Sujet Précédent Sujet Suivant

Lenteur PC + internet = virus?

Rico Brisbane -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,

Depuis quelque temps on a un problème de PC qui rame et d'internet lent sur les 2 pc de la maison qui sont reliés via un routeur D-link. L'un des PC commence à fermer des appli sans rien demander à personne, ne réponds pas, le débit internet tout pourrit pour de l'adsl... Bref: ça pue le virus!

L'autre jour ma copine était revenue de la fac avec un virus sur sa clé USB. Antivir l'a bloqué, mais on dirait que quelque chose est passé quand même?...

Bref, je viens de faire un scan Hijackthis des 2 pc.

Y-aurait il quelqu'un de sympa et d'assé informé sur le sujet pour me dire si je peux les poster? Ca serait chouette!

Merci d'avance!

Eric
ps: les 2 pc ont la mm "protection" Avira antivir, Zone Alarm
A voir également:

9 réponses

Réponse 1 / 9
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

je suis Lyonnais92 et je t'accompagnerai jusqu'à ce que ton ordi soit désinfecté.

J'ai besoin de certaines informations afin de te faire faire les meilleures manipulations, au moindre risque.

- il s'agit d'un ordi personnel ou professionnel ?

- ta session a les droits d'administrateur ?

- ton Windows est légitime ?

- tu as un CD (ou DVD) d'installation ou seulement de restauration en l'état neuf ?

- tu as une sauvegarde de tes données personnelles (sur un support externe) ?

- tu as (ou peut avoir) l'usage d'un autre ordi sain ? avec un graveur de CD ?

===============

on traite un ordi, puis l'autre.

On commence par le moins atteint.

=================
Télécharge OTList2 de OLDTimer ici :

http://oldtimer.geekstogo.com/OTListIt2.exe

et enregistre le sur ton Bureau.

Double clic sur OTListIt2.exe pour le lancer.

Coche les 2 cases Lop et Purity

Coche la case devant "scan all users"

Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport.

Copie le dans une nouvelle réponse
0
Réponse 2 / 9
Rico Brisbane
 
Bonjour,

Merci pour ton aide. Alors, dans l'ordre:

- Il s'agit d'un PC perso (à la maison quoi) bien que je m'en serve pour mon activité professionelle (Freelance donc taf avec mon propre PC). Au passage, pour info, je viens de brancher mon PC portable tout neuf à internet, et tout va très vite (enfin normale quoi) internet se charge vite, les videos ne rament pas... Contraire aux deux PC fixes...
- Ma session à les droit d'administrateurs.
- Je ne sais pas ce que tu entends par "légitime"? Mon windows est un XP LSD intallé en 2006 qui n'a jusqu'ici jamais crashé. J'ai eu des problèmes de virus une fois ou deux et ai réussit à tout désinfecter grâce à l'aide précieuse de forums comme celui-ci.
- Je n'ai hélas plus le CD d'instal de mon XP (oublié en france que je suis parti en Juin dernier... Un peu à l'arrache, PC dans la valise... Par contre j'ai le CD de XP du PC de ma copine, ainsi qu'un DVD de Vista? Mais j'espère ne pas devoir en arriver là?...)
- J'ai un HD externe avec une partie de mes sauvegardes. (Pourquoi? Au cas où il y aurais du formatage dans l'air?)
- L'usage d'un autre ordi sain avec un graveur de CD -> OUI mon portable.

Voici le rapport OTListIt:

OTListIt logfile created on: 05/05/2009 00:34:08 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = D:\Downloadz
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

990,42 Mb Total Physical Memory | 470,11 Mb Available Physical Memory | 47,47% Memory free
2,33 Gb Paging File | 1,77 Gb Available in Paging File | 76,03% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 5,49 Gb Free Space | 28,13% Space Free | Partition Type: NTFS
Drive D: | 133,84 Gb Total Space | 29,93 Gb Free Space | 22,37% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICO
Current User Name: Rico
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

[color=orange]========== Processes (SafeList) ==========/color

PRC - [2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2005/06/16 07:01:14 | 01,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/10/15 14:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/15 14:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2005/10/01 03:34:58 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
PRC - [2008/12/05 16:11:54 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
PRC - [2005/10/28 15:21:02 | 00,118,843 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2005/10/28 15:20:46 | 00,061,503 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2005/08/08 22:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
PRC - [2007/05/29 02:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2005/01/28 21:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2005/10/28 15:23:54 | 00,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2004/08/20 04:10:06 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2005/10/01 03:34:58 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
PRC - [2005/10/28 15:25:14 | 00,270,336 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
PRC - [2006/10/12 12:10:54 | 00,049,263 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
PRC - [2007/05/15 08:22:22 | 00,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2007/06/29 07:01:00 | 02,512,128 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodtray.exe
PRC - [2008/06/12 14:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008/07/09 09:05:20 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2005/10/19 18:19:08 | 00,049,152 | ---- | M] (Alpha Networks Inc.) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2009/01/17 10:32:25 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/10/12 12:10:54 | 00,241,775 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
PRC - [2005/06/16 07:01:14 | 01,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/30 22:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
PRC - [2007/06/11 19:25:42 | 06,731,312 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
PRC - [2008/04/28 21:21:36 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/05 00:31:01 | 00,501,248 | ---- | M] (OldTimer Tools) -- D:\Downloadz\OTListIt2.exe
PRC - [2004/08/20 04:10:06 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe

[color=orange]========== Win32 Services (SafeList) ==========/color

SRV - [2006/10/27 00:54:41 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2005/10/19 18:19:10 | 00,049,152 | ---- | M] (Alpha Networks Inc.) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService [Auto | Stopped])
SRV - [2008/10/15 14:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
SRV - [2008/10/15 14:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2005/10/28 15:23:54 | 00,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) [Auto | Running])
SRV - [2005/10/01 03:34:58 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface [Auto | Running])
SRV - [2009/03/24 12:05:30 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])
SRV - [2004/08/20 04:09:38 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Disabled | Stopped])
SRV - [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2004/08/20 01:09:32 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2008/12/05 16:11:54 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0 [Auto | Running])
SRV - [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2005/10/28 15:21:02 | 00,118,843 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp [Auto | Running])
SRV - [2005/10/28 15:20:46 | 00,061,503 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog [Auto | Running])
SRV - [2005/10/10 23:49:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Stopped])
SRV - [2007/06/29 07:02:08 | 01,049,856 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag [Disabled | Stopped])
SRV - [2005/08/08 22:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2007/05/29 02:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])
SRV - [2005/01/28 21:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2007/01/19 21:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
SRV - [2007/05/30 22:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard [Auto | Running])

[color=orange]========== Driver Services (SafeList) ==========/color

DRV - [2007/12/20 00:43:44 | 00,068,672 | R--- | M] (2Wire, Inc.) -- C:\WINDOWS\system32\DRIVERS\2WirePCP.sys -- (2WIREPCP [On_Demand | Stopped])
DRV - [2005/03/09 23:53:00 | 00,043,008 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2005/11/09 15:44:48 | 00,024,288 | ---- | M] (Alpha Networks Inc.) -- C:\WINDOWS\system32\ANIO.SYS -- (ANIO [Auto | Running])
DRV - [2007/02/27 15:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
DRV - [2008/05/20 16:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
DRV - [2008/11/26 07:27:55 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2002/10/21 20:37:16 | 00,515,803 | ---- | M] (Digital Camera) -- C:\WINDOWS\System32\Drivers\Ca533av.sys -- (Ca533av [Auto | Stopped])
DRV - [2005/01/08 01:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/12/09 18:48:40 | 04,123,136 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2007/07/19 15:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\DRIVERS\klif.sys -- (KLIF [System | Running])
DRV - [2004/08/13 12:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2005/10/10 23:49:00 | 03,530,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2005/09/29 11:08:10 | 00,098,816 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2005/07/29 19:11:02 | 00,034,048 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2005/07/29 19:11:04 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2008/07/06 19:26:36 | 00,033,952 | ---- | M] () -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32 [System | Running])
DRV - [2001/08/29 02:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/08 09:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/11/03 20:39:02 | 00,245,504 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\DRIVERS\Dr71WU.sys -- (RT73 [On_Demand | Stopped])
DRV - [2004/07/17 23:36:38 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/08/10 22:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
DRV - [2005/05/16 23:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2005/11/04 00:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02 [Boot | Running])
DRV - [2008/02/22 03:15:04 | 00,715,248 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2004/04/02 01:30:56 | 00,047,087 | ---- | M] () -- C:\WINDOWS\System32\Drivers\Capt9150.sys -- (SQTECH9150 [On_Demand | Stopped])
DRV - [2008/02/27 03:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
DRV - [2007/03/01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2001/08/18 06:49:10 | 00,026,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\DRIVERS\irstusb.sys -- (STIrUsb [On_Demand | Stopped])
DRV - [2004/08/04 08:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2002/07/25 20:19:48 | 00,010,986 | ---- | M] (USB BULK) -- C:\WINDOWS\System32\Drivers\Bulk533.sys -- (USBCamera [On_Demand | Stopped])
DRV - [2008/07/09 09:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [System | Running])
DRV - [2007/05/30 22:10:42 | 00,010,872 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys -- (AvgAsCln [System | Stopped])
DRV - [2007/05/30 22:10:42 | 00,011,000 | ---- | M] () -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver [System | Running])

[color=orange]========== Standard Registry (SafeList) ==========/color

[color=orange]========== Internet Explorer ==========/color

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.iesearch.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page Restore =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1417001333-1292428093-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
IE - HKU\S-1-5-21-1417001333-1292428093-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1417001333-1292428093-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\S-1-5-21-1417001333-1292428093-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
IE - HKU\S-1-5-21-1417001333-1292428093-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://media.telstra.com.au/home.html
IE - HKU\S-1-5-21-1417001333-1292428093-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
IE - HKU\S-1-5-21-1417001333-1292428093-839522115-1003\S-1-5-21-1417001333-1292428093-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=orange]========== FireFox ==========/color

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/?gws_rd=ssl"
FF - prefs.js..extensions.enabledItems: fr-FR@dictionaries.addons.mozilla.org:2.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.3
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.8.5
FF - prefs.js..extensions.enabledItems: {ecdee021-0d17-467f-a1ff-c7a115230949}:1.5.41.0
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "https://search.yahoo.com/web?fr=vmn"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2008/04/28 21:21:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2008/04/28 21:21:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2009/04/01 19:31:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS [2009/04/01 19:31:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.3.0\Extensions\\Components: C:\PROGRAM FILES\NETSCAPE\NETSCAPE BROWSER\COMPONENTS [2009/04/01 19:31:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.3.0\Extensions\\Plugins: C:\PROGRAM FILES\NETSCAPE\NETSCAPE BROWSER\PLUGINS [2009/04/01 19:31:48 | 00,000,000 | ---D | M]

[2009/01/15 23:23:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\mozilla\Extensions
[2009/01/15 23:23:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/04 12:35:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\mozilla\Firefox\Profiles\gk0x9401.default\extensions
[2009/04/16 10:33:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\mozilla\Firefox\Profiles\gk0x9401.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2008/12/10 19:11:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\mozilla\Firefox\Profiles\gk0x9401.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/16 10:33:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\mozilla\Firefox\Profiles\gk0x9401.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008/06/22 15:20:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\mozilla\Firefox\Profiles\gk0x9401.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
[2009/01/25 08:31:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\mozilla\Firefox\Profiles\gk0x9401.default\extensions\fr-FR@dictionaries.addons.mozilla.org
[2009/05/04 12:35:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2006/10/26 18:15:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/04/28 21:21:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/06/13 02:30:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008/06/06 07:59:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\search@searchsettings.com
[2008/04/28 21:21:36 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2008/04/28 21:21:36 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2006/09/10 21:35:08 | 00,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2008/09/28 17:10:26 | 00,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2008/04/16 14:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2006/09/10 21:35:08 | 00,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2008/03/29 23:59:44 | 00,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2006/09/13 04:49:04 | 00,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: (193010 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 6834 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (no name) - {D032570A-5F63-4812-A094-87D007C23012} - Reg Error: Key error. File not found
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1417001333-1292428093-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O3 - HKU\S-1-5-21-1417001333-1292428093-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O3 - HKU\S-1-5-21-1417001333-1292428093-839522115-1003\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized (GRISOFT s.r.o.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)
O4 - HKU\S-1-5-21-1417001333-1292428093-839522115-1003..\Run: [AlcoholAutomount] "D:\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-1417001333-1292428093-839522115-1003..\Run: [EPSON Stylus TX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGP.EXE /FU "C:\WINDOWS\TEMP\E_S10D.tmp" /EF "HKCU" (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1417001333-1292428093-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Rico\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Rico\Menu Démarrer\Programmes\Démarrage\MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1417001333-1292428093-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-21-1417001333-1292428093-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\S-1-5-21-1417001333-1292428093-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1417001333-1292428093-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 64
O7 - HKU\S-1-5-21-1417001333-1292428093-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\S-1-5-21-1417001333-1292428093-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1417001333-1292428093-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O15 - HKLM\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1417001333-1292428093-839522115-1003\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1417001333-1292428093-839522115-1003 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/26 01:59:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0129bc9a-7e72-11dc-b0bc-001731143500}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{69a8834f-3b77-11dd-b204-001731143500}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\driver.exe -- File not found
O33 - MountPoints2\{69a8834f-3b77-11dd-b204-001731143500}\Shell\open\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\driver.exe -- File not found
O33 - MountPoints2\{790b995b-15b2-11dc-936c-001731143500}\Shell - "" = AutoRun
O33 - MountPoints2\{b6693822-463d-11dd-b226-001731143500}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)

[color=orange]========== Files/Folders - Created Within 30 Days ==========/color

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/04 22:33:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rico\Application Data\Grisoft
[2009/05/04 22:33:21 | 00,000,849 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\AVG Anti-Spyware.lnk
[2009/05/04 22:33:14 | 00,010,872 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgAsCln.sys
[2009/05/04 22:33:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/05/04 22:33:09 | 00,000,000 | ---D | C] -- C:\Program Files\Grisoft
[2009/05/04 21:46:01 | 00,118,106 | ---- | C] () -- C:\Documents and Settings\Rico\Mes documents\cc_20090504_2145.reg
[2009/05/04 00:07:00 | 00,000,185 | ---- | C] () -- C:\Documents and Settings\Rico\Bureau\Virus sur mon puter.rtf
[2009/05/03 14:43:03 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Rico\Bureau\spybotsd162.exe
[2009/05/02 10:52:36 | 00,000,352 | ---- | C] () -- C:\Documents and Settings\Rico\Bureau\Samedi 02-05-09.rtf
[2009/05/02 10:23:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rico\Bureau\Sent 02-05-09
[2009/05/01 19:42:19 | 00,003,297 | ---- | C] () -- C:\Documents and Settings\Rico\Bureau\Childern of the revolution.rtf
[2009/05/01 13:07:26 | 00,020,164 | ---- | C] () -- C:\Documents and Settings\Rico\Bureau\FileZilla_3.2.4.1_win32-setup.exe
[2009/04/29 23:38:52 | 00,000,239 | ---- | C] () -- C:\Documents and Settings\Rico\Mes documents\Mail Comics Guy.rtf
[2009/04/29 18:31:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rico\Bureau\A envoyer mec Comics
[2009/04/28 18:00:21 | 00,000,297 | ---- | C] () -- C:\Documents and Settings\Rico\Bureau\Site à contacter.rtf
[2009/04/27 23:22:39 | 00,000,836 | ---- | C] () -- C:\Documents and Settings\Rico\Bureau\Taxe Info.rtf
[2009/04/27 14:41:33 | 00,005,120 | -HS- | C] () -- C:\Documents and Settings\Rico\Mes documents\Thumbs.db
[2009/04/26 19:10:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rico\Mes documents\³Ø½¼ Ç÷¯±×
[2009/04/26 18:56:55 | 00,001,497 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Combat Arms.lnk
[2009/04/26 18:54:42 | 00,000,000 | ---D | C] -- C:\Nexon
[2009/04/26 18:54:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/04/26 18:10:51 | 77,827,1398 | ---- | C] (Nexon) -- C:\Documents and Settings\Rico\Bureau\CombatArmsSetupV21.exe
[2009/04/26 18:10:12 | 00,000,595 | ---- | C] () -- C:\Documents and Settings\Rico\Mes documents\Games.rtf
[2009/04/26 18:06:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/04/26 18:05:37 | 00,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2009/04/25 02:01:44 | 00,002,680 | ---- | C] () -- C:\Documents and Settings\Rico\Bureau\A flanc de certitude Tab.rtf
[2009/04/25 01:22:53 | 15,395,960 | ---- | C] (W3i, LLC) -- C:\Documents and Settings\Rico\Bureau\flvplayer_setup.exe
[2009/04/25 01:20:50 | 00,000,000 | ---D | C] -- C:\Program Files\YouTUBE (TM) movie downloader
[2009/04/22 23:34:56 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/04/22 23:23:12 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/04/22 23:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/04/22 23:22:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2009/04/22 18:40:22 | 00,113,171 | ---- | C] () -- C:\Documents and Settings\Rico\Bureau\vistathemes.jpg
[2009/04/22 17:41:05 | 00,000,432 | ---- | C] () -- C:\Documents and Settings\Rico\Bureau\Freelance Australia.lnk
[2009/04/20 00:42:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rico\Mes documents\WORLI - West Of The Ranges Landcare Inc
[2009/04/16 12:50:11 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/04/16 12:50:11 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/04/09 12:14:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rico\Application Data\FileZilla
[2009/04/09 12:13:13 | 00,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2009/04/06 22:27:31 | 00,000,000 | ---D | C] -- C:\Program Files\Kraken
[2009/04/06 19:16:52 | 00,001,659 | ---- | C] () -- C:\Documents and Settings\Rico\Bureau\DOSBox 0.72.lnk
[2009/04/06 19:16:51 | 00,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.72
[2009/04/06 19:11:45 | 00,000,000 | ---D | C] -- C:\oldies
[2009/04/06 18:31:18 | 02,268,231 | ---- | C] () -- C:\Documents and Settings\Rico\Mes documents\Portfolio 2009.pdf
[2009/03/30 15:20:13 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2009/03/26 15:58:20 | 00,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/03/19 15:33:43 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/16 16:51:02 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/01/29 21:41:44 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/01/29 21:35:13 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDETX400ASIA.ini
[2008/11/06 22:12:16 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/07/08 13:41:26 | 00,000,008 | ---- | C] () -- C:\WINDOWS\save.ini
[2008/07/06 19:26:36 | 00,033,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2008/02/22 03:15:04 | 00,715,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/01/28 21:32:34 | 00,047,087 | ---- | C] () -- C:\WINDOWS\System32\drivers\Capt9150.sys
[2008/01/28 21:32:34 | 00,023,979 | ---- | C] () -- C:\WINDOWS\System32\drivers\Camd9150.sys
[2008/01/21 08:27:14 | 00,000,106 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/21 06:45:12 | 00,000,050 | ---- | C] () -- C:\WINDOWS\System32\PCRCVersion.ini
[2007/10/20 02:46:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OODCNT.INI
[2007/10/20 00:48:17 | 00,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc040c.dll
[2007/10/20 00:48:17 | 00,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc040c.dll
[2007/10/19 21:51:17 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/09/14 19:53:06 | 00,000,041 | ---- | C] () -- C:\WINDOWS\config.ini
[2007/08/27 06:19:56 | 00,000,761 | ---- | C] () -- C:\WINDOWS\m3jp2k.ini
[2007/08/27 06:19:56 | 00,000,714 | ---- | C] () -- C:\WINDOWS\m3jpeg.ini
[2007/08/27 06:19:56 | 00,000,702 | ---- | C] () -- C:\WINDOWS\mmtvmj.ini
[2007/08/27 06:19:53 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2007/08/27 06:19:51 | 00,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/08/24 08:13:10 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/08/24 08:13:10 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/08/24 08:13:10 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/08/24 08:01:44 | 00,000,343 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/08/15 10:47:45 | 00,003,875 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/06/19 10:28:37 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/03/20 08:46:38 | 00,000,163 | ---- | C] () -- C:\WINDOWS\Setup533.ini
[2007/03/20 08:31:46 | 00,002,204 | ---- | C] () -- C:\WINDOWS\System32\drivers\UNINST2K.SYS
[2007/03/20 08:31:46 | 00,001,225 | ---- | C] () -- C:\WINDOWS\SMSHELL.INI
[2007/03/20 08:31:43 | 00,004,231 | ---- | C] () -- C:\WINDOWS\System32\Dfusbpdr.ini
[2006/12/06 07:07:26 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/12/06 07:07:26 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/12/06 07:07:25 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/12/06 07:07:24 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/12/06 07:07:24 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/10/26 02:17:32 | 00,021,149 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/10/26 02:17:32 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2006/10/26 02:17:25 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/10/26 01:59:09 | 00,069,632 | ---- | C] () -- C:\WINDOWS\LC.dll
[2006/10/26 01:59:08 | 00,081,920 | ---- | C] () -- C:\WINDOWS\Calendar.dll
[2006/10/26 01:59:08 | 00,004,336 | ---- | C] () -- C:\WINDOWS\LClock.ini
[2006/10/26 01:59:08 | 00,003,166 | ---- | C] () -- C:\WINDOWS\Calendar.ini
[2006/10/26 01:59:08 | 00,000,182 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/10/26 01:59:08 | 00,000,002 | ---- | C] () -- C:\WINDOWS\Events.ini
[2005/10/10 23:49:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/10/10 23:49:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/10/10 23:49:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/10/10 23:49:00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/10/10 23:49:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/10/10 23:49:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/10/10 23:49:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/07/17 23:36:38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/29 02:00:00 | 00,009,484 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/08/29 02:00:00 | 00,000,462 | ---- | C] () -- C:\WINDOWS\win.ini
[1997/06/14 10:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

[color=orange]========== Files - Modified Within 30 Days ==========/color

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/05 00:31:21 | 19,259,424 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/05/04 22:33:21 | 00,000,849 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\AVG Anti-Spyware.lnk
[2009/05/04 21:46:08 | 00,118,106 | ---- | M] () -- C:\Documents and Settings\Rico\Mes documents\cc_20090504_2145.reg
[2009/05/04 10:28:24 | 00,358,381 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/05/04 10:28:22 | 00,039,291 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/04 10:27:45 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Rico\Local Settings\desktop.ini
[2009/05/04 10:27:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/04 10:27:35 | 01,174,833 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2009/05/04 00:07:12 | 00,227,504 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/05/04 00:07:00 | 00,000,185 | ---- | M] () -- C:\Documents and Settings\Rico\Bureau\Virus sur mon puter.rtf
[2009/05/03 14:16:54 | 00,003,297 | ---- | M] () -- C:\Documents and Settings\Rico\Bureau\Childern of the revolution.rtf
[2009/05/03 12:22:12 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Rico\Bureau\spybotsd162.exe
[2009/05/03 11:08:14 | 00,000,591 | ---- | M] () -- C:\Documents and Settings\Rico\Mes documents\Mes dossiers de partage.lnk
[2009/05/02 10:52:36 | 00,000,352 | ---- | M] () -- C:\Documents and Settings\Rico\Bureau\Samedi 02-05-09.rtf
[2009/05/02 09:44:35 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/01 13:24:04 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2009/05/01 13:07:31 | 00,020,164 | ---- | M] () -- C:\Documents and Settings\Rico\Bureau\FileZilla_3.2.4.1_win32-setup.exe
[2009/04/29 23:38:52 | 00,000,239 | ---- | M] () -- C:\Documents and Settings\Rico\Mes documents\Mail Comics Guy.rtf
[2009/04/29 11:15:45 | 00,000,836 | ---- | M] () -- C:\Documents and Settings\Rico\Bureau\Taxe Info.rtf
[2009/04/28 18:00:21 | 00,000,297 | ---- | M] () -- C:\Documents and Settings\Rico\Bureau\Site à contacter.rtf
[2009/04/27 20:58:44 | 00,002,680 | ---- | M] () -- C:\Documents and Settings\Rico\Bureau\A flanc de certitude Tab.rtf
[2009/04/27 14:41:35 | 00,005,120 | -HS- | M] () -- C:\Documents and Settings\Rico\Mes documents\Thumbs.db
[2009/04/27 14:23:20 | 00,009,484 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/27 14:23:20 | 00,000,462 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/27 14:23:20 | 00,000,212 | -HS- | M] () -- C:\boot.ini
[2009/04/27 13:40:57 | 00,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/26 18:56:55 | 00,001,497 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Combat Arms.lnk
[2009/04/26 18:42:48 | 77,827,1398 | ---- | M] (Nexon) -- C:\Documents and Settings\Rico\Bureau\CombatArmsSetupV21.exe
[2009/04/26 18:10:32 | 00,000,595 | ---- | M] () -- C:\Documents and Settings\Rico\Mes documents\Games.rtf
[2009/04/26 15:11:13 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/04/25 01:22:53 | 15,395,960 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\Rico\Bureau\flvplayer_setup.exe
[2009/04/22 23:36:26 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Rico\Mes documents\desktop.ini
[2009/04/22 18:40:22 | 00,113,171 | ---- | M] () -- C:\Documents and Settings\Rico\Bureau\vistathemes.jpg
[2009/04/22 17:41:13 | 00,000,432 | ---- | M] () -- C:\Documents and Settings\Rico\Bureau\Freelance Australia.lnk
[2009/04/16 12:50:11 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/04/06 19:16:52 | 00,001,659 | ---- | M] () -- C:\Documents and Settings\Rico\Bureau\DOSBox 0.72.lnk
[2009/04/06 18:31:18 | 02,268,231 | ---- | M] () -- C:\Documents and Settings\Rico\Mes documents\Portfolio 2009.pdf
[2009/04/06 16:31:25 | 00,001,380 | ---- | M] () -- C:\Documents and Settings\Rico\Bureau\calc.exe.lnk
[2009/04/06 14:25:28 | 00,000,250 | ---- | M] () -- C:\Documents and Settings\Rico\Application Data\default.rss
[2009/04/06 14:25:27 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[color=orange]========== LOP Check ==========/color

[2009/05/04 22:33:10 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/23 15:21:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2006/10/27 00:54:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2007/10/12 17:40:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/10/12 17:40:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/11/06 21:59:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2006/11/24 07:17:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/04/29 10:18:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008/11/11 23:28:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2008/07/31 21:39:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Emotum
[2009/01/29 21:40:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2007/07/13 02:51:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/04/26 14:13:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/05/04 22:33:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/11/06 21:49:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2007/10/20 00:48:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/05/04 21:20:49 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/03/26 15:48:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/04/26 19:10:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2007/08/26 19:18:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2009/04/26 18:10:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2007/06/13 02:30:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2007/11/11 23:14:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/01/21 19:19:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/07/31 19:45:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/01/29 21:46:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2006/10/26 02:33:01 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2006/10/26 01:58:46 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Application Data\Microsoft
[2006/10/26 02:04:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2006/10/26 01:58:46 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/10/26 02:04:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2006/10/26 01:58:46 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/05/04 22:33:29 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Rico\Application Data
[2007/08/16 18:51:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Acoustica
[2009/03/12 19:32:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Adobe
[2006/11/18 19:05:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\AdobeUM
[2009/03/19 15:33:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Ahead
[2007/10/15 05:54:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Apple Computer
[2007/06/19 02:22:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Azureus
[2008/03/27 22:35:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Canon
[2006/11/24 07:17:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\CyberLink
[2008/07/01 22:49:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\dvdcss
[2009/03/05 13:28:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\EPSON
[2009/05/01 14:04:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\FileZilla
[2008/04/01 07:39:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\FUJIFILM
[2009/01/17 10:36:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Google
[2009/05/04 22:33:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Grisoft
[2007/08/13 20:33:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Help
[2006/10/26 02:04:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Identities
[2009/01/29 21:41:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\InstallShield
[2009/05/04 21:20:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Lavasoft
[2008/10/22 19:41:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\LimeWire
[2008/11/06 21:53:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Macromedia
[2006/12/06 07:08:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Media Player Classic
[2009/03/30 15:24:11 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Rico\Application Data\Microsoft
[2009/01/15 23:23:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Mozilla
[2009/03/26 18:04:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Nero
[2009/03/26 20:10:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Netscape
[2007/09/08 09:16:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Opera
[2009/03/16 17:35:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Privacy components
[2008/08/08 19:49:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Real
[2008/06/06 09:05:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Search Settings
[2007/01/21 04:56:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\SecondLife
[2008/11/23 22:29:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Skype
[2007/08/13 20:08:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Sony Setup
[2006/12/28 04:17:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Sun
[2008/06/19 16:23:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\TaoUSign
[2008/07/31 22:01:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Telstra
[2008/06/27 18:18:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Thunderbird
[2007/07/03 07:47:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\vlc
[2009/05/03 11:19:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\vmntoolbar
[2007/09/14 19:49:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\WinRAR
[2009/03/28 12:28:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\YouSendIt
[2001/08/29 02:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/04/27 13:40:57 | 00,001,000 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2006/10/26 02:05:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[color=orange]========== Purity Check ==========/color

< End of report >

Ainsi le rapport Extras (je sais pas ce que c'est, OTListIt m'a fait 2 fichiers Txt):

OTListIt Extras logfile created on: 05/05/2009 00:34:08 - Run 1 <
0
Réponse 3 / 9
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

mes questions me permettraient de réagir efficacement en cas de coup dur et de prévenir les risques :

sauvegarde tes données. C'est une nécessité en soi. C'est une nécessité absolue dès lors que tu en as un usage professionnel.

2 infections visibles.

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau :

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.

==================

Ouvre ce lien (merci a S!RI pour ce programme). http://siri.urz.free.fr/Fix/SmitfraudFix.php
et télécharge SmitfraudFix.exe.

Regarde le tuto
Exécute le en choisissant l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.

===================

une vérif supplémentaire :

Télécharge UsbFix (de Chiquitine29) sur ton Bureau :
http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe

--> Lance l'installation avec les paramètres par défaut.

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

--> Clique droit sur le raccourci UsbFix sur ton Bureau et choisis Exécuter en tant qu'administrateur.

--> Le PC va redémarrer.

--> Après redémarrage, poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)

0
Rico Brisbane
 
Bonjour,

Je viens de faire les action réscrites par tes soins. Voici le 1er rapport (Toolbar-S&D):


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Rico ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
Firewall : ActiveArmor Firewall 1.0 (Not Activated)
C:\ (Local Disk) - NTFS - Total:19 Go (Free:5 Go)
D:\ (Local Disk) - NTFS - Total:133 Go (Free:50 Go)
E:\ (CD or DVD)
H:\ (USB)
I:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 05/05/2009|12:39 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\Dealio\kb127
Supprime! - C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\1px_dark.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\1px_green.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\1px_white.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\234x60storage-dropdownEN.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\4x4 Rally.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\a.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\add_en.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Air Dodge.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\air hockey.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\alias.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Alien.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Alpha Bravo Charlie.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\an.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\arrow_down.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\arrow_red.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\arrow_red2.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\arrow_up.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\autofill.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\avstate.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\b.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\background2.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Balloony.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Battle Tanks.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\bgmeteo_results.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\bg_300px.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\bg_cityweather.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\bg_games3.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\bg_games4.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\bg_pub.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\bg_story.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\bg_tblresults.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\bg_ttl.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Black Jack.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\bn.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\bomber bob.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Bowling.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\btn_close.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\btn_minus.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\btn_moreforecast.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Bubble Bobble The Revival.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\c.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\cn.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Connect 2.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Cowboy Bullet.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\cubeez.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\curve ball.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\d.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\dictionary.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\dn.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\dropdown.css
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\ErrorLog.txt
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\f.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\fish eat fish.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\flag_argentine.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\flag_australia.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\flag_brazil.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\flag_brazil.bmp132859
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\flag_canada.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\flag_china.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\flag_france.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\flag_germany.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\flag_greece.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\flag_hongkong.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\flag_india.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\flag_indonesia.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\flag_italy.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\flag_japan.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\flag_korea.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\flag_mexico.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\flag_netherlands.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\flag_spain.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\flag_sweeden.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\flag_taiwan.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\flag_uk.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\flag_usa.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Flashludo.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Fly plane.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Flyplane.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\fn.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\forest challenge 2.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\g.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\galaxians.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\games.js
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\games.xml
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\games1_5.cfg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\gamesmenu.html
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\game_placeholder.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\gaming.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\gn.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\gograph.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\gold diggers.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\graphred0.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\graphred0_5.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\graphred1.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\graphred1_5.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\graphred2.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\graphred2_5.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\graphred3.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\graphred3_5.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\graphred4.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\graphred4_5.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\graphred5.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\h.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\hideremove.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\highlight.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\hn.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Hungry Space.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\h_aquarius.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\h_aries.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\h_cancer.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\h_capricorn.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\h_gemini.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\h_leo.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\h_libra.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\h_pisces.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\h_sagittarius.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\h_scorpio.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\h_taurus.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\h_virgo.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\i.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\icotemp_placeholder.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\img_games1_5.cfg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\in.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\indiana jones.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\ipsearch.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\j.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\jn.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\k.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\keep ups 2.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\kn.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\l.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\ln.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\loading.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\login.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\logo.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\ma balls.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Memory Trial.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\micro tanks.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\mini nitros.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\mini pool 2.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\mini pool.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\mini putt 3.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\minipool2.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Muay Thai.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\n.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\naval gun.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\New York_NY_weather.txt
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\New York_NY_weather.txt1028750
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\New York_NY_weather.txt10839000
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\New York_NY_weather.txt22882171
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\New York_NY_weather.txt23030031
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\New York_NY_weather.txt769890
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\New York_NY_weather.txt806031
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\New York_NY_weather.txt8181718
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\new02.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\NewCfg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\news.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\news.html
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\nn.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\o.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Office Paintball v2.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\on.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\overlord.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\p.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Paris__weather.txt
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\pestscanimg.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\pig wars.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\pn.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\popup_off.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\popup_on.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\pubplaceholder.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\q.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\qn.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\r.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Raidenx.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\relatedlinks.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\report.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\rn.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\rss.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\rss.xsl
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\rss1.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\rsslib.js
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\rssmenu1_5b.zip
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\s.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\search_dictionnary.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\search_domain.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\search_ency.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\search_graphic.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\search_images.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\search_music.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\search_news.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\search_people.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\search_people.bmp33761140
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\search_products.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\search_software.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\search_stocks.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\search_video.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\security.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\show jumping.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Sinfo.txt
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Sinfo1.txt
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Sinfo10.txt
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Sinfo11.txt
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Sinfo12.txt
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Sinfo13.txt
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Sinfo14.txt
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Sinfo15.txt
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Sinfo16.txt
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Sinfo17.txt
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Sinfo18.txt
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Sinfo19.txt
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Sinfo2.txt
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Sinfo20.txt
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Sinfo3.txt
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Sinfo4.txt
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Sinfo5.txt
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Sinfo6.txt
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Sinfo7.txt
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Sinfo8.txt
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Sinfo9.txt
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\siteinfo.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\slider.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\sn.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Space explorer.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\spacer.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\stars-red1.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\stars-red2.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\stars-red3.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\stars-red4.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\stars-red5.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Stone Breaker.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\storage.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\sweet tooth.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\t.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\table tennis.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Tanks.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\tetris.JPG
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\thes_search.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\tn.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\tools.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\Tower Defence.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\toy cars.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\translate.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\u.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\un.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\upgrade.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\userbadsites.txt
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\v.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\virtual cop.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\vmlib.js
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\vmntoolbartb1403.cfg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\vmntoolbartb1500.cfg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\vmntoolbar_151.zip
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\vn.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\w.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\war games.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\web.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\wn.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\worm.jpg
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\x.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\xp_close_small.gif
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\yahoo.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\z.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\zn.bmp
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar\zoom.bmp
Supprime! - C:\Program Files\VMNToolbar\install.ico
Supprime! - C:\Program Files\VMNToolbar\toolbar.ini
Supprime! - C:\Program Files\VMNToolbar\uninstall.exe
Supprime! - C:\Program Files\VMNToolbar\vmntoolbar.dll
Supprime! - C:\Program Files\Dealio
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings
Supprime! - C:\DOCUME~1\Rico\APPLIC~1\VMNToolbar
Supprime! - C:\Program Files\VMNToolbar

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(Rico) - {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} => flashgot
(Rico) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Rico) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
(Rico) - {ecdee021-0d17-467f-a1ff-c7a115230949} => free-downloads.net


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?gws_rd=ssl"
"Search Page"="https://www.google.fr/?gws_rd=ssl"
"Start Page Restore"="http://media.telstra.com.au/home.html"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"


--------------------\\ Recherche d'autres infections

--------------------\\ ROGUES ..

C:\DOCUME~1\Rico\APPLIC~1\Privacy components




1 - "C:\ToolBar SD\TB_1.txt" - 05/05/2009|12:43 - Option : [2]

-----------\\ Fin du rapport a 12:43:10,75

Voici le rapport SmitFraudFix

SmitFraudFix v2.414

Rapport fait à 12:54:27,53, 05/05/2009
Executé à partir de D:\Utilitaires\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Windows NT\Accessoires\wordpad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\config.ini PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Rico


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Rico\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Rico\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Rico\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 10.0.0.138
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{02BA0B2C-DE7C-48A3-A9EF-A048BA003CF3}: DhcpNameServer=10.0.0.138 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{02BA0B2C-DE7C-48A3-A9EF-A048BA003CF3}: DhcpNameServer=10.0.0.138 192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{02BA0B2C-DE7C-48A3-A9EF-A048BA003CF3}: DhcpNameServer=10.0.0.138 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138 192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138 192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Je lance le scan USB pour les stockages externes et je colle le rapport dans un prochain post.

Eric
0
Rico Brisbane > Rico Brisbane
 
Voici le rapport USBFix:


############################## [ UsbFix V3.016 # Scan ]

# User : Rico (Utilisateurs) # RICO
# Update on 02/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 13:13:27 | 05/05/2009

# AMD Athlon(tm) 64 Processor 3000+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
# FW : ZoneAlarm Firewall[ Enabled ]7.0.483.000
# FW : ActiveArmor Firewall[ (!) Disabled ]1.0

# C:\ # Disque fixe local # 19,53 Go (5,44 Go free) # NTFS
# D:\ # Disque fixe local # 133,84 Go (50,97 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 485,42 Mo (136,31 Mo free) # FAT32
# G:\ # Disque fixe local # 153,38 Go (12,34 Go free) [HD Ext. 160Go] # NTFS
# H:\ # Disque amovible # 244,48 Mo (142,48 Mo free) [CANON_DC] # FAT
# I:\ # Disque amovible # 971,62 Mo (955,33 Mo free) # FAT
# J:\ # Disque amovible # 981,05 Mo (557,86 Mo free) [STORE'N'GO] # FAT32

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Windows NT\Accessoires\wordpad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="https://www.google.fr/?gws_rd=ssl"
HKCU_Main: "Start Page"="https://www.google.com/?gws_rd=ssl"
HKCU_Main: "Start Page Restore"="http://media.telstra.com.au/home.html"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Rico"
HKLM_logon: "AltDefaultUserName"="Rico"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: nTrayFw=C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM_Run: nwiz=nwiz.exe /install
HKLM_Run: NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
HKLM_Run: WinampAgent=C:\Program Files\Winamp\winampa.exe
HKLM_Run: OODefragTray=C:\WINDOWS\system32\oodtray.exe
HKLM_Run: KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
HKLM_Run: REGSHAVE=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
HKLM_Run: avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKLM_Run: ZoneAlarm Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM_Run: ANIWZCS2Service=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
HKLM_Run: !AVG Anti-Spyware="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: AlcoholAutomount="D:\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
HKCU_Run: EPSON Stylus TX400 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGP.EXE /FU "C:\WINDOWS\TEMP\E_S10D.tmp" /EF "HKCU"
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

################## [ Informations ]


################## [ Fichiers # Dossiers infectieux ]

Found ! C:\WINDOWS\system32\tmp.reg
Found ! C:\WINDOWS\system32\tmp.txt
Found ! F:\autorun.inf
Found ! I:\autorun.inf
J:\autorun.inf # -> fichier appelé : "J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\driver.exe" ( présent ! )
Found ! J:\autorun.inf

################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\{0129bc9a-7e72-11dc-b0bc-001731143500}\Shell\Auto\command
HKCU\Software\Microsoft\....\MountPoints2\{0129bc9a-7e72-11dc-b0bc-001731143500}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{5dfe5944-6446-11db-8b84-806d6172696f}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{69a8834f-3b77-11dd-b204-001731143500}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{69a8834f-3b77-11dd-b204-001731143500}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{790b995b-15b2-11dc-936c-001731143500}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{b6693822-463d-11dd-b226-001731143500}\Shell\AutoRun\command

################## [ ! Fin du rapport # UsbFix V3.016 ! ]

Merci pour ton aide, j'attends ton prochain message pour me dire quoi virer...

Cordialement

Rico
ps: j'ai inséré tous mes périphériques (mon HD externe, mon téléphone, ma clé USB, et mes 2 cartes mémoires bien qu'elles ne soient pas USB? Je sais pas trop si c'était utile?...)
0
Réponse 4 / 9
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

téléphone et carte mémoire pas nécessaire.

============

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau

# choisis l'option 2 ( Suppression )

# Ton bureau disparaitra et le pc redémarrera .

# Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

# Ensuite poste le rapport UsbFix.txt qui apparaitra avec le Bureau .

# Note : Le rapport UsbFix.txt est sauvegardé à la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

===================
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport,

Redémarre en mode normal,

copie/colle le rapport sauvegardé sur le forum

================================
Refais tourner OTListIt2 (Runscan) et poste le rapport.

Comment va l'ordi ?
0
Rico Brisbane
 
Bonjour,

Voici les 2 rapports

Rapport USBfix

USBfix


############################## [ UsbFix V3.016 # Cleaning ]

# User : Rico (Utilisateurs) # RICO
# Update on 02/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 16:10:11 | 05/05/2009

# AMD Athlon(tm) 64 Processor 3000+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
# FW : ZoneAlarm Firewall[ Enabled ]7.0.483.000
# FW : ActiveArmor Firewall[ (!) Disabled ]1.0

# C:\ # Disque fixe local # 19,53 Go (5,41 Go free) # NTFS
# D:\ # Disque fixe local # 133,84 Go (50,97 Go free) # NTFS
# E:\ # Disque CD-ROM
# G:\ # Disque fixe local # 153,38 Go (12,34 Go free) [HD Ext. 160Go] # NTFS
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque amovible # 981,05 Mo (557,86 Mo free) [STORE'N'GO] # FAT32

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe

################## [ Fichiers # Dossiers infectieux ]

Deleted ! C:\WINDOWS\system32\tmp.reg
Deleted ! C:\WINDOWS\system32\tmp.txt
J:\autorun.inf # -> fichier appelé : "J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\driver.exe" ( présent ! )
Deleted ! -> J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\driver.exe
Deleted ! J:\autorun.inf

################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{0129bc9a-7e72-11dc-b0bc-001731143500}\Shell\Auto\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{790b995b-15b2-11dc-936c-001731143500}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{b6693822-463d-11dd-b226-001731143500}\Shell\AutoRun\command

################## [ Listing des fichiers présent ]

[26/10/2006 02:21|--a------|1024] - C:\.rnd
[14/10/2008 21:03|--a------|0] - C:\AILog.txt
[26/10/2006 01:59|--a------|0] - C:\AUTOEXEC.BAT
[27/04/2009 14:23|---hs----|212] - C:\boot.ini
[29/08/2001 02:00|-rahs----|4952] - C:\Bootfont.bin
[26/10/2006 01:59|--a------|0] - C:\CONFIG.SYS
[06/11/2008 22:05|--a------|252] - C:\INSTALL.LOG
[26/10/2006 01:59|-rahs----|0] - C:\IO.SYS
[26/10/2006 01:59|-rahs----|0] - C:\MSDOS.SYS
[04/08/2004 10:38|-rahs----|47564] - C:\NTDETECT.COM
[04/08/2004 10:59|-rahs----|251712] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[05/05/2009 13:03|--a------|5703] - C:\rapport.txt
[17/08/2006 19:47|--ah-----|232] - C:\sqmdata00.sqm
[05/10/2008 10:36|--ah-----|268] - C:\sqmdata01.sqm
[01/03/2009 13:09|--ah-----|232] - C:\sqmdata02.sqm
[29/04/2008 09:56|--ah-----|268] - C:\sqmdata03.sqm
[29/04/2008 09:57|--ah-----|172] - C:\sqmdata04.sqm
[17/08/2006 19:47|--ah-----|244] - C:\sqmnoopt00.sqm
[05/10/2008 10:36|--ah-----|244] - C:\sqmnoopt01.sqm
[01/03/2009 13:09|--ah-----|244] - C:\sqmnoopt02.sqm
[29/04/2008 09:56|--ah-----|244] - C:\sqmnoopt03.sqm
[29/04/2008 09:57|--ah-----|172] - C:\sqmnoopt04.sqm
[05/05/2009 12:43|--a------|20663] - C:\TB.txt
[05/05/2009 16:11|--a------|4576] - C:\UsbFix.txt
[02/12/2008 21:05|--a------|8034] - D:\Aniv TAVERNE.sxw
[03/11/2008 20:19|--a------|17480] - D:\Anniversaires T.odt
[29/10/2007 21:16|--a------|401] - D:\R‚vision Moto.txt
[06/11/2006 21:07|--ahs----|9728] - D:\Thumbs.db
[02/12/2008 21:05|--a------|8034] - G:\Aniv TAVERNE.sxw
[03/11/2008 20:19|--a------|17480] - G:\Anniversaires T.odt
[04/03/2005 23:32|-rahs----|194] - G:\boot.ini
[28/08/2001 22:00|-rahs----|4952] - G:\Bootfont.bin
[18/11/2005 20:58|--a------|1775560] - G:\Certif'Vente Transalp.jpg
[02/11/2007 21:49|--a------|67584] - G:\Citations.doc
[15/03/2005 02:03|--a------|24576] - G:\Coordonn‚es potes MJM.doc
[03/11/2005 09:16|--a------|5111] - G:\data
[21/01/2006 18:17|--a------|394] - G:\Exemples Fonts.rtf
[17/07/2008 17:33|--a------|11264] - G:\Jeux Vid‚osong.doc
[10/12/2005 04:40|--a------|39] - G:\Lantz Family.txt
[29/08/2002 05:08|-rahs----|47580] - G:\NTDETECT.COM
[29/08/2002 09:05|-rahs----|235824] - G:\ntldr
[04/03/2005 22:33|--ahs----|120586240] - G:\PAGEFILE.SYS
[22/06/2004 04:43|--a------|0] - G:\PDVD_MediaDisc.PlayList
[29/10/2007 21:16|--a------|401] - G:\R‚vision Moto.txt
[05/12/2006 01:01|--ahs----|16384] - G:\Thumbs.db
[09/04/2009 16:46|--a------|1731002368] - G:\Windows Vista Cyp.iso
[19/04/2009 00:38|--a------|285184] - J:\Viva la Beats of Brazil.doc
[18/04/2009 21:24|--a------|511818] - J:\salsasong.pdf
[18/04/2009 23:36|---h-----|269312] - J:\~WRL0003.tmp
[21/04/2009 19:57|--a------|5930] - J:\issue21.html
[24/04/2009 13:11|--a------|3145183] - J:\Planche Cartes A4.jpg
[27/04/2009 11:42|--a------|25600] - J:\handout lesson.doc
[20/04/2009 16:40|--a------|532331] - J:\profstandards.pdf
[20/04/2009 10:19|--a------|30720] - J:\scenarios.doc
[26/04/2009 21:02|--a------|596992] - J:\finaltute.ppt
[26/04/2009 19:59|--a------|35840] - J:\McMillanch 12, 13 reporting.doc
[06/04/2009 13:09|--a------|250368] - J:\collated lecture slidesPresentation1.ppt

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# G:\autorun.inf -> Folder created by UsbFix.
# J:\autorun.inf -> Folder created by UsbFix.

################## [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! Fin du rapport # UsbFix V3.016 ! ]

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Rapport SmitFraudFix

SmitFraudFix v2.414

Rapport fait à 16:25:36,45, 05/05/2009
Executé à partir de D:\Utilitaires\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
...

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

Problème suppression C:\autorun.inf
C:\WINDOWS\config.ini supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Mon PC fonctione désormais parfaitement. Je te remercie beaucoup pour ton aide!
- Y a-t-il une dernière opération à faire ou est-ce propre désormais?

J'ai fais la même 1ere étape sur le PC de ma copine et idem au mien, à présent, internet ne rame plus, le processeur ne tourne plus plus qu'il ne faudrait et la mémoire n'est plus bouffée par une chose inconnue.
- Veux tu que je poste les rapports?
-Dois-je faire la même 2ème étape que sur mon PC (nettoyage, redémarrage en mode sans échec...).

Cordialement

Rico
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

pour savoir si "c'est propre", j'ai besoin d'un nouveau rapport de OTList2.

Il me semble que tout n'est pas parti.

==

Pour le PC de ta copine, garde les rapports. On verra après.

Dis moi juste si tu as fait tourner Toolbar S&D ('cest le premier outil qui soigne dans ce que je t'ai fait faire)
0
Rico Brisbane
 
Bonjour, voici le rapport OTList2

OTListIt logfile created on: 05/05/2009 18:24:55 - Run 2
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = D:\Downloadz
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

990,42 Mb Total Physical Memory | 524,48 Mb Available Physical Memory | 52,96% Memory free
2,33 Gb Paging File | 1,93 Gb Available in Paging File | 82,62% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 5,42 Gb Free Space | 27,74% Space Free | Partition Type: NTFS
Drive D: | 133,84 Gb Total Space | 50,97 Gb Free Space | 38,08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 981,05 Mb Total Space | 557,86 Mb Free Space | 56,86% Space Free | Partition Type: FAT32

Computer Name: RICO
Current User Name: Rico
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

[color=orange]========== Processes (SafeList) ==========/color

PRC - [2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2005/06/16 07:01:14 | 01,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/10/15 14:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/15 14:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2007/05/30 22:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
PRC - [2005/10/01 03:34:58 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
PRC - [2008/12/05 16:11:54 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
PRC - [2005/10/28 15:21:02 | 00,118,843 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2005/10/28 15:20:46 | 00,061,503 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2005/10/10 23:49:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2005/08/08 22:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
PRC - [2007/05/29 02:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2005/01/28 21:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2005/10/28 15:23:54 | 00,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2005/10/01 03:34:58 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
PRC - [2004/08/20 04:10:06 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2005/10/28 15:25:14 | 00,270,336 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
PRC - [2006/10/12 12:10:54 | 00,049,263 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
PRC - [2007/05/15 08:22:22 | 00,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2007/06/29 07:01:00 | 02,512,128 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodtray.exe
PRC - [2008/06/12 14:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008/07/09 09:05:20 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2005/10/19 18:19:08 | 00,049,152 | ---- | M] (Alpha Networks Inc.) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2009/01/17 10:32:25 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/10/12 12:10:54 | 00,241,775 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
PRC - [2007/01/19 21:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe
PRC - [2008/04/28 21:21:36 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2004/08/20 04:10:06 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/05/05 18:24:14 | 00,501,248 | ---- | M] (OldTimer Tools) -- D:\Downloadz\OTListIt2.exe

[color=orange]========== Win32 Services (SafeList) ==========/color

SRV - [2006/10/27 00:54:41 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2005/10/19 18:19:10 | 00,049,152 | ---- | M] (Alpha Networks Inc.) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService [Auto | Stopped])
SRV - [2008/10/15 14:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
SRV - [2008/10/15 14:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/05/30 22:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2005/10/28 15:23:54 | 00,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) [Auto | Running])
SRV - [2005/10/01 03:34:58 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface [Auto | Running])
SRV - [2009/03/24 12:05:30 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])
SRV - [2004/08/20 04:09:38 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Disabled | Stopped])
SRV - [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2004/08/20 01:09:32 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2008/12/05 16:11:54 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0 [Auto | Running])
SRV - [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2005/10/28 15:21:02 | 00,118,843 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp [Auto | Running])
SRV - [2005/10/28 15:20:46 | 00,061,503 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog [Auto | Running])
SRV - [2005/10/10 23:49:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/06/29 07:02:08 | 01,049,856 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag [Disabled | Stopped])
SRV - [2005/08/08 22:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2007/05/29 02:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])
SRV - [2005/01/28 21:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2007/01/19 21:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
SRV - [2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])

[color=orange]========== Driver Services (SafeList) ==========/color

DRV - [2007/12/20 00:43:44 | 00,068,672 | R--- | M] (2Wire, Inc.) -- C:\WINDOWS\system32\DRIVERS\2WirePCP.sys -- (2WIREPCP [On_Demand | Stopped])
DRV - [2005/03/09 23:53:00 | 00,043,008 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2005/11/09 15:44:48 | 00,024,288 | ---- | M] (Alpha Networks Inc.) -- C:\WINDOWS\system32\ANIO.SYS -- (ANIO [Auto | Running])
DRV - [2007/05/30 22:10:42 | 00,011,000 | ---- | M] () -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver [System | Running])
DRV - [2007/05/30 22:10:42 | 00,010,872 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys -- (AvgAsCln [System | Running])
DRV - [2007/02/27 15:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
DRV - [2008/05/20 16:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
DRV - [2008/11/26 07:27:55 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2002/10/21 20:37:16 | 00,515,803 | ---- | M] (Digital Camera) -- C:\WINDOWS\System32\Drivers\Ca533av.sys -- (Ca533av [Auto | Stopped])
DRV - [2005/01/08 01:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/12/09 18:48:40 | 04,123,136 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2007/07/19 15:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\DRIVERS\klif.sys -- (KLIF [System | Running])
DRV - [2004/08/13 12:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2005/10/10 23:49:00 | 03,530,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2005/09/29 11:08:10 | 00,098,816 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2005/07/29 19:11:02 | 00,034,048 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2005/07/29 19:11:04 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2008/07/06 19:26:36 | 00,033,952 | ---- | M] () -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32 [System | Running])
DRV - [2001/08/29 02:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/08 09:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/11/03 20:39:02 | 00,245,504 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\DRIVERS\Dr71WU.sys -- (RT73 [On_Demand | Stopped])
DRV - [2004/07/17 23:36:38 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/08/10 22:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
DRV - [2005/05/16 23:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2005/11/04 00:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02 [Boot | Running])
DRV - [2008/02/22 03:15:04 | 00,715,248 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2004/04/02 01:30:56 | 00,047,087 | ---- | M] () -- C:\WINDOWS\System32\Drivers\Capt9150.sys -- (SQTECH9150 [On_Demand | Stopped])
DRV - [2008/02/27 03:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
DRV - [2007/03/01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2001/08/18 06:49:10 | 00,026,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\DRIVERS\irstusb.sys -- (STIrUsb [On_Demand | Stopped])
DRV - [2004/08/04 08:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2002/07/25 20:19:48 | 00,010,986 | ---- | M] (USB BULK) -- C:\WINDOWS\System32\Drivers\Bulk533.sys -- (USBCamera [On_Demand | Stopped])
DRV - [2008/07/09 09:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [System | Running])

[color=orange]========== Standard Registry (SafeList) ==========/color


[color=orange]========== Internet Explorer ==========/color

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.iesearch.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page Restore =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://media.telstra.com.au/home.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=orange]========== FireFox ==========/color

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/?gws_rd=ssl"
FF - prefs.js..extensions.enabledItems: fr-FR@dictionaries.addons.mozilla.org:2.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.3
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.8.5
FF - prefs.js..extensions.enabledItems: {ecdee021-0d17-467f-a1ff-c7a115230949}:1.5.41.0
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "https://search.yahoo.com/web?fr=vmn"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2008/04/28 21:21:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2008/04/28 21:21:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2009/04/01 19:31:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS [2009/04/01 19:31:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.3.0\Extensions\\Components: C:\PROGRAM FILES\NETSCAPE\NETSCAPE BROWSER\COMPONENTS [2009/04/01 19:31:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.3.0\Extensions\\Plugins: C:\PROGRAM FILES\NETSCAPE\NETSCAPE BROWSER\PLUGINS [2009/04/01 19:31:48 | 00,000,000 | ---D | M]

[2009/01/15 23:23:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\mozilla\Extensions
[2009/01/15 23:23:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/05 12:55:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\mozilla\Firefox\Profiles\gk0x9401.default\extensions
[2009/04/16 10:33:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\mozilla\Firefox\Profiles\gk0x9401.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2008/12/10 19:11:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\mozilla\Firefox\Profiles\gk0x9401.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/16 10:33:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\mozilla\Firefox\Profiles\gk0x9401.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008/06/22 15:20:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\mozilla\Firefox\Profiles\gk0x9401.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
[2009/01/25 08:31:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\mozilla\Firefox\Profiles\gk0x9401.default\extensions\fr-FR@dictionaries.addons.mozilla.org
[2009/05/05 12:55:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2006/10/26 18:15:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/04/28 21:21:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/06/13 02:30:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008/04/28 21:21:36 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2008/04/28 21:21:36 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2006/09/10 21:35:08 | 00,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2008/09/28 17:10:26 | 00,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2008/04/16 14:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2006/09/10 21:35:08 | 00,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2008/03/29 23:59:44 | 00,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2006/09/13 04:49:04 | 00,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: (192942 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 6832 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized (GRISOFT s.r.o.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)
O4 - HKCU..\Run: [AlcoholAutomount] "D:\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (Alcohol Soft Development Team)
O4 - HKCU..\Run: [EPSON Stylus TX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGP.EXE /FU "C:\WINDOWS\TEMP\E_S10D.tmp" /EF "HKCU" (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Rico\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Rico\Menu Démarrer\Programmes\Démarrage\MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 64
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O15 - HKLM\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 30 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/26 01:59:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/05 16:26:48 | 00,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/05/05 16:11:51 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/05/05 16:11:54 | 00,000,000 | RHSD | M] - J:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)

[color=orange]========== Files/Folders - Created Within 30 Days ==========/color

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/05 16:26:49 | 00,003,740 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/05/05 16:15:54 | 00,010,351 | ---- | C] () -- C:\Documents and Settings\Rico\Bureau\Derniers Rapports.rtf
[2009/05/05 16:11:51 | 00,000,000 | ---D | C] -- C:\autorun.inf
[2009/05/05 13:10:39 | 00,001,346 | ---- | C] () -- C:\Documents and Settings\Rico\Bureau\UsbFix V3.016.lnk
[2009/05/05 13:10:36 | 00,000,000 | ---D | C] -- C:\UsbFix
[2009/05/05 13:08:42 | 00,724,040 | ---- | C] () -- C:\Documents and Settings\Rico\Bureau\UsbFix.exe
[2009/05/05 12:53:29 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2009/05/05 12:53:29 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/05/05 12:53:29 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/05/05 12:53:29 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2009/05/05 12:53:29 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009/05/05 12:53:29 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/05/05 12:53:29 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/05/05 12:53:29 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/05/05 12:53:29 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/05/05 12:53:29 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/05/05 12:53:29 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/05/05 12:53:29 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/05/05 12:53:29 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009/05/05 12:53:29 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/05/05 10:46:25 | 00,000,000 | ---D | C] -- C:\$WINDOWS.~BT
[2009/05/05 10:44:30 | 00,001,905 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2009/05/05 10:44:30 | 00,001,905 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2009/05/05 09:45:52 | 00,000,000 | ---D | C] -- C:\ToolBar SD
[2009/05/04 22:33:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rico\Application Data\Grisoft
[2009/05/04 22:33:21 | 00,000,849 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\AVG Anti-Spyware.lnk
[2009/05/04 22:33:14 | 00,010,872 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgAsCln.sys
[2009/05/04 22:33:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/05/04 22:33:09 | 00,000,000 | ---D | C] -- C:\Program Files\Grisoft
[2009/05/04 21:46:01 | 00,118,106 | ---- | C] () -- C:\Documents and Settings\Rico\Mes documents\cc_20090504_2145.reg
[2009/05/04 00:07:00 | 00,003,103 | ---- | C] () -- C:\Documents and Settings\Rico\Bureau\Virus sur mon puter.rtf
[2009/05/03 14:43:03 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Rico\Bureau\spybotsd162.exe
[2009/05/02 10:23:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rico\Bureau\Sent 02-05-09
[2009/05/01 13:07:26 | 00,020,164 | ---- | C] () -- C:\Documents and Settings\Rico\Bureau\FileZilla_3.2.4.1_win32-setup.exe
[2009/04/29 23:38:52 | 00,000,239 | ---- | C] () -- C:\Documents and Settings\Rico\Mes documents\Mail Comics Guy.rtf
[2009/04/29 18:31:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rico\Bureau\A envoyer mec Comics
[2009/04/28 18:00:21 | 00,000,297 | ---- | C] () -- C:\Documents and Settings\Rico\Bureau\Site à contacter.rtf
[2009/04/27 14:41:33 | 00,005,120 | -HS- | C] () -- C:\Documents and Settings\Rico\Mes documents\Thumbs.db
[2009/04/26 19:10:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rico\Mes documents\³Ø½¼ Ç÷¯±×
[2009/04/26 18:56:55 | 00,001,497 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Combat Arms.lnk
[2009/04/26 18:54:42 | 00,000,000 | ---D | C] -- C:\Nexon
[2009/04/26 18:54:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/04/26 18:10:51 | 77,827,1398 | ---- | C] (Nexon) -- C:\Documents and Settings\Rico\Bureau\CombatArmsSetupV21.exe
[2009/04/26 18:10:12 | 00,000,595 | ---- | C] () -- C:\Documents and Settings\Rico\Mes documents\Games.rtf
[2009/04/26 18:06:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/04/26 18:05:37 | 00,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2009/04/25 01:22:53 | 15,395,960 | ---- | C] (W3i, LLC) -- C:\Documents and Settings\Rico\Bureau\flvplayer_setup.exe
[2009/04/25 01:20:50 | 00,000,000 | ---D | C] -- C:\Program Files\YouTUBE (TM) movie downloader
[2009/04/22 23:34:56 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/04/22 23:23:12 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/04/22 23:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/04/22 23:22:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2009/04/22 17:41:05 | 00,000,432 | ---- | C] () -- C:\Documents and Settings\Rico\Bureau\Freelance Australia.lnk
[2009/04/20 00:42:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rico\Mes documents\WORLI - West Of The Ranges Landcare Inc
[2009/04/16 12:50:11 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/04/16 12:50:11 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/04/09 12:14:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rico\Application Data\FileZilla
[2009/04/09 12:13:13 | 00,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2009/04/06 22:27:31 | 00,000,000 | ---D | C] -- C:\Program Files\Kraken
[2009/04/06 19:16:52 | 00,001,659 | ---- | C] () -- C:\Documents and Settings\Rico\Bureau\DOSBox 0.72.lnk
[2009/04/06 19:16:51 | 00,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.72
[2009/04/06 19:11:45 | 00,000,000 | ---D | C] -- C:\oldies
[2009/04/06 18:31:18 | 02,268,231 | ---- | C] () -- C:\Documents and Settings\Rico\Mes documents\Portfolio 2009.pdf
[2009/03/30 15:20:13 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2009/03/26 15:58:20 | 00,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/03/19 15:33:43 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/16 16:51:02 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/01/29 21:41:44 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/01/29 21:35:13 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDETX400ASIA.ini
[2008/11/06 22:12:16 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/07/08 13:41:26 | 00,000,008 | ---- | C] () -- C:\WINDOWS\save.ini
[2008/07/06 19:26:36 | 00,033,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2008/02/22 03:15:04 | 00,715,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/01/28 21:32:34 | 00,047,087 | ---- | C] () -- C:\WINDOWS\System32\drivers\Capt9150.sys
[2008/01/28 21:32:34 | 00,023,979 | ---- | C] () -- C:\WINDOWS\System32\drivers\Camd9150.sys
[2008/01/21 08:27:14 | 00,000,106 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/21 06:45:12 | 00,000,050 | ---- | C] () -- C:\WINDOWS\System32\PCRCVersion.ini
[2007/10/20 02:46:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OODCNT.INI
[2007/10/20 00:48:17 | 00,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc040c.dll
[2007/10/20 00:48:17 | 00,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc040c.dll
[2007/10/19 21:51:17 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/08/27 06:19:56 | 00,000,761 | ---- | C] () -- C:\WINDOWS\m3jp2k.ini
[2007/08/27 06:19:56 | 00,000,714 | ---- | C] () -- C:\WINDOWS\m3jpeg.ini
[2007/08/27 06:19:56 | 00,000,702 | ---- | C] () -- C:\WINDOWS\mmtvmj.ini
[2007/08/27 06:19:53 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2007/08/27 06:19:51 | 00,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/08/24 08:13:10 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/08/24 08:13:10 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/08/24 08:13:10 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/08/24 08:01:44 | 00,000,343 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/08/15 10:47:45 | 00,003,875 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/06/19 10:28:37 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/03/20 08:46:38 | 00,000,163 | ---- | C] () -- C:\WINDOWS\Setup533.ini
[2007/03/20 08:31:46 | 00,002,204 | ---- | C] () -- C:\WINDOWS\System32\drivers\UNINST2K.SYS
[2007/03/20 08:31:46 | 00,001,225 | ---- | C] () -- C:\WINDOWS\SMSHELL.INI
[2007/03/20 08:31:43 | 00,004,231 | ---- | C] () -- C:\WINDOWS\System32\Dfusbpdr.ini
[2006/12/06 07:07:26 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/12/06 07:07:26 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/12/06 07:07:25 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/12/06 07:07:24 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/12/06 07:07:24 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/10/26 02:17:32 | 00,021,149 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/10/26 02:17:32 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2006/10/26 02:17:25 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/10/26 01:59:09 | 00,069,632 | ---- | C] () -- C:\WINDOWS\LC.dll
[2006/10/26 01:59:08 | 00,081,920 | ---- | C] () -- C:\WINDOWS\Calendar.dll
[2006/10/26 01:59:08 | 00,004,336 | ---- | C] () -- C:\WINDOWS\LClock.ini
[2006/10/26 01:59:08 | 00,003,166 | ---- | C] () -- C:\WINDOWS\Calendar.ini
[2006/10/26 01:59:08 | 00,000,182 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/10/26 01:59:08 | 00,000,002 | ---- | C] () -- C:\WINDOWS\Events.ini
[2005/10/10 23:49:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/10/10 23:49:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/10/10 23:49:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/10/10 23:49:00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/10/10 23:49:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/10/10 23:49:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/10/10 23:49:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/07/17 23:36:38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/29 02:00:00 | 00,009,484 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/08/29 02:00:00 | 00,000,462 | ---- | C] () -- C:\WINDOWS\win.ini
[1997/06/14 10:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

[color=orange]========== Files - Modified Within 30 Days ==========/color

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/05 18:24:33 | 19,978,272 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/05/05 17:33:40 | 00,000,573 | ---- | M] () -- C:\Documents and Settings\Rico\Mes documents\Mes dossiers de partage.lnk
[2009/05/05 16:58:16 | 00,010,351 | ---- | M] () -- C:\Documents and Settings\Rico\Bureau\Derniers Rapports.rtf
[2009/05/05 16:30:50 | 00,039,291 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/05 16:30:49 | 00,358,381 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/05/05 16:29:56 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Rico\Local Settings\desktop.ini
[2009/05/05 16:29:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/05 16:29:46 | 01,181,218 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2009/05/05 16:26:49 | 00,003,740 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/05/05 16:22:58 | 00,238,016 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/05/05 13:10:39 | 00,001,346 | ---- | M] () -- C:\Documents and Settings\Rico\Bureau\UsbFix V3.016.lnk
[2009/05/05 13:08:58 | 00,724,040 | ---- | M] () -- C:\Documents and Settings\Rico\Bureau\UsbFix.exe
[2009/05/05 13:03:50 | 00,003,103 | ---- | M] () -- C:\Documents and Settings\Rico\Bureau\Virus sur mon puter.rtf
[2009/05/05 10:49:08 | 00,001,905 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2009/05/05 10:49:08 | 00,001,905 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2009/05/04 22:33:21 | 00,000,849 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\AVG Anti-Spyware.lnk
[2009/05/04 21:46:08 | 00,118,106 | ---- | M] () -- C:\Documents and Settings\Rico\Mes documents\cc_20090504_2145.reg
[2009/05/03 12:22:12 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Rico\Bureau\spybotsd162.exe
[2009/05/02 09:44:35 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/01 13:24:04 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2009/05/01 13:07:31 | 00,020,164 | ---- | M] () -- C:\Documents and Settings\Rico\Bureau\FileZilla_3.2.4.1_win32-setup.exe
[2009/04/30 01:36:37 | 00,075,776 | ---- | M] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/04/29 23:38:52 | 00,000,239 | ---- | M] () -- C:\Documents and Settings\Rico\Mes documents\Mail Comics Guy.rtf
[2009/04/28 18:00:21 | 00,000,297 | ---- | M] () -- C:\Documents and Settings\Rico\Bureau\Site à contacter.rtf
[2009/04/27 14:41:35 | 00,005,120 | -HS- | M] () -- C:\Documents and Settings\Rico\Mes documents\Thumbs.db
[2009/04/27 14:23:20 | 00,009,484 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/27 14:23:20 | 00,000,462 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/27 14:23:20 | 00,000,212 | -HS- | M] () -- C:\boot.ini
[2009/04/27 13:40:57 | 00,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/26 18:56:55 | 00,001,497 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Combat Arms.lnk
[2009/04/26 18:42:48 | 77,827,1398 | ---- | M] (Nexon) -- C:\Documents and Settings\Rico\Bureau\CombatArmsSetupV21.exe
[2009/04/26 18:10:32 | 00,000,595 | ---- | M] () -- C:\Documents and Settings\Rico\Mes documents\Games.rtf
[2009/04/26 15:11:13 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/04/25 01:22:53 | 15,395,960 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\Rico\Bureau\flvplayer_setup.exe
[2009/04/22 23:36:26 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Rico\Mes documents\desktop.ini
[2009/04/22 17:41:13 | 00,000,432 | ---- | M] () -- C:\Documents and Settings\Rico\Bureau\Freelance Australia.lnk
[2009/04/16 12:50:11 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/04/06 19:16:52 | 00,001,659 | ---- | M] () -- C:\Documents and Settings\Rico\Bureau\DOSBox 0.72.lnk
[2009/04/06 18:31:18 | 02,268,231 | ---- | M] () -- C:\Documents and Settings\Rico\Mes documents\Portfolio 2009.pdf
[2009/04/06 16:31:25 | 00,001,380 | ---- | M] () -- C:\Documents and Settings\Rico\Bureau\calc.exe.lnk
[2009/04/06 14:25:28 | 00,000,250 | ---- | M] () -- C:\Documents and Settings\Rico\Application Data\default.rss
[2009/04/06 14:25:27 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[color=orange]========== LOP Check ==========/color

[2009/05/04 22:33:10 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/23 15:21:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2006/10/27 00:54:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2007/10/12 17:40:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/10/12 17:40:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/11/06 21:59:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2006/11/24 07:17:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/04/29 10:18:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008/11/11 23:28:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2008/07/31 21:39:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Emotum
[2009/01/29 21:40:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2007/07/13 02:51:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/04/26 14:13:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/05/04 22:33:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/11/06 21:49:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2007/10/20 00:48:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/05/04 21:20:49 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/03/26 15:48:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/04/26 19:10:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2007/08/26 19:18:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2009/04/26 18:10:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2007/06/13 02:30:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2007/11/11 23:14:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/01/21 19:19:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/07/31 19:45:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/01/29 21:46:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/05/05 16:26:49 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Rico\Application Data
[2007/08/16 18:51:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Acoustica
[2009/03/12 19:32:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Adobe
[2006/11/18 19:05:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\AdobeUM
[2009/03/19 15:33:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Ahead
[2007/10/15 05:54:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Apple Computer
[2007/06/19 02:22:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Azureus
[2008/03/27 22:35:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Canon
[2006/11/24 07:17:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\CyberLink
[2008/07/01 22:49:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\dvdcss
[2009/03/05 13:28:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\EPSON
[2009/05/01 14:04:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\FileZilla
[2008/04/01 07:39:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\FUJIFILM
[2009/01/17 10:36:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Google
[2009/05/04 22:33:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Grisoft
[2007/08/13 20:33:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Help
[2006/10/26 02:04:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Identities
[2009/01/29 21:41:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\InstallShield
[2009/05/04 21:20:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Lavasoft
[2008/10/22 19:41:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\LimeWire
[2008/11/06 21:53:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Macromedia
[2006/12/06 07:08:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Media Player Classic
[2009/03/30 15:24:11 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Rico\Application Data\Microsoft
[2009/01/15 23:23:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Mozilla
[2009/03/26 18:04:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Nero
[2009/03/26 20:10:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Netscape
[2007/09/08 09:16:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Opera
[2009/03/16 17:35:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Privacy components
[2008/08/08 19:49:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Real
[2007/01/21 04:56:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\SecondLife
[2008/11/23 22:29:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Skype
[2007/08/13 20:08:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Sony Setup
[2006/12/28 04:17:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Sun
[2008/06/19 16:23:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\TaoUSign
[2008/07/31 22:01:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Telstra
[2008/06/27 18:18:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\Thunderbird
[2007/07/03 07:47:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\vlc
[2007/09/14 19:49:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\WinRAR
[2009/03/28 12:28:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rico\Application Data\YouSendIt
[2001/08/29 02:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/04/27 13:40:57 | 00,001,000 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2006/10/26 02:05:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[color=orange]========== Purity Check ==========/color

< End of report >

et voici le rapport ToolBar que je viens de lancer ( -> 2- suppression)

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Rico ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
Firewall : ActiveArmor Firewall 1.0 (Not Activated)
C:\ (Local Disk) - NTFS - Total:19 Go (Free:5 Go)
D:\ (Local Disk) - NTFS - Total:133 Go (Free:50 Go)
E:\ (CD or DVD)
H:\ (USB)
I:\ (USB)
J:\ (USB) - FAT32 - Total:981 Mo (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 05/05/2009|18:50 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(Rico) - {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} => flashgot
(Rico) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Rico) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
(Rico) - {ecdee021-0d17-467f-a1ff-c7a115230949} => free-downloads.net


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page Restore"="http://media.telstra.com.au/home.html"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr/"
"Local Page"="C:\\windows\\system32\\blank.htm"
0
Réponse 6 / 9
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

2) Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau à partir de ce lien :

https://download.cnet.com/Malwarebytes/3000-8022_4-10804572.html

3) A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

4) Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

5) Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

6) MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :

7) Dans l'onglet analyse, vérifie que "Exécuter une analyse rapide" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

10) Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

11) MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

12) Ferme MBAM en cliquant sur Quitter.

13) Poste le rapport dans ta réponse
0
Rico Brisbane
 
Bonjour,



Je viens de finir le nettoyage avec MBAM dont voici le rapport:

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2079
Windows 5.1.2600 Service Pack 2

06/05/2009 11:57:24
mbam-log-2009-05-06 (11-57-24).txt

Type de recherche: Examen complet (C:\|D:\|F:\|G:\|J:\|)
Eléments examinés: 242698
Temps écoulé: 2 hour(s), 54 minute(s), 32 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 13

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\spbho.tiebho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\oreans32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\oreans32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\oreans32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\kernelexe (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dot1XCfg (Trojan.Downloader) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.starsdoor.com (Backdoor.Bot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www.iesearch.com/) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rico\Application Data\Privacy components (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rico\Application Data\Privacy components\dbases (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rico\Application Data\Privacy components\keys (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rico\Application Data\Privacy components\temp (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\oreans32.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rico\Application Data\Privacy components\dbases\cg.dat (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rico\Application Data\Privacy components\dbases\mw.dat (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rico\Application Data\Privacy components\dbases\rd.dat (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rico\Application Data\Privacy components\dbases\sc.dat (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rico\Application Data\Privacy components\dbases\sm.dat (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rico\Application Data\Privacy components\dbases\sp.dat (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rico\Application Data\Privacy components\keys\cg.key (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rico\Application Data\Privacy components\keys\rd.key (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rico\Application Data\Privacy components\keys\sc.key (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rico\Application Data\Privacy components\keys\sp.key (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rico\Application Data\Privacy components\temp\settings.ini (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rico\Application Data\Privacy components\temp\spfilter (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.


Une question au passage: le genre d'infection dont nous avons été la cible font elles que nous devions changer tous nos mots de passes (compte de messagerie, ebay, banque...)?

Merci pour ton aide!

Rico
0
Réponse 7 / 9
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

un rogue et une toolbar infectée ne me semblent pas faire courir de risques de ce côté la.

Comment se comporte ton ordi ?

Si il va bien, on va désinfecter l'autre (et on finira ensemble les dernières opérations).

Envoie moi le rapport d'OTList2
0
Rico
 
Bonjour! :D

En effet, mon PC est content,jele sent bequcoup plus detendu du processeur... Celui de ma copine c'est moin sur/ Voici donc le rappt OTList2 de ce dernier:

OTListIt Extras logfile created on: 7/05/2009 8:38:02 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\Ellen Gibbs\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

446.48 Mb Total Physical Memory | 123.85 Mb Available Physical Memory | 27.74% Memory free
1.03 Gb Paging File | 0.65 Gb Available in Paging File | 63.38% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.83 Gb Total Space | 77.60 Gb Free Space | 33.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 971.63 Mb Total Space | 967.66 Mb Free Space | 99.59% Space Free | Partition Type: FAT

Computer Name: BLACKY
Current User Name: Ellen Gibbs
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

[color=orange]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

[color=orange]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

[color=orange]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2007/06/28 09:14:36 | 15,330,616 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008/09/19 04:50:21 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2007/05/28 14:52:54 | 23,458,344 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

[color=orange]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202)
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76BB7B2D-748F-4AE9-89C3-78C051833EA1}" = OpenOffice.org 2.0
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}" = iTunes
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{CF67CB0E-6E9A-49AA-805E-D7ABD15E4FCA}" = WP-S1 PCSync
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"ATI Display Driver" = ATI Display Driver
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"Creative Media Lite" = Creative Media Lite
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200_SX400_TX200_TX400 User’s Guide" = EPSON Stylus SX200_SX400_TX200_TX400 Manual
"EPSON Stylus TX400 Series" = EPSON Stylus TX400 Series Printer Uninstall
"FASIK56" = BigPond ADSL SIK 5.6 Files
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder Toolbar3.02" = Freecorder Toolbar 3.02 Application
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"LimeWire" = LimeWire 4.18.8
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pcsx2_is1" = Pcsx2 0.9.4 Watermoose
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"The French Tutorial Personal Edition" = The French Tutorial Personal Edition
"Unlocker" = Unlocker 1.8.7
"Westnet Internet Easy Online Signup" = Westnet Internet Easy Online Signup 3.0
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

[color=orange]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 4/05/2009 7:40:35 AM | Computer Name = BLACKY | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/05/2009 12:25:13 PM | Computer Name = BLACKY | Source = ESENT | ID = 489
Description = wuauclt (1116) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 4/05/2009 12:25:30 PM | Computer Name = BLACKY | Source = ESENT | ID = 455
Description = wuaueng.dll (1116) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 4/05/2009 12:25:44 PM | Computer Name = BLACKY | Source = ESENT | ID = 489
Description = wuauclt (1116) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 4/05/2009 12:25:49 PM | Computer Name = BLACKY | Source = ESENT | ID = 455
Description = wuaueng.dll (1116) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 4/05/2009 12:39:49 PM | Computer Name = BLACKY | Source = ESENT | ID = 489
Description = wuauclt (1608) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 4/05/2009 12:39:56 PM | Computer Name = BLACKY | Source = ESENT | ID = 455
Description = wuaueng.dll (1608) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 4/05/2009 12:40:11 PM | Computer Name = BLACKY | Source = ESENT | ID = 489
Description = wuauclt (1608) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 4/05/2009 12:40:16 PM | Computer Name = BLACKY | Source = ESENT | ID = 455
Description = wuaueng.dll (1608) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 4/05/2009 11:59:33 PM | Computer Name = BLACKY | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp2\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 5/05/2009 7:53:08 AM | Computer Name = BLACKY | Source = PSched | ID = 14103
Description = QoS [Adapter {320DA134-58E7-43B1-A72D-199BCB4166F0}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 5/05/2009 11:08:26 PM | Computer Name = BLACKY | Source = PSched | ID = 14103
Description = QoS [Adapter {320DA134-58E7-43B1-A72D-199BCB4166F0}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 6/05/2009 12:43:56 AM | Computer Name = BLACKY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service usnjsvc with
arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 6/05/2009 12:44:09 AM | Computer Name = BLACKY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service usnjsvc with
arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 6/05/2009 12:44:20 AM | Computer Name = BLACKY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service usnjsvc with
arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 6/05/2009 12:44:31 AM | Computer Name = BLACKY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service usnjsvc with
arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 6/05/2009 4:16:48 AM | Computer Name = BLACKY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service usnjsvc with
arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 6/05/2009 4:17:02 AM | Computer Name = BLACKY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service usnjsvc with
arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 6/05/2009 4:17:12 AM | Computer Name = BLACKY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service usnjsvc with
arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Error - 6/05/2009 4:17:23 AM | Computer Name = BLACKY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service usnjsvc with
arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}


< End of report >
0
Réponse 8 / 9
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

désolé, c'est l'autre rapport qu'il me faut en priorité.

0
Rico Brsibane
 
Bonjour,

Comme un âne, j'attendais une réponse de ta part alors que je n'avais pas moi même posé ma question:

Quel est le rapport faut il que je poste maintenant? Celui de mon 1er PC histoire de voire si c'est bien propre avant de passer au 2ème PC...

Bon, voila, pardon d'avoir mis plusieurs jours avant de répondre...

A+

Rico
0
Réponse 9 / 9
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

on peut entamer la désinfection de l'ordi de ta copine.

Mais me faut "l'autre" rapport de OTListIt de son ordi.
0