B2FBBC8CA} - No CLSID value found.
O3 - HKU\S-1-5-21-484763869-2025429265-725345543-1004\..\Toolbar\WebBrowser: (Softonic_France Toolbar) - {4DAAC69C-CBA7-45E2-9BC8-1044483D3352} - C:\Program Files\Softonic_France\prxtbSof0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [MedionVFD] C:\Program Files\Medion Info Display\MdionLCM.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-484763869-2025429265-725345543-1004..\Run: [Connexion SFR 9props.exe] C:\Program Files\SFR\Kit\9props.exe (SFR)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\WiFi Station pour Livebox.lnk = C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe (Hercules)
O4 - Startup: C:\Documents and Settings\fred.RABUEL-0CBE03B3\Menu Démarrer\Programmes\Démarrage\binternet.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-484763869-2025429265-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-484763869-2025429265-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-484763869-2025429265-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-484763869-2025429265-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} www.adobe.com/products/acrobat/nos/gp.cab">www.adobe.com/products/acrobat/nos/gp.cab" target="_blank">http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\fred.RABUEL-0CBE03B3\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\fred.RABUEL-0CBE03B3\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/04/17 12:52:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\OTL.exe
[2011/04/11 20:29:26 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2011/04/11 20:11:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Application Data\Uniblue
[2011/04/11 20:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/04/11 20:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Local Settings\Application Data\PackageAware
[2011/03/27 14:21:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/27 13:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Application Data\PriceGong
[2011/03/27 13:10:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/27 13:00:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/27 13:00:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/27 13:00:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/27 13:00:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/27 13:00:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/27 12:59:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/18 19:23:28 | 461,585,426 | ---- | C] (Macrovision Corporation) -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\Caesar4_Demo_fr.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/04/17 12:55:47 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/04/17 12:53:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\OTL.exe
[2011/04/17 12:48:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/17 12:48:47 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-484763869-2025429265-725345543-1004.job
[2011/04/17 12:48:45 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-484763869-2025429265-725345543-1048.job
[2011/04/17 12:48:45 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-484763869-2025429265-725345543-1047.job
[2011/04/17 12:48:45 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-484763869-2025429265-725345543-1042.job
[2011/04/17 12:48:45 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-484763869-2025429265-725345543-1041.job
[2011/04/17 12:48:45 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-484763869-2025429265-725345543-1018.job
[2011/04/17 12:46:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/17 11:18:43 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{92B5266E-C85D-453D-8ADB-A4AE061C9405}.job
[2011/04/17 00:34:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-2025429265-725345543-1004.job
[2011/04/16 22:11:02 | 000,000,325 | ---- | M] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\Étiquette de danger des substances chimiques - Wikipédia.url
[2011/04/16 22:05:14 | 000,000,248 | ---- | M] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\Hygiène au travail.url
[2011/04/16 15:42:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-2025429265-725345543-1018.job
[2011/04/15 16:41:28 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/15 16:41:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-2025429265-725345543-1048.job
[2011/04/15 15:19:42 | 000,263,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 05:34:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/15 05:33:58 | 000,500,482 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2011/04/15 05:33:58 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 05:33:58 | 000,080,508 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2011/04/15 05:33:58 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/12 17:49:41 | 000,049,168 | ---- | M] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\gama fred avril 2011.png
[2011/04/11 20:32:04 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin
[2011/04/11 20:09:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-2025429265-725345543-1042.job
[2011/04/11 20:06:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/11 18:53:01 | 000,000,485 | ---- | M] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\Comment lire les sigles et les logos - Les signes de danger des produits ménagers et du bricolage.url
[2011/04/11 15:51:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-2025429265-725345543-1041.job
[2011/04/10 17:31:51 | 000,000,356 | ---- | M] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\Fiches de métiers.url
[2011/04/10 17:30:44 | 000,113,782 | ---- | M] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\FP-Restauration-collective.pdf
[2011/04/10 17:16:24 | 000,000,315 | ---- | M] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\logos produits dangereux - Recherche Google (2).url
[2011/04/10 17:14:28 | 000,000,494 | ---- | M] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\logos produits dangereux - Recherche Google.url
[2011/04/10 17:08:11 | 000,064,248 | ---- | M] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\B_Produits.pdf
[2011/04/10 16:53:59 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\ACMO (Agent Chargé de la Mise en Ouvre des règles d’hygiène et de sécurité).url
[2011/04/10 16:52:25 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\L'ENTRETIEN MENAGER SANS PRODUITS NI DECHETS DANGEREUX - RAPPORT ....url
[2011/04/10 10:41:49 | 000,025,268 | ---- | M] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\notification trasport mike 2013.png
[2011/04/10 10:40:19 | 000,046,958 | ---- | M] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\attestation aeeh2013.png
[2011/04/10 08:58:10 | 000,034,299 | ---- | M] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\rib poste.png
[2011/04/02 19:14:20 | 000,153,250 | ---- | M] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\CNFPT - Espace Pro agents Les catalogues de formation Magasinage et flux tendus en restauration collective.mht
[2011/04/02 16:37:23 | 000,028,823 | ---- | M] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\compte-rendu-mike 01.png
[2011/04/02 16:36:27 | 000,067,938 | ---- | M] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\compte-rendu-mike.png
[2011/04/02 16:31:42 | 000,008,147 | ---- | M] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\attestation caf mars 2011.pdf
[2011/03/27 13:20:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/27 13:10:28 | 000,000,332 | RHS- | M] () -- C:\boot.ini
[2011/03/23 18:06:53 | 000,038,237 | ---- | M] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\cadastre2.png
[2011/03/23 18:05:27 | 000,032,042 | ---- | M] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\cadastre1.png
[2011/03/23 18:04:19 | 000,053,084 | ---- | M] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\courrier 23 mars 2011 Maitre Sabine Martin.png
[2011/03/20 11:22:50 | 000,018,810 | ---- | M] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\devis velo mike2.png
[2011/03/20 11:21:48 | 000,028,675 | ---- | M] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\devis velo mike.png
[2011/03/18 19:38:38 | 002,207,232 | ---- | M] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\cevosetup.exe
[2011/03/18 19:29:17 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Démo de Caesar IV.lnk
[2011/03/18 19:27:36 | 461,585,426 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\Caesar4_Demo_fr.exe
[2011/03/18 18:56:26 | 000,000,374 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/04/17 12:55:47 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/04/12 17:49:17 | 000,049,168 | ---- | C] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\gama fred avril 2011.png
[2011/04/11 20:32:04 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin
[2011/04/10 17:31:51 | 000,000,356 | ---- | C] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\Fiches de métiers.url
[2011/04/10 17:30:44 | 000,113,782 | ---- | C] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\FP-Restauration-collective.pdf
[2011/04/10 17:23:42 | 000,000,248 | ---- | C] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\Hygiène au travail.url
[2011/04/10 17:16:24 | 000,000,315 | ---- | C] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\logos produits dangereux - Recherche Google (2).url
[2011/04/10 17:15:18 | 000,000,325 | ---- | C] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\Étiquette de danger des substances chimiques - Wikipédia.url
[2011/04/10 17:14:28 | 000,000,494 | ---- | C] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\logos produits dangereux - Recherche Google.url
[2011/04/10 17:08:11 | 000,064,248 | ---- | C] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\B_Produits.pdf
[2011/04/10 17:02:25 | 000,000,485 | ---- | C] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\Comment lire les sigles et les logos - Les signes de danger des produits ménagers et du bricolage.url
[2011/04/10 16:53:59 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\ACMO (Agent Chargé de la Mise en Ouvre des règles d’hygiène et de sécurité).url
[2011/04/10 16:52:25 | 000,000,276 | ---- | C] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\L'ENTRETIEN MENAGER SANS PRODUITS NI DECHETS DANGEREUX - RAPPORT ....url
[2011/04/10 10:41:32 | 000,025,268 | ---- | C] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\notification trasport mike 2013.png
[2011/04/10 10:39:55 | 000,046,958 | ---- | C] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\attestation aeeh2013.png
[2011/04/10 08:57:44 | 000,034,299 | ---- | C] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\rib poste.png
[2011/04/02 19:14:19 | 000,153,250 | ---- | C] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\CNFPT - Espace Pro agents Les catalogues de formation Magasinage et flux tendus en restauration collective.mht
[2011/04/02 16:37:06 | 000,028,823 | ---- | C] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\compte-rendu-mike 01.png
[2011/04/02 16:36:07 | 000,067,938 | ---- | C] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\compte-rendu-mike.png
[2011/04/02 16:31:42 | 000,008,147 | ---- | C] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\attestation caf mars 2011.pdf
[2011/03/27 13:10:28 | 000,000,216 | ---- | C] () -- C:\Boot.bak
[2011/03/27 13:10:26 | 000,263,488 | RHS- | C] () -- C:\cmldr
[2011/03/27 13:00:19 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/27 13:00:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/27 13:00:19 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/27 13:00:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/27 13:00:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/23 18:06:36 | 000,038,237 | ---- | C] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\cadastre2.png
[2011/03/23 18:05:10 | 000,032,042 | ---- | C] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\cadastre1.png
[2011/03/23 18:03:55 | 000,053,084 | ---- | C] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\courrier 23 mars 2011 Maitre Sabine Martin.png
[2011/03/20 11:22:33 | 000,018,810 | ---- | C] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\devis velo mike2.png
[2011/03/20 11:21:24 | 000,028,675 | ---- | C] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\devis velo mike.png
[2011/03/18 19:38:37 | 002,207,232 | ---- | C] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Bureau\cevosetup.exe
[2011/03/18 19:29:17 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Démo de Caesar IV.lnk
[2010/10/29 12:33:10 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2010/10/20 12:16:00 | 002,525,696 | ---- | C] () -- C:\WINDOWS\System32\7b12f3eb-6b93-4aa7-ac45-6f7eb6ca31b9.dll
[2010/10/17 19:04:31 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/08/28 16:38:37 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/07/17 12:15:20 | 000,217,180 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/07/17 12:15:18 | 000,217,180 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/07/17 12:15:18 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/07/17 12:14:50 | 002,186,342 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/07/17 12:01:15 | 000,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/05/14 20:50:56 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt2661.bin
[2010/05/14 20:50:56 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt2561s.bin
[2010/05/14 20:50:56 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt2561.bin
[2010/03/21 16:26:29 | 000,122,410 | ---- | C] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Application Data\NMM-MetaData.db
[2009/03/20 20:05:23 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/18 18:51:14 | 000,049,132 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/11/26 20:30:36 | 000,000,021 | ---- | C] () -- C:\WINDOWS\kit.ini
[2008/11/08 15:22:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LauncherAccess.dt
[2008/07/15 23:00:29 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SystemInfo32.sys
[2008/06/16 02:50:21 | 000,278,528 | ---- | C] () -- C:\Program Files\Fichiers communs\FDEUnInstaller.exe
[2008/03/24 16:53:26 | 000,127,601 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2008/03/24 16:53:26 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2008/03/24 16:33:07 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/02/25 03:09:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\swunilog.ini
[2008/02/23 11:38:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/23 11:33:05 | 000,000,374 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/01/19 20:14:21 | 000,000,030 | ---- | C] () -- C:\WINDOWS\mscpt.dat
[2007/10/24 21:11:51 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\RGHlpr.dll
[2007/10/24 20:44:53 | 000,000,464 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini
[2007/10/24 20:39:24 | 000,018,432 | ---- | C] () -- C:\WINDOWS\ss3unstl.exe
[2007/09/11 20:49:13 | 000,000,094 | ---- | C] () -- C:\WINDOWS\Wireless.ini
[2007/09/10 21:46:59 | 000,139,331 | ---- | C] () -- C:\WINDOWS\System32\AVS.dll
[2007/09/10 21:46:59 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\AVSReub.exe
[2007/09/10 21:46:59 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\AVSTabla.dll
[2007/06/30 14:09:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/06/30 14:09:23 | 000,002,956 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/06/29 08:44:01 | 000,225,280 | ---- | C] () -- C:\WINDOWS\OptChecker.exe
[2007/06/24 15:01:12 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/06/24 14:59:02 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2007/06/09 14:36:25 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/06 11:43:55 | 000,091,136 | ---- | C] () -- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/13 20:46:48 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/05/13 19:02:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/05/13 18:57:54 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/05/13 01:47:05 | 000,263,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/03/30 00:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006/03/02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/02 14:00:00 | 000,500,482 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2006/03/02 14:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/02 14:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2006/03/02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/02 14:00:00 | 000,080,508 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2006/03/02 14:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/02 14:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2006/03/02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/02 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/09/04 15:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/09/04 15:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/07 04:00:00 | 000,003,279 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[2001/03/14 06:00:00 | 000,509,440 | ---- | C] () -- C:\WINDOWS\System32\E_DPUI03.DLL
[2000/09/14 04:03:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2000/08/09 08:10:00 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\EPIPPJ50.DLL
[2000/02/16 02:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\UniClear.exe
[1999/01/22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#A23BEC]< %APPDATA%\*.exe >[/color]


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2006/03/02 14:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/06 20:33:19 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/06 20:33:19 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2006/03/02 14:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/06 20:33:19 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/06 20:33:19 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/03/02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2006/03/02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2006/03/02 14:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007/06/13 15:10:53 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=B795475444D6D57A572C14B9E1A29839 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 15:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[color=#A23BEC]< MD5 for: IASTOR.SYS >[/color]
[2005/10/12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\OEMDRV\iastor.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2006/03/02 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[color=#A23BEC]< MD5 for: NVATABUS.SYS >[/color]
[2005/02/12 02:11:02 | 000,089,856 | ---- | M] (NVIDIA Corporation) MD5=83F0275A21D9772B51CEF57E35AFAE61 -- C:\WINDOWS\OEMDRV\nvatabus.sys

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2006/03/02 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

[color=#A23BEC]< MD5 for: VIAMRAID.SYS >[/color]
[2004/05/18 16:55:26 | 000,074,112 | ---- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\WINDOWS\OEMDRV\viamraid.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2006/03/02 14:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2011/02/23 01:05:47 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[2011/03/04 08:36:19 | 000,420,864 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\vbscript.dll
[16 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\fred.RABUEL-0CBE03B3\Mes documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\fred.RABUEL-0CBE03B3\Mes documents\shaeraza_complet:Shareaza.GUID
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D158BAF9
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:93E9C78D

< End of report >

staivys227
 Posté le 17/04/2011 à 13:08 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Voila , désolé pour le retard

Merci de ton aide

staivys227
 Posté le 17/04/2011 à 14:33 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Allo

Quelqu un pour m aider svp?

Merci d avance

Fill
 Posté le 17/04/2011 à 19:39 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

staivys227 a écrit :

Allo

Quelqu un pour m aider svp?

Merci d avance

Re,

Tu as attendu quelques jours. Tu n'es plus à quelques heures près il me semble. Je regarde cela aujourd'hui ou demain.

Fill

staivys227
 Posté le 17/04/2011 à 20:31 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

ok merci

Si j ai attendu quelque jours c'est que je n'ai pas pu traiter ma demande avant..;ça arrive..;non?

Merci d avance pour ta patience

Publicité
staivys227
 Posté le 17/04/2011 à 22:13 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

entre temps j ai intalle spyboot il a trouvé des fichiers suspects .Puis mon pc ramait alors je l ai desinstallé ...J ai eu mon soucis de nouveau mais bien moins souvent qu auparavant, et mon pc est lent en ce qui concerna l ouverture des pages web, dois je faire un nouveau rapport?

Merci

Fill
 Posté le 17/04/2011 à 22:27 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Re,

1/ Tu as utilisé le 27 mars Combofix. Es-tu suivi sur un autre forum ?

Peux-tu éditer le rapport C:\ComboFix.txt

2/

  • Télécharge Ad Remover d'El Desaparecido , C_XX & Chimay8 sur ton Bureau. Autre lien de téléchargement possible.
  • Double-clique sur l'outil pour l'exécuter (Sous Vista ou windows 7, il faut faire un clic droit et l'exécuter en tant qu'administrateur),
  • Lance la recherche et édite le rapport généré par l'outil dans ta prochaine réponse.

Fill

staivys227
 Posté le 18/04/2011 à 21:19 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

je ne me souviens pas avoir utilise combo fixe...peut etre mon fils

J'ai laissé le meme message adv here sur d autre forum hier

Mais je n ai pas de réponse et puis tu m as répondu alors si tu peux me sortir de la..;pas la peine que je fasse x manipulation

Je suis tes instruction de suite

Merci d'etre la

staivys227
 Posté le 18/04/2011 à 21:43 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Voila le rapport

il rame grave mon ordi maintenant et a chaque démarrage il lance scan disk

***** THE SYSTEM HAS BEEN RESTARTED *****
18/04/2011 21:36:07: Trojan Remover has been restarted
=======================================================
Removing the following registry keys:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0} - already removed (or did not exist)
HKCR\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0} - already removed (or did not exist)
=======================================================
18/04/2011 21:36:07: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.2.2598. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 21:33:19 18 avr. 2011
Using Database v7687
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\fred.RABUEL-0CBE03B3\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users.WINDOWS\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\fred.RABUEL-0CBE03B3\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
21:33:19: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
21:33:20: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 02/03/2006 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 02/03/2006 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 02/03/2006 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: MedionVFD
Value Data: "C:\Program Files\Medion Info Display\MdionLCM.exe"
C:\Program Files\Medion Info Display\MdionLCM.exe
184320 bytes
Created: 17/04/2006 16:04
Modified: 17/04/2006 16:04
Company: Dritek System Inc.
--------------------
Value Name: HDAudDeck
Value Data: C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1
C:\Program Files\VIAudioi\HDADeck\HDeck.exe
684032 bytes
Created: 09/06/2007 11:21
Modified: 17/07/2006 15:36
Company: VIA Technologies, Inc.
--------------------
Value Name: Adobe Photo Downloader
Value Data: "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
57344 bytes
Created: 23/06/2005 20:33
Modified: 23/06/2005 20:33
Company: Adobe Systems Incorporated
--------------------
Value Name: PCSuiteTrayApplication
Value Data: C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
271360 bytes
Created: 18/06/2007 16:10
Modified: 18/06/2007 16:10
Company: Nokia
--------------------
Value Name: avast5
Value Data: C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
2837864 bytes
Created: 12/06/2010 10:28
Modified: 28/06/2010 22:57
Company: AVAST Software
--------------------
Value Name: TkBellExe
Value Data: "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
202256 bytes
Created: 17/07/2010 11:59
Modified: 17/07/2010 11:59
Company: RealNetworks, Inc.
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
110696 bytes
Created: 07/06/2010 17:34
Modified: 07/06/2010 17:34
Company: NVIDIA Corporation
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
13902440 bytes
Created: 07/06/2010 17:34
Modified: 07/06/2010 17:34
Company: NVIDIA Corporation
--------------------
Value Name: AppleSyncNotifier
Value Data: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe
47904 bytes
Created: 13/07/2010 15:10
Modified: 13/07/2010 15:10
Company: Apple Inc.
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\qttask.exe" -atboottime
C:\Program Files\QuickTime\qttask.exe
421888 bytes
Created: 08/09/2010 11:17
Modified: 08/09/2010 11:17
Company: Apple Inc.
--------------------
Value Name: iTunesHelper
Value Data: "C:\Program Files\iTunes\iTunesHelper.exe"
C:\Program Files\iTunes\iTunesHelper.exe
421160 bytes
Created: 24/09/2010 02:10
Modified: 24/09/2010 02:10
Company: Apple Inc.
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
35736 bytes
Created: 30/01/2011 17:45
Modified: 30/01/2011 17:45
Company: Adobe Systems Incorporated
--------------------
Value Name: Adobe ARM
Value Data: "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
932288 bytes
Created: 10/11/2010 13:49
Modified: 10/11/2010 13:49
Company: Adobe Systems Incorporated
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
249064 bytes
Created: 29/10/2010 15:49
Modified: 29/10/2010 15:49
Company: Sun Microsystems, Inc.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1233856 bytes
Created: 18/04/2011 21:32
Modified: 24/11/2010 15:26
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: Connexion SFR 9props.exe
Value Data: "C:\Program Files\SFR\Kit\9props.exe" /trayicon
C:\Program Files\SFR\Kit\9props.exe
959808 bytes
Created: 15/10/2009 10:53
Modified: 15/10/2009 10:53
Company: SFR
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 02/03/2006 14:00
Modified: 14/04/2008 04:33
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
21:33:25: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
21:33:25: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
21:33:26: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\sspipes.scr
C:\WINDOWS\system32\sspipes.scr
610304 bytes
Created: 02/03/2006 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
--------------------

************************************************************
21:33:26: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {10880D85-AAD9-4558-ABDC-2AB1552D831F}
Path: "C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe
451872 bytes
Created: 09/06/2008 10:14
Modified: 09/06/2008 10:14
Company: Hewlett-Packard Company
----------

************************************************************
21:33:26: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: 6to4
Path: %SystemRoot%\System32\6to4svc.dll
C:\WINDOWS\System32\6to4svc.dll
100864 bytes
Created: 02/03/2006 14:00
Modified: 12/02/2010 06:34
Company: Microsoft Corporation
--------------------
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: srservice
Path: %SystemRoot%\system32\srsvc.dll
C:\WINDOWS\system32\srsvc.dll
171520 bytes
Created: 13/05/2007 18:58
Modified: 14/04/2008 04:33
Company: Microsoft Corporation
--------------------

************************************************************
21:33:27: Scanning ----- SERVICES REGISTRY KEYS -----
Key: Apple Mobile Device
ImagePath: "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
144672 bytes
Created: 13/08/2010 12:58
Modified: 13/08/2010 12:58
Company: Apple Inc.
----------
Key: atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created: 02/03/2006 14:00
Modified: 13/04/2008 20:40
Company: Microsoft Corporation
----------
Key: avast! Antivirus
ImagePath: "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
40384 bytes
Created: 12/06/2010 10:28
Modified: 28/06/2010 22:57
Company: AVAST Software
----------
Key: avast! Mail Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
40384 bytes
Created: 12/06/2010 10:28
Modified: 28/06/2010 22:57
Company: AVAST Software
----------
Key: avast! Web Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
40384 bytes
Created: 12/06/2010 10:28
Modified: 28/06/2010 22:57
Company: AVAST Software
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\FRED~1.RAB\LOCALS~1\Temp\catchme.sys - this file is globally excluded
----------
Key: cscpage.exe
ImagePath: "C:\WINDOWS\system32\cscpage.exe" /s /p 27016
C:\WINDOWS\system32\cscpage.exe
1769430 bytes
Created: 17/04/2011 14:58
Modified: 17/04/2011 14:57
Company: Microsoft Corporation
----------
Key: getPlus(R) Helper
ImagePath: C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
C:\Program Files\NOS\bin\getPlus_HelperSvc.exe - [file not found to scan]
----------
Key: HdAudAddService
ImagePath: system32\drivers\viahduaa.sys
C:\WINDOWS\system32\drivers\viahduaa.sys
137216 bytes
Created: 25/07/2006 09:34
Modified: 17/07/2006 18:33
Company: VIA Technologies, Inc.
----------
Key: HPZid412
ImagePath: system32\DRIVERS\HPZid412.sys
C:\WINDOWS\system32\DRIVERS\HPZid412.sys
-R- 49664 bytes
Created: 24/03/2008 16:33
Modified: 13/04/2006 02:04
Company: HP
----------
Key: HPZipr12
ImagePath: system32\DRIVERS\HPZipr12.sys
C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
-R- 16496 bytes
Created: 24/03/2008 16:33
Modified: 13/04/2006 02:04
Company: HP
----------
Key: HPZius12
ImagePath: system32\DRIVERS\HPZius12.sys
C:\WINDOWS\system32\DRIVERS\HPZius12.sys
-R- 21568 bytes
Created: 24/03/2008 16:32
Modified: 13/04/2006 02:04
Company: HP
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 02/03/2006 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
----------
Key: LightScribeService
ImagePath: "C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
73728 bytes
Created: 09/06/2008 10:21
Modified: 09/06/2008 10:21
Company: Hewlett-Packard Company
----------
Key: NMSAccess
ImagePath: C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
71096 bytes
Created: 17/10/2010 19:04
Modified: 04/03/2010 23:38
Company: [no info]
----------
Key: nmwcdcj
ImagePath: system32\drivers\nmwcdcj.sys
C:\WINDOWS\system32\drivers\nmwcdcj.sys
12288 bytes
Created: 21/03/2010 15:52
Modified: 22/02/2007 12:15
Company: Nokia
----------
Key: nvsvc
ImagePath: C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\nvsvc32.exe
154728 bytes
Created: 07/06/2010 17:34
Modified: 07/06/2010 17:34
Company: NVIDIA Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
89136 bytes
Created: 28/07/2003 20:28
Modified: 28/07/2003 20:28
Company: Microsoft Corporation
----------
Key: PCAMPR5
ImagePath: \??\C:\WINDOWS\system32\PCAMPR5.SYS
C:\WINDOWS\system32\PCAMPR5.SYS
34688 bytes
Created: 15/06/2008 00:21
Modified: 23/09/2003 11:38
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------
Key: pccsmcfd
ImagePath: system32\DRIVERS\pccsmcfd.sys
C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
18816 bytes
Created: 12/04/2009 20:04
Modified: 26/08/2008 09:26
Company: Nokia
----------
Key: Pml Driver HPZ12
ImagePath: C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\HPZipm12.exe
69632 bytes
Created: 24/03/2008 16:34
Modified: 03/03/2006 22:03
Company: HP
----------
Key: RT73
ImagePath: system32\DRIVERS\rt73.sys
C:\WINDOWS\system32\DRIVERS\rt73.sys - [file not found to scan]
----------
Key: RTL8187B
ImagePath: system32\DRIVERS\wg111v3.sys
C:\WINDOWS\system32\DRIVERS\wg111v3.sys - [file not found to scan]
----------
Key: SeaPort
ImagePath: "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
226656 bytes
Created: 14/01/2009 17:53
Modified: 14/01/2009 17:53
Company: Microsoft Corp.
----------
Key: ServiceLayer
ImagePath: "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
620544 bytes
Created: 11/11/2008 09:38
Modified: 11/11/2008 09:38
Company: Nokia.
----------
Key: SIS163u
ImagePath: system32\DRIVERS\sis163u.sys
C:\WINDOWS\system32\DRIVERS\sis163u.sys
-R- 162304 bytes
Created: 25/02/2008 03:09
Modified: 01/10/2004 04:14
Company: SiS Corporation
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: ss_bus
ImagePath: system32\DRIVERS\ss_bus.sys
C:\WINDOWS\system32\DRIVERS\ss_bus.sys
83592 bytes
Created: 08/11/2008 15:21
Modified: 02/05/2007 12:11
Company: MCCI Corporation
----------
Key: ss_mdfl
ImagePath: system32\DRIVERS\ss_mdfl.sys
C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
15112 bytes
Created: 08/11/2008 15:21
Modified: 02/05/2007 12:11
Company: MCCI Corporation
----------
Key: ss_mdm
ImagePath: system32\DRIVERS\ss_mdm.sys
C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
109704 bytes
Created: 08/11/2008 15:21
Modified: 02/05/2007 12:11
Company: MCCI Corporation
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{22D196B6-5714-48C9-B9E1-91E6FE44B087}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 02/03/2006 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
----------
Key: Tcpip6
ImagePath: system32\DRIVERS\tcpip6.sys
C:\WINDOWS\system32\DRIVERS\tcpip6.sys
226880 bytes
Created: 02/03/2006 14:00
Modified: 11/02/2010 14:02
Company: Microsoft Corporation
----------
Key: USB_RNDIS
ImagePath: system32\DRIVERS\usb8023.sys
C:\WINDOWS\system32\DRIVERS\usb8023.sys
12800 bytes
Created: 02/03/2006 14:00
Modified: 13/04/2008 20:56
Company: Microsoft Corporation
----------
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\WINDOWS\system32\DRIVERS\wpdusb.sys
38528 bytes
Created: 18/10/2006 20:00
Modified: 30/01/2009 17:20
Company: Microsoft Corporation
----------

************************************************************
21:33:34: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:

************************************************************
21:33:34: Scanning ----- WINLOGON\NOTIFY DLLS -----

************************************************************
21:33:34: Scanning ----- CONTEXTMENUHANDLERS -----
Key: avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path: C:\Program Files\Alwil Software\Avast5\ashShell.dll
C:\Program Files\Alwil Software\Avast5\ashShell.dll
81072 bytes
Created: 12/06/2010 10:28
Modified: 28/06/2010 22:58
Company: AVAST Software
----------
Key: Cover Designer
CLSID: {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
Path: C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
2135336 bytes
Created: 29/08/2008 15:58
Modified: 29/08/2008 15:58
Company: Nero AG
----------
Key: Notepad++
CLSID: {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593}
Path: C:\Program Files\Notepad++\NppShell_01.dll
C:\Program Files\Notepad++\NppShell_01.dll - [file not found to scan]
----------
Key: ShellExtension
CLSID: [empty]
----------

************************************************************
21:33:35: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
390552 bytes
Created: 30/01/2011 17:45
Modified: 30/01/2011 17:45
Company: Adobe Systems, Inc.
----------

************************************************************
21:33:35: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {0EEDB912-C5FA-486F-8334-57288578C627}
BHO: C:\Program Files\Shareaza\RazaWebHook32.dll
C:\Program Files\Shareaza\RazaWebHook32.dll
81408 bytes
Created: 23/06/2010 07:28
Modified: 13/06/2010 13:55
Company: Shareaza Development Team
----------
Key: {0F6E720A-1A6B-40E1-A294-1D4D19F156C8}
BHO: C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll
C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll
165184 bytes
Created: 15/10/2009 10:53
Modified: 15/10/2009 10:53
Company: SFR
----------
Key: {0FB6A909-6086-458F-BD92-1F8EE10042A0}
BHO: C:\Program Files\AutocompletePro\AutocompletePro.dll
C:\Program Files\AutocompletePro\AutocompletePro.dll - this BHO was being loaded by the following key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0} - this key has been removed [file not found to scan]
C:\Program Files\AutocompletePro\AutocompletePro.dll - this BHO was referenced by the following key:
HKEY_CLASSES_ROOT\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0} - this key has been removed
----------
Key: {30F9B915-B755-4826-820B-08FBA6BD249D}
BHO: C:\Program Files\ConduitEngine\prxConduitEngine.dll
C:\Program Files\ConduitEngine\prxConduitEngine.dll
175912 bytes
Created: 27/02/2011 21:21
Modified: 17/01/2011 16:54
Company: Conduit Ltd.
----------
Key: {4daac69c-cba7-45e2-9bc8-1044483d3352}
BHO: C:\Program Files\Softonic_France\prxtbSof0.dll
C:\Program Files\Softonic_France\prxtbSof0.dll
175912 bytes
Created: 17/01/2011 16:54
Modified: 17/01/2011 16:54
Company: Conduit Ltd.
----------
Key: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
BHO: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
92504 bytes
Created: 14/01/2009 17:49
Modified: 14/01/2009 17:49
Company: Microsoft Corp.
----------
Key: {87574835-640a-a3a2-ede2-6f90ad9e425b}
BHO: C:\WINDOWS\system32\7b12f3eb-6b93-4aa7-ac45-6f7eb6ca31b9.dll
C:\WINDOWS\system32\7b12f3eb-6b93-4aa7-ac45-6f7eb6ca31b9.dll
2525696 bytes
Created: 20/10/2010 12:16
Modified: 20/10/2010 12:16
Company: [no info]
----------
Key: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}
BHO: C:\Program Files\Windows Live\Toolbar\wltcore.dll
C:\Program Files\Windows Live\Toolbar\wltcore.dll
1067872 bytes
Created: 16/04/2010 19:55
Modified: 16/04/2010 19:55
Company: Microsoft Corporation
----------

************************************************************
21:33:51: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 02/03/2006 14:00
Modified: 14/04/2008 04:33
Company: Microsoft Corporation
----------

************************************************************
21:33:51: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
21:33:51: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
21:33:51: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [devman.dll]
File: devman.dll
C:\WINDOWS\system32\devman.dll
495616 bytes
Created: 17/04/2011 14:58
Modified: 17/04/2011 14:58
Company: Microsoft Corporation
----------

************************************************************
21:33:51: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
21:33:52: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
Adobe Gamma Loader.lnk - links to C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE
C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE
110592 bytes
Created: 12/02/2007 00:15
Modified: 24/08/2000 17:45
Company: Adobe Systems, Inc.
--------------------
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 13/05/2007 20:46
Modified: 13/05/2007 19:00
Company: [no info]
--------------------
Microsoft Office.lnk - links to C:\PROGRA~1\MICROS~2\Office\OSA9.EXE
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE
65588 bytes
Created: 17/02/1999 22:05
Modified: 17/02/1999 22:05
Company: Microsoft Corporation
--------------------
Rappels du Calendrier Microsoft Works.lnk - links to C:\PROGRA~1\FICHIE~1\MICROS~1\WORKSS~1\wkcalrem.exe
C:\PROGRA~1\FICHIE~1\MICROS~1\WORKSS~1\wkcalrem.exe
53317 bytes
Created: 06/08/1999 09:53
Modified: 06/08/1999 09:53
Company: Microsoft® Corporation
--------------------
WiFi Station pour Livebox.lnk - links to C:\PROGRA~1\Hercules\WIFIST~1\WIFIST~1.EXE
C:\PROGRA~1\Hercules\WIFIST~1\WIFIST~1.EXE
721408 bytes
Created: 14/05/2010 20:50
Modified: 29/05/2007 10:41
Company: Hercules
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
21:33:52: Scanning ----- SCHEDULED TASKS -----
Taskname: AppleSoftwareUpdate
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
561952 bytes
Created: 22/10/2009 11:50
Modified: 22/10/2009 11:50
Company: Apple Inc.
Parameters: -task
Schedule: à 20:06 tous les lun. de chaque semaine, début : 17/07/2010
Next Run Time: 25/04/2011 20:06:00
Status: Ready
Creator: SYSTEM
Comments:
----------
Taskname: RealUpgradeLogonTaskS-1-5-21-484763869-2025429265-725345543-1004
File: C:\Program Files\Real\RealUpgrade\realupgrade.exe
C:\Program Files\Real\RealUpgrade\realupgrade.exe
173576 bytes
Created: 03/06/2010 03:02
Modified: 03/06/2010 03:02
Company: RealNetworks, Inc.
Parameters: /logoncheck
Schedule: Démarrer à l'ouverture de session
Next Run Time:
Status: Ready
Creator: fred
Comments:
----------
Taskname: RealUpgradeLogonTaskS-1-5-21-484763869-2025429265-725345543-1018
File: C:\Program Files\Real\RealUpgrade\realupgrade.exe
C:\Program Files\Real\RealUpgrade\realupgrade.exe
173576 bytes
Created: 03/06/2010 03:02
Modified: 03/06/2010 03:02
Company: RealNetworks, Inc.
Parameters: /logoncheck
Schedule: Démarrer à l'ouverture de session
Next Run Time:
Status: Ready
Creator: landry
Comments:
----------
Taskname: RealUpgradeLogonTaskS-1-5-21-484763869-2025429265-725345543-1041
File: C:\Program Files\Real\RealUpgrade\realupgrade.exe
C:\Program Files\Real\RealUpgrade\realupgrade.exe
173576 bytes
Created: 03/06/2010 03:02
Modified: 03/06/2010 03:02
Company: RealNetworks, Inc.
Parameters: /logoncheck
Schedule: Démarrer à l'ouverture de session
Next Run Time:
Status: Ready
Creator: Mickael
Comments:
----------
Taskname: RealUpgradeLogonTaskS-1-5-21-484763869-2025429265-725345543-1042
File: C:\Program Files\Real\RealUpgrade\realupgrade.exe
C:\Program Files\Real\RealUpgrade\realupgrade.exe
173576 bytes
Created: 03/06/2010 03:02
Modified: 03/06/2010 03:02
Company: RealNetworks, Inc.
Parameters: /logoncheck
Schedule: Démarrer à l'ouverture de session
Next Run Time:
Status: Has not run
Creator: Mickael
Comments:
----------
Taskname: RealUpgradeLogonTaskS-1-5-21-484763869-2025429265-725345543-1047
File: C:\Program Files\Real\RealUpgrade\realupgrade.exe
C:\Program Files\Real\RealUpgrade\realupgrade.exe
173576 bytes
Created: 03/06/2010 03:02
Modified: 03/06/2010 03:02
Company: RealNetworks, Inc.
Parameters: /logoncheck
Schedule: Démarrer à l'ouverture de session
Next Run Time:
Status: Ready
Creator: Mickael
Comments:
----------
Taskname: RealUpgradeLogonTaskS-1-5-21-484763869-2025429265-725345543-1048
File: C:\Program Files\Real\RealUpgrade\realupgrade.exe
C:\Program Files\Real\RealUpgrade\realupgrade.exe
173576 bytes
Created: 03/06/2010 03:02
Modified: 03/06/2010 03:02
Company: RealNetworks, Inc.
Parameters: /logoncheck
Schedule: Démarrer à l'ouverture de session
Next Run Time:
Status: Ready
Creator: Mickael
Comments:
----------
Taskname: RealUpgradeScheduledTaskS-1-5-21-484763869-2025429265-725345543-1004
File: C:\Program Files\Real\RealUpgrade\realupgrade.exe
C:\Program Files\Real\RealUpgrade\realupgrade.exe
173576 bytes
Created: 03/06/2010 03:02
Modified: 03/06/2010 03:02
Company: RealNetworks, Inc.
Parameters: /scheduledcheck
Schedule: à 00:34 tous les 7 jours, début : 24/10/2010
Next Run Time: 24/04/2011 00:34:00
Status: Ready
Creator: fred
Comments:
----------
Taskname: RealUpgradeScheduledTaskS-1-5-21-484763869-2025429265-725345543-1018
File: C:\Program Files\Real\RealUpgrade\realupgrade.exe
C:\Program Files\Real\RealUpgrade\realupgrade.exe
173576 bytes
Created: 03/06/2010 03:02
Modified: 03/06/2010 03:02
Company: RealNetworks, Inc.
Parameters: /scheduledcheck
Schedule: à 15:42 tous les 7 jours, début : 17/07/2010
Next Run Time: 23/04/2011 15:42:00
Status: Ready
Creator: landry
Comments:
----------
Taskname: RealUpgradeScheduledTaskS-1-5-21-484763869-2025429265-725345543-1041
File: C:\Program Files\Real\RealUpgrade\realupgrade.exe
C:\Program Files\Real\RealUpgrade\realupgrade.exe
173576 bytes
Created: 03/06/2010 03:02
Modified: 03/06/2010 03:02
Company: RealNetworks, Inc.
Parameters: /scheduledcheck
Schedule: à 15:51 tous les 7 jours, début : 02/08/2010
Next Run Time: 25/04/2011 15:51:00
Status: Has not run
Creator: Mickael
Comments:
----------
Taskname: RealUpgradeScheduledTaskS-1-5-21-484763869-2025429265-725345543-1042
File: C:\Program Files\Real\RealUpgrade\realupgrade.exe
C:\Program Files\Real\RealUpgrade\realupgrade.exe
173576 bytes
Created: 03/06/2010 03:02
Modified: 03/06/2010 03:02
Company: RealNetworks, Inc.
Parameters: /scheduledcheck
Schedule: à 20:09 tous les 7 jours, début : 30/08/2010
Next Run Time: 25/04/2011 20:09:00
Status: Has not run
Creator: Mickael
Comments:
----------
Taskname: RealUpgradeScheduledTaskS-1-5-21-484763869-2025429265-725345543-1047
File: C:\Program Files\Real\RealUpgrade\realupgrade.exe
C:\Program Files\Real\RealUpgrade\realupgrade.exe
173576 bytes
Created: 03/06/2010 03:02
Modified: 03/06/2010 03:02
Company: RealNetworks, Inc.
Parameters: /scheduledcheck
Schedule: à 13:07 tous les 7 jours, début : 22/09/2010
Next Run Time: 20/04/2011 13:07:00
Status: Has not run
Creator: Mickael
Comments:
----------
Taskname: RealUpgradeScheduledTaskS-1-5-21-484763869-2025429265-725345543-1048
File: C:\Program Files\Real\RealUpgrade\realupgrade.exe
C:\Program Files\Real\RealUpgrade\realupgrade.exe
173576 bytes
Created: 03/06/2010 03:02
Modified: 03/06/2010 03:02
Company: RealNetworks, Inc.
Parameters: /scheduledcheck
Schedule: à 16:41 tous les 7 jours, début : 18/03/2011
Next Run Time: 22/04/2011 16:41:00
Status: Ready
Creator: Mickael
Comments:
----------
Taskname: User_Feed_Synchronization-{92B5266E-C85D-453D-8ADB-A4AE061C9405}
File: C:\WINDOWS\system32\msfeedssync.exe
C:\WINDOWS\system32\msfeedssync.exe
13312 bytes
Created: 17/10/2006 11:58
Modified: 08/03/2009 04:31
Company: Microsoft Corporation
Parameters: sync
Schedule: Multiple schedule times
Next Run Time: 19/04/2011 00:16:00
Status: Ready
Creator: fred
Comments: Met à jour les flux système obsolètes.
----------

************************************************************
21:33:55: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
21:33:55: Scanning ----- DEVICE DRIVER ENTRIES -----

************************************************************
21:33:55: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\fred.RABUEL-0CBE03B3\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
C:\Documents and Settings\fred.RABUEL-0CBE03B3\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
129654 bytes
Created: 21/09/2007 02:31
Modified: 28/11/2010 23:59
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\fred.RABUEL-0CBE03B3\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
2359350 bytes
Created: 17/05/2007 12:26
Modified: 31/08/2008 23:05
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************************
21:33:56: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 02/03/2006 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
512000 bytes
Created: 02/03/2006 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
111104 bytes
Created: 02/03/2006 14:00
Modified: 09/02/2009 13:23
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 02/03/2006 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\nvsvc32.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 02/03/2006 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
58880 bytes
Created: 02/03/2006 14:00
Modified: 17/08/2010 15:17
Company: Microsoft Corporation
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe
153376 bytes
Created: 17/07/2010 12:30
Modified: 02/02/2011 22:40
Company: Sun Microsystems, Inc.
--------------------
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe - file already scanned
--------------------
C:\Program Files\CDBurnerXP\NMSAccessU.exe - file already scanned
--------------------
C:\WINDOWS\system32\HPZipm12.exe - file already scanned
--------------------
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\VIAudioi\HDADeck\HDeck.exe - file already scanned
--------------------
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe - file already scanned
--------------------
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe - file already scanned
--------------------
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe - file already scanned
--------------------
C:\WINDOWS\system32\RUNDLL32.EXE
33792 bytes
Created: 02/03/2006 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
--------------------
C:\Program Files\iTunes\iTunesHelper.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe - file already scanned
--------------------
C:\Program Files\SFR\Kit\9props.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
53317 bytes
Created: 06/08/1999 09:53
Modified: 06/08/1999 09:53
Company: Microsoft® Corporation
--------------------
C:\WINDOWS\system32\wbem\wmiapsrv.exe
126464 bytes
Created: 13/05/2007 18:56
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
--------------------
C:\Program Files\Hercules\WiFi Station pour Livebox\WifiStationLB.exe
721408 bytes
Created: 14/05/2010 20:50
Modified: 29/05/2007 10:41
Company: Hercules
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\Program Files\iPod\bin\iPodService.exe
820008 bytes
Created: 24/09/2010 02:10
Modified: 24/09/2010 02:10
Company: Apple Inc.
--------------------
C:\WINDOWS\system32\cscpage.exe - file already scanned
--------------------
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
130560 bytes
Created: 19/09/2008 08:52
Modified: 19/09/2008 08:52
Company:
--------------------
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
119808 bytes
Created: 03/06/2008 08:02
Modified: 03/06/2008 08:02
Company:
--------------------
C:\Program Files\internet explorer\iexplore.exe
638816 bytes
Created: 21/08/2006 16:03
Modified: 08/03/2009 14:09
Company: Microsoft Corporation
--------------------
C:\Program Files\internet explorer\iexplore.exe - file already scanned
--------------------
C:\Program Files\Windows Live\Toolbar\wltuser.exe
223584 bytes
Created: 16/04/2010 19:55
Modified: 16/04/2010 19:55
Company: Microsoft Corporation
--------------------
C:\Documents and Settings\fred.RABUEL-0CBE03B3\Application Data\Simply Super Software\Trojan Remover\swqC.exe
FileSize: 3761072
[This is a Trojan Remover component]
--------------------

************************************************************
21:33:59: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.google.fr/
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 21:34:00 18 avr. 2011
Total Scan time: 00:00:41
-------------------------------------------------------------------------
Trojan Remover needs to restart the system to complete operations
18/04/2011 21:34:09: restart commenced
************************************************************


Fill
 Posté le 18/04/2011 à 21:59 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Salut,

1/ Pourquoi sors-tu ce rapport ? Ce n'est pas ce que j'ai demandé. Je souhaiterais voir si tu as le rapport Combofix et le rapport Ad-remover.

2/ Si tu as ouvert d'autres sujets ailleurs, il serait courtois de prévenir les éventuels intervenants que le problème est en cours de résolution ici. En général, les helpeurs ont horreur de découvrir lors de recherche qu'un utilisateur joue sur plusieurs tableaux.

Fill

staivys227
 Posté le 18/04/2011 à 22:22 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

J ai telecharger remover , enfin je crois en passant par google

mon ordi rame de pus en plus

et je t ai envoye ce rapport

Fill
 Posté le 19/04/2011 à 07:15 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

staivys227 a écrit :

J ai telecharger remover , enfin je crois en passant par google

mon ordi rame de pus en plus

et je t ai envoye ce rapport

Lis bien les consignes :

  • Télécharge Ad Remover d'El Desaparecido , C_XX & Chimay8 sur ton Bureau. Autre lien de téléchargement possible.
  • Double-clique sur l'outil pour l'exécuter (Sous Vista ou windows 7, il faut faire un clic droit et l'exécuter en tant qu'administrateur),
  • Lance la recherche et édite le rapport généré par l'outil dans ta prochaine réponse.

Tu dois cliquer sur le lien rouge.

Fill

staivys227
 Posté le 19/04/2011 à 16:23 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

ok j'aicliqué sur le lien comme demandé

auj 16 h 00 mon ordi ne rame pas...Je vais suivre les conseils de nettoyage

si j'ai le temps ce soir puisque je bosse aussi le soir je me reconnecte pour essayer d'aller plus loin

Comme je te disais pus haut je n'ai pas utilisé combofix...Je m en souviendrai quand meme

Publicité
staivys227
 Posté le 19/04/2011 à 22:42 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

ATF Cleaner HouseCall Ewido sont soit payant soit un des trois ne fonctionne pas

J'ai lancé avast , aucun probleme , je viens de retelecharger spybot , pas de soucis pour l instant

il scanne encore ,je télécharge en ce moment ad aware

advertise here s'ouvre toujours mais mon pc ne rame plus pour l instant;

Je te tiens au courant

Fill
 Posté le 19/04/2011 à 22:44 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Bon,

Ben je crois que je vais abandonner. Tu sais lire des consignes ?

Fill

staivys227
 Posté le 19/04/2011 à 22:45 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

ah oui au fait index dat ne peut etre supprimé sur ma session

C'est normal non?

staivys227
 Posté le 19/04/2011 à 22:53 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

pourquoi tu veux abandonner ??

J'ai suivi la fiche de nettoyage , et je te fais part de l avancement de celui de mon pc

Je les lis les consignes

Fill
 Posté le 19/04/2011 à 22:59 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Re,

Pour la 3e fois, je te demande de passer Ad-remover et d'éditer le rapport. A quel moment ai-j mentionné ewido, spybot ou trojan remover ?

Fill

staivys227
 Posté le 19/04/2011 à 23:09 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [2]) -> Lancé à 23:07:22 le 19/04/2011, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86)
fred@RABUEL-0CBE03B3 ( )

============== RECHERCHE ==============


Dossier trouvé: C:\Documents and Settings\fred.RABUEL-0CBE03B3\Local Settings\Application Data\Conduit
Dossier trouvé: C:\Documents and Settings\fred.RABUEL-0CBE03B3\Local Settings\Application Data\ConduitEngine
Dossier trouvé: C:\Program Files\ConduitEngine
Dossier trouvé: C:\Documents and Settings\fred.RABUEL-0CBE03B3\Application Data\PriceGong
Dossier trouvé: C:\Program Files\Viewpoint
Fichier trouvé: C:\WINDOWS\system32\7b12f3eb-6b93-4aa7-ac45-6f7eb6ca31b9.dll

Clé trouvée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKLM\Software\Classes\CLSID\{98402B42-E032-49AC-83DE-3324E967B863}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98402B42-E032-49AC-83DE-3324E967B863}
Clé trouvée: HKLM\Software\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Clé trouvée: HKLM\Software\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Clé trouvée: HKLM\Software\Classes\Conduit.Engine
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2542115
Clé trouvée: HKLM\Software\Classes\AppID\AutocompletePro.DLL
Clé trouvée: HKLM\Software\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Clé trouvée: HKLM\Software\Conduit
Clé trouvée: HKLM\Software\conduitEngine
Clé trouvée: HKCU\Software\AutocompleteProBHO
Clé trouvée: HKCU\Software\Conduit
Clé trouvée: HKCU\Software\conduitEngine
Clé trouvée: HKCU\Software\FissaSearch
Clé trouvée: HKCU\Software\PriceGong
Clé trouvée: HKCU\Software\Spointer
Clé trouvée: HKLM\Software\Canneverbe Limited\OpenCandy
Clé trouvée: HKCU\Software\AppDataLow\49917dc3-48bc-4144-ccdb-226690579b2b
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ClickPotato
Clé trouvée: HKLM\Software\Classes\Installer\Products\5B4758C25396ECF468E04F8E063287FF
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\5B4758C25396ECF468E04F8E063287FF
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B2980D1-2D6D-4E0E-B935-30F45261513B}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37F4A335-D085-423e-A425-0370799166FB}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C8574B5-6935-4FCE-860E-F4E8602378FF}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Clé trouvée: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Clé trouvée: HKLM\Software\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk

Valeur trouvée: HKLM\Software\Mozilla\Firefox\Extensions|offerboxffx@offerbox.com
Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}


============== SCAN ADDITIONNEL ==============

-- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Application Data\Mozilla\FireFox\Profiles\gu23caa9.default --
Extensions\support@predictad.com (AutocompletePro - Your handy search suggestions tool)
Searchplugins\Search.xml (?)
Prefs.js - browser.startup.homepage, hxxp://dymasearch.com/
Prefs.js - browser.search.selectedEngine, Search
Prefs.js - keyword.URL, hxxp://www.dymasearch.com/search.php?src=tops&q=
Prefs.js - browser.search.defaultenginename, Search
Prefs.js - browser.search.defaulturl, hxxp://www.dymasearch.com/search.php?src=tops&q=

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Start Page - hxxp://www.google.fr/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKCU_URLSearchHooks|{08C06D61-F1F3-4799-86F8-BE1A89362C85} - "Search Class" (C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll) (x)
HKCU_URLSearchHooks|{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France\prxtbSof0.dll)
HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "Ask Search" (hxxp://websearch.ask.com/redirect?client=ie&tb=UT2V5&o=15158&src=crm&q={searchTe...)
HKCU_SearchScopes\{4238611D-11A0-4A1B-B2B1-DFA499ADD619} - "Search" (hxxp://www.dymasearch.com/search.php?src=tops&q={SearchTerms})
HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "Softonic_France Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
HKCU_SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9} - "Fissa" (hxxp://www.fissa.com/en/results/?s=b&c=1011139772&suid=ElO0880tH&d=6&pid=28&q={s...)
HKCU_Toolbar\WebBrowser|{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (x)
HKCU_Toolbar\WebBrowser|{1660B308-BECB-4062-890D-396B2FBBC8CA} (x)
HKCU_Toolbar\WebBrowser|{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} (C:\Program Files\Softonic_France\prxtbSof0.dll)
HKLM_Toolbar|{4daac69c-cba7-45e2-9bc8-1044483d3352} (C:\Program Files\Softonic_France\prxtbSof0.dll)
HKLM_Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files\ConduitEngine\prxConduitEngine.dll)
HKCU_ElevationPolicy\{F99AAFE0-0B2F-4a4d-8667-D2A0122081A5} - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (x)
HKLM_ElevationPolicy\{1B2980D1-2D6D-4E0E-B935-30F45261513B} - C:\Program Files\ConduitEngine\ConduitEngineHelper.exe (?)
HKLM_ElevationPolicy\{37F4A335-D085-423e-A425-0370799166FB} - C:\Program Files\OfferBox\OfferBox.exe (x)
HKLM_ElevationPolicy\{44270ABA-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (x)
HKLM_ElevationPolicy\{B2321D2F-1154-4d97-AD3E-2FE0BAE2897B} - C:\Program Files\SFR\Kit\9launch.exe (SFR)
HKLM_ElevationPolicy\{B6524093-4B34-44BF-96DF-CB34121EDA34} - C:\Documents and Settings\fred.RABUEL-0CBE03B3\Local Settings\Application Data\Conduit\CT2542115\Softonic_FranceAutoUpdaterHelper.exe (?)
HKLM_ElevationPolicy\{F99AAFE0-0B2F-4a4d-8667-D2A0122081A5} - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (x)
HKLM_Extensions\{90EAE591-7E7E-434a-8E28-ECFD00071806} - "PokerStars.fr" (C:\Program Files\PokerStars.FR\main.ico)
HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{0EEDB912-C5FA-486F-8334-57288578C627} - "Shareaza Web Download Hook" (C:\Program Files\Shareaza\RazaWebHook32.dll)
BHO\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - "Objet d'aide à la navigation SFR" (C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll)
BHO\{30F9B915-B755-4826-820B-08FBA6BD249D} - "Conduit Engine " (C:\Program Files\ConduitEngine\prxConduitEngine.dll)
BHO\{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France\prxtbSof0.dll)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll)
BHO\{7E853D72-626A-48EC-A868-BA8D5E23E045} (?)
BHO\{87574835-640a-a3a2-ede2-6f90ad9e425b} - "netbits" (C:\WINDOWS\system32\7b12f3eb-6b93-4aa7-ac45-6f7eb6ca31b9.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 2 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 19/04/2011 23:05:20 (8641 Octet(s))
C:\Ad-Report-SCAN[2].txt - 19/04/2011 23:07:25 (4040 Octet(s))

Fin à: 23:07:58, 19/04/2011

============== E.O.F ==============

Fill
 Posté le 19/04/2011 à 23:13 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Re,

1/

  • Double-clique sur Ad Remover pour exécuter l'outil (ou clic droit>Exécuter en tant qu'administrateur sous Vista et windows 7),
  • Lance le nettoyage et édite le rapport généré par l'outil dans ta prochaine réponse.

2/

  • Télécharge TFC par Old_Timer sur ton Bureau,
  • Fais un double clic sur TFC.exe pour le lancer. (Note: Si tu es sous Vista, fais un clic droit sur le fichier et choisis Exécuter en tant qu'Administrateur).
  • L'outil va fermer tous les programmes lors de son exécution, donc vérifie que tu as sauvegardé tout ton travail en cours avant de commencer.
  • Clique sur le bouton Start pour lancer le processus. Selon la fréquence à laquelle tu supprimes tes fichiers temporaires, cela peut durer de quelques secondes à une minute ou deux. Laisse le programme s'exécuter sans l'interrompre.
  • Lorsqu'il a terminé, l'outil devrait faire redémarrer votre système. S'il ne le fait pas, fais-le redémarrer manuellement le PC toi-même pour parachever le nettoyage.

3/ Fais une analyse avec malwarebyte's en suivant ce tuto et édite le rapport.

Fill

staivys227
 Posté le 19/04/2011 à 23:28 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 23:15:27 le 19/04/2011, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86)
fred@RABUEL-0CBE03B3 ( )

============== ACTION(S) ==============


Dossier supprimé: C:\Documents and Settings\fred.RABUEL-0CBE03B3\Local Settings\Application Data\Conduit
Dossier supprimé: C:\Documents and Settings\fred.RABUEL-0CBE03B3\Local Settings\Application Data\ConduitEngine
Dossier supprimé: C:\Program Files\ConduitEngine
Dossier supprimé: C:\Documents and Settings\fred.RABUEL-0CBE03B3\Application Data\PriceGong
Dossier supprimé: C:\Program Files\Viewpoint
Fichier supprimé: C:\WINDOWS\system32\7b12f3eb-6b93-4aa7-ac45-6f7eb6ca31b9.dll

(!) -- Fichiers temporaires supprimés.


Clé supprimée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKLM\Software\Classes\CLSID\{98402B42-E032-49AC-83DE-3324E967B863}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98402B42-E032-49AC-83DE-3324E967B863}
Clé supprimée: HKLM\Software\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Clé supprimée: HKLM\Software\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Clé supprimée: HKLM\Software\Classes\Conduit.Engine
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2542115
Clé supprimée: HKLM\Software\Classes\AppID\AutocompletePro.DLL
Clé supprimée: HKLM\Software\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKLM\Software\conduitEngine
Clé supprimée: HKCU\Software\AutocompleteProBHO
Clé supprimée: HKCU\Software\Conduit
Clé supprimée: HKCU\Software\conduitEngine
Clé supprimée: HKCU\Software\FissaSearch
Clé supprimée: HKCU\Software\PriceGong
Clé supprimée: HKCU\Software\Spointer
Clé supprimée: HKLM\Software\Canneverbe Limited\OpenCandy
Clé supprimée: HKCU\Software\AppDataLow\49917dc3-48bc-4144-ccdb-226690579b2b
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ClickPotato
Clé supprimée: HKLM\Software\Classes\Installer\Products\5B4758C25396ECF468E04F8E063287FF
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\5B4758C25396ECF468E04F8E063287FF
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B2980D1-2D6D-4E0E-B935-30F45261513B}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37F4A335-D085-423e-A425-0370799166FB}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C8574B5-6935-4FCE-860E-F4E8602378FF}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Clé supprimée: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Clé supprimée: HKLM\Software\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk

Valeur supprimée: HKLM\Software\Mozilla\Firefox\Extensions|offerboxffx@offerbox.com
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}


============== SCAN ADDITIONNEL ==============

-- C:\Documents and Settings\fred.RABUEL-0CBE03B3\Application Data\Mozilla\FireFox\Profiles\gu23caa9.default --
Extensions\support@predictad.com (AutocompletePro - Your handy search suggestions tool)
Searchplugins\Search.xml (?)
Prefs.js - browser.startup.homepage, hxxp://dymasearch.com/
Prefs.js - browser.search.selectedEngine, Search
Prefs.js - keyword.URL, hxxp://www.dymasearch.com/search.php?src=tops&q=
Prefs.js - browser.search.defaultenginename, Search
Prefs.js - browser.search.defaulturl, hxxp://www.dymasearch.com/search.php?src=tops&q=

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{08C06D61-F1F3-4799-86F8-BE1A89362C85} - "Search Class" (C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll) (x)
HKCU_URLSearchHooks|{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France\prxtbSof0.dll)
HKCU_SearchScopes\{4238611D-11A0-4A1B-B2B1-DFA499ADD619} - "Search" (hxxp://www.dymasearch.com/search.php?src=tops&q={SearchTerms})
HKCU_Toolbar\WebBrowser|{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (x)
HKCU_Toolbar\WebBrowser|{1660B308-BECB-4062-890D-396B2FBBC8CA} (x)
HKCU_Toolbar\WebBrowser|{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} (C:\Program Files\Softonic_France\prxtbSof0.dll)
HKLM_Toolbar|{4daac69c-cba7-45e2-9bc8-1044483d3352} (C:\Program Files\Softonic_France\prxtbSof0.dll)
HKCU_ElevationPolicy\{F99AAFE0-0B2F-4a4d-8667-D2A0122081A5} - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (x)
HKLM_ElevationPolicy\{44270ABA-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (x)
HKLM_ElevationPolicy\{B2321D2F-1154-4d97-AD3E-2FE0BAE2897B} - C:\Program Files\SFR\Kit\9launch.exe (SFR)
HKLM_ElevationPolicy\{B6524093-4B34-44BF-96DF-CB34121EDA34} - C:\Documents and Settings\fred.RABUEL-0CBE03B3\Local Settings\Application Data\Conduit\CT2542115\Softonic_FranceAutoUpdaterHelper.exe (x)
HKLM_ElevationPolicy\{F99AAFE0-0B2F-4a4d-8667-D2A0122081A5} - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (x)
HKLM_Extensions\{90EAE591-7E7E-434a-8E28-ECFD00071806} - "PokerStars.fr" (C:\Program Files\PokerStars.FR\main.ico)
HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{0EEDB912-C5FA-486F-8334-57288578C627} - "Shareaza Web Download Hook" (C:\Program Files\Shareaza\RazaWebHook32.dll)
BHO\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - "Objet d'aide à la navigation SFR" (C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll)
BHO\{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France\prxtbSof0.dll)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll)
BHO\{7E853D72-626A-48EC-A868-BA8D5E23E045} (?)
BHO\{87574835-640a-a3a2-ede2-6f90ad9e425b} - "netbits" (C:\WINDOWS\system32\7b12f3eb-6b93-4aa7-ac45-6f7eb6ca31b9.dll) (x)

========================================

C:\Program Files\Ad-Remover\Quarantine: 131 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 19/04/2011 23:15:42 (6243 Octet(s))
C:\Ad-Report-SCAN[1].txt - 19/04/2011 23:05:20 (8641 Octet(s))
C:\Ad-Report-SCAN[2].txt - 19/04/2011 23:07:25 (8706 Octet(s))

Fin à: 23:16:59, 19/04/2011

============== E.O.F ==============

staivys227
 Posté le 19/04/2011 à 23:57 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6400

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19/04/2011 23:56:06
mbam-log-2011-04-19 (23-55-38).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 269273
Temps écoulé: 6 minute(s), 27 seconde(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
c:\WINDOWS\system32\cscpage.exe (Spyware.Agent) -> 312 -> No action taken.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

voila le rapport du tuto

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cscpage.exe (Spyware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87574835-640a-a3a2-ede2-6f90ad9e425b} (Adware.MediaPass) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{87574835-640a-a3a2-ede2-6f90ad9e425b} (Adware.MediaPass) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{87574835-640A-A3A2-EDE2-6F90AD9E425B} (Adware.MediaPass) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\system32\cscpage.exe (Spyware.Agent) -> No action taken.
c:\documents and settings\fred.rabuel-0cbe03b3\Bureau\unstoppable.exe (Adware.Hotbar) -> No action taken.
c:\documents and settings\fred.rabuel-0cbe03b3\Bureau\plugin_vlc.exe (Trojan.Dropper) -> No action taken.
c:\downloads\35[1].exe (Adware.TryMedia) -> No action taken.
c:\WINDOWS\system32\devman.dll (Spyware.Agent) -> No action taken.
c:\WINDOWS\system32\gnuhashes.ini (Trojan.Tracur) -> No action taken.

Publicité
Pages : [1] 2 3 4 5 ... Fin
Page 1 sur 5 [Fin]

Vous devez être connecté pour poster des messages. Cliquez ici pour vous identifier.

Vous n'avez pas de compte ? Créez-en un gratuitement !


Sujets relatifs
Adwares divers et Toolbar Agent
Divers adwares
divers adwares
Divers adwares
Divers adwares
Divers adwares sur ordinateur ralenti
Divers Adwares
Divers Adwares
Adwares, Spyware, Toolbars indésirables
divers adwares
Plus de sujets relatifs à spyware agent, divers adwares
 > Tous les forums > Forum Sécurité