Problème avec le fichier schost

namio -  
 namio -
Qui peut me venir en aide pour la réinstallation de ce fichier ?

33 réponses

  • 1
  • 2
  1. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 711
     
    Salut,

    Quels sont les prb ?
    0
  2. namio
     
    Bonjour et merci de m'aider,

    J'ai déjà fait pas mal de manip voir tous mes messages précedents sous le pseudo namio à propos d'un trojan. La personne qui m'aidait ne me réponds plus depuis quelques jours et je suis tjs bloqué.
    Dans les derniers messages je tentais de réinstaller le fichier svchost .exe puisque le problème venait de là apparament.

    Peux tu m'aider ?
    0
  3. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 711
     
    OK...
    \o/ : https://forums.commentcamarche.net/forum/affich-19575461-trojan-xps-js-win-32?page=3#64

    A priori t'as remis svchost.exe

    Sinon le PC fait que de planter, c'est ça ?

    Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/

    * Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

    * Lance OTL
    * Sous Peronnalisation, copie-colle ce qu'il y a dans le cadre ci-dessous :
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    /md5stop
    CREATERESTOREPOINT
    * Clique sur le bouton Analyse.
    * Quand le scan est fini, utilise le site http://www.cijoint.fr/ pour me donner les deux rapports : OTL.Txt et Extras.Txt.
    0
  4. namio
     
    Je ne pense pas l'avoir remis car je ne le trouve dans system 32.
    0
    1. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 711
       
      OK, sur les rapports il est là : C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
      Tu peux le recopier dans C:\Windows\system32 ?

      Menu Démarrer / executer et tape : sfc /scannow et OK, ça marche ça ?
      0

  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. namio
     
    Suite à cette manip , il m'a ouvert une fenête intitulé Protection de ficihers windows.

    Visiblement il vérifie que ts les ficihers windows protégés sont intacts dans leur version originales. Je patiente......................
    0
  7. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 711
     
    yep c'est ça, tiens nous au jus où essaye de le copier manuellement.
    0
  8. namio
     
    je te poste le rapport tout de suite !
    0
  9. namio
     
    le rapport OLT :

    http://www.cijoint.fr/cjlink.php?file=cj201011/cijyaYoAQY.txt
    0
  10. namio
     
    le rapport Extra txt :

    http://www.cijoint.fr/cjlink.php?file=cj201011/cijJiEiC48.txt
    0
  12. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 711
     
    * Telecharge:: http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/
    -> http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/

    * dezippe le , Lance l'épée , executer en tant qu'administrateur sous vista

    Dans le cadre , sous Input Script here , copie_colle le contenu du cadre ci dessous et clic execute:

    begin copying here:
    Files to delete:
    C:\Documents and Settings\FM\Menu Démarrer\Programmes\Démarrage\updyrb32.exe
    C:\WINDOWS\system32\mjekwu.dll

    * Après le re-démarrage, il crée un fichier log qui s'ouvrira,que tu posteras dans ta prochaine reponse, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt

    Désinstalle :
    vmntoolbar
    Spyware Doctor

    Re-Lance OTL
    * Sous Peronnalisation, copie-colle ce qu'il y a dans le cadre ci-dessous :
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
    * Clique sur le bouton Analyse.
    * Quand le scan est fini, utilise le site http://www.cijoint.fr/ pour me donner les deux rapports : OTL.Txt et Extras.Txt.
    0
  13. namio
     
    le rapport Avenger

    http://www.cijoint.fr/cjlink.php?file=cj201011/cijszVX29g.txt
    0
  14. namio
     
    le rapport OLT

    http://www.cijoint.fr/cjlink.php?file=cj201011/cijM6w3p02.txt

    Par contre il ne m'a pas généré d'Extra.txt. cette fois !
    0
  15. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 711
     
    [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color]
    [2004/08/05 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=1BD6C2F707A275CB7C16FD99FE0F31CA -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
    [2008/04/14 03:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    [2008/04/14 03:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\svchost.exe

    Pas de C:\Windows\system32\svchost.exe

    Pourquoi tu ne copies pas C:\WINDOWS\$NtServicePackUninstall$\svchost.exe vers C:\Windows\system32\svchost.exe comme je t'ai dit ?

    Relance OTL.
    o sous Peronnalisation, copie_colle le contenu du cadre ci dessous et clic Correction, un rapport apparraitra suite à l'operation que tu conserveras sur clé usb par exemple afin d'en coller le resultat:

    :OTL
    O4 - Startup: C:\Documents and Settings\FM\Menu Démarrer\Programmes\Démarrage\updyrb32.exe ()
    :files
    C:\Documents and Settings\FM\Menu Démarrer\Programmes\Démarrage\updyrb32.exe
    :files
    C:\windows\system32\svchost.exe|C:\WINDOWS\$NtServicePackUninstall$\svchost.exe /replace

    * redemarre le pc sous windows et poste le rapport ici

    Refais un scan OTL comme là : https://forums.commentcamarche.net/forum/affich-19783455-probleme-avec-le-fichier-schost#12
    et redonne le rapport.

    Proverbe Grolandais : "Neige en Jouin, oh poutain!"
    0
  16. namio
     
    Je n'arrive pas à le copier dans system 32 comment faire ??
    0
  17. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 711
     
    Poste de Travail => disque C => dossier Windows => $NtServicePackUninstall$
    clic droit copier sur svchost.exe

    Poste de Travail => disque C => dossier Windows => dossier system32
    Menu Edition / Coller

    et tu redémarres et tu continues la procédure.
    0
  18. namio
     
    Même comme ça , ça ne marche pas j'avais déjà essayé.....
    Lorsque je fais clic droit dessus je n'ai pas le copier coller dans le menu !
    0
  19. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 711
     
    OK c'pas grave, continue la procédure avec OTL :)
    0
  20. namio
     
    je te poste le rapport tel quel ci dessous, car j'ai l'erreur 500 qui apparaît sur le serveur en essayant de t'envoyer le fichier !

    OTL logfile created on: 12/11/2010 09:49:49 - Run 3
    OTL by OldTimer - Version 3.2.17.3 Folder = E:\
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    765,00 Mb Total Physical Memory | 333,00 Mb Available Physical Memory | 44,00% Memory free
    2,00 Gb Paging File | 1,00 Gb Available in Paging File | 78,00% Paging File free
    Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 55,89 Gb Total Space | 6,40 Gb Free Space | 11,45% Space Free | Partition Type: NTFS
    Drive E: | 963,72 Mb Total Space | 958,03 Mb Free Space | 99,41% Space Free | Partition Type: FAT

    Computer Name: FM-MN9TMJS2RB4P | User Name: FM | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    [color=#E56717]========== Processes (SafeList) ==========/color

    PRC - [2010/11/10 11:43:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
    PRC - [2010/10/25 10:26:51 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
    PRC - [2009/11/13 10:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    PRC - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    PRC - [2009/03/12 09:44:32 | 000,184,968 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\SPAMfighter\sfus.exe
    PRC - [2009/03/12 09:43:48 | 000,326,792 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\SPAMfighter\SFAgent.exe
    PRC - [2008/04/16 11:53:46 | 001,079,808 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/03/26 17:41:50 | 001,232,896 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    PRC - [2007/07/19 09:14:08 | 000,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    PRC - [2006/06/13 04:20:00 | 000,127,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    PRC - [2005/12/29 07:04:02 | 000,278,528 | ---- | M] (ACD Systems, Ltd.) -- C:\Program Files\Fichiers communs\ACD Systems\fr\DevDetect.exe
    PRC - [2001/11/29 15:10:28 | 000,045,056 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe
    PRC - [2001/10/25 01:02:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

    [color=#E56717]========== Modules (SafeList) ==========/color

    MOD - [2010/11/10 11:43:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
    MOD - [2010/08/23 17:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2006/05/03 21:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

    [color=#E56717]========== Win32 Services (SafeList) ==========/color

    SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/09/23 06:01:31 | 002,950,744 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Fichiers communs\Akamai\netsession_win_062a651.dll -- (Akamai)
    SRV - [2009/11/13 10:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
    SRV - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
    SRV - [2009/03/12 09:44:32 | 000,184,968 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\SPAMfighter\sfus.exe -- (SPAMfighter Update Service)
    SRV - [2008/04/07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
    SRV - [2007/07/19 09:14:08 | 000,039,936 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
    SRV - [2006/12/14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
    SRV - [2005/11/17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
    SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
    SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
    SRV - [2001/11/29 15:10:28 | 000,045,056 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
    SRV - [2001/10/25 01:02:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)

    [color=#E56717]========== Driver Services (SafeList) ==========/color

    DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TfSysMon.sys -- (TfSysMon)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\TfNetMon.sys -- (TfNetMon)
    DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TfFsMon.sys -- (TfFsMon)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\FM\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/07/16 11:06:49 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2010/07/16 11:05:37 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2010/06/03 07:27:13 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2010/02/12 14:05:58 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
    DRV - [2009/02/13 10:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2008/09/18 21:49:44 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
    DRV - [2008/04/13 19:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
    DRV - [2008/04/13 19:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
    DRV - [2008/04/13 19:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
    DRV - [2008/04/13 19:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
    DRV - [2007/11/29 09:39:52 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2007/11/29 09:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2007/11/29 09:39:42 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2007/11/29 09:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2007/11/16 18:31:00 | 000,008,864 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)
    DRV - [2007/09/17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2006/07/24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2006/06/13 04:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2006/06/13 04:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2006/06/13 04:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2006/06/13 04:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2006/06/13 04:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2006/06/13 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2006/06/13 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
    DRV - [2006/06/12 02:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
    DRV - [2006/03/17 07:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2006/03/17 07:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2006/03/17 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
    DRV - [2006/02/21 19:46:26 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2005/08/30 00:49:38 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
    DRV - [2005/08/30 00:49:34 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
    DRV - [2005/08/30 00:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
    DRV - [2002/08/11 15:44:50 | 000,179,664 | R--- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) Audio Driver (WDM)
    DRV - [2002/07/17 11:25:18 | 000,028,160 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2002/06/06 11:12:50 | 000,063,695 | R--- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
    DRV - [2002/06/06 11:12:50 | 000,011,631 | R--- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
    DRV - [2002/05/21 11:40:18 | 000,038,528 | R--- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
    DRV - [2001/12/05 13:48:12 | 000,322,948 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
    DRV - [2001/11/29 15:10:32 | 001,432,836 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\v90drv.sys -- (V90drv)
    DRV - [2001/11/29 15:10:28 | 000,033,028 | ---- | M] (Vireo Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
    DRV - [2001/11/29 15:10:26 | 000,175,160 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
    DRV - [2001/11/29 15:10:20 | 000,607,732 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
    DRV - [2001/11/29 15:10:18 | 002,383,460 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
    DRV - [2001/11/29 15:10:14 | 000,172,708 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)

    [color=#E56717]========== Standard Registry (SafeList) ==========/color

    [color=#E56717]========== Internet Explorer ==========/color

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
    IE - HKCU\..\URLSearchHook: {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha0.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    [color=#E56717]========== FireFox ==========/color

    FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
    FF - prefs.js..browser.search.defaulturl: "http://flvdirect.iamwired.net/websearch.php?src=tops&search="
    FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
    FF - prefs.js..browser.startup.homepage: "https://www.google.fr/?gws_rd=ssl"
    FF - prefs.js..extensions.enabledItems: fr-FR@dictionaries.addons.mozilla.org:2.1
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..keyword.URL: "https://fr.search.yahoo.com/yhs/search/?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_fr&p="

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/05/14 07:09:53 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
    FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 13:29:15 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/21 13:29:13 | 000,000,000 | ---D | M]

    [2008/12/05 09:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FM\Application Data\Mozilla\Extensions
    [2010/11/01 20:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FM\Application Data\Mozilla\Firefox\Profiles\0t7zveem.default\extensions
    [2009/09/03 14:50:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\FM\Application Data\Mozilla\Firefox\Profiles\0t7zveem.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/09/05 14:37:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\FM\Application Data\Mozilla\Firefox\Profiles\0t7zveem.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2009/04/27 10:27:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\FM\Application Data\Mozilla\Firefox\Profiles\0t7zveem.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2009/11/04 17:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FM\Application Data\Mozilla\Firefox\Profiles\0t7zveem.default\extensions\fr-FR@dictionaries.addons.mozilla.org
    [2009/11/04 16:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FM\Application Data\Mozilla\Firefox\Profiles\0t7zveem.default\extensions\fsonlinescanner@f-secure.com
    [2009/02/28 18:34:25 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\FM\Application Data\Mozilla\Firefox\Profiles\0t7zveem.default\searchplugins\ask.xml
    [2010/01/23 15:11:09 | 000,000,266 | ---- | M] () -- C:\Documents and Settings\FM\Application Data\Mozilla\Firefox\Profiles\0t7zveem.default\searchplugins\Search.xml
    [2010/01/05 15:56:38 | 000,003,729 | ---- | M] () -- C:\Documents and Settings\FM\Application Data\Mozilla\Firefox\Profiles\0t7zveem.default\searchplugins\Searcheo.xml
    [2010/10/23 19:13:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2007/08/01 08:40:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2009/10/16 19:24:07 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
    [2009/10/16 19:24:07 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2009/10/16 19:24:07 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
    [2009/10/16 19:24:07 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
    [2009/10/16 19:24:07 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2010/10/25 11:18:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
    O2 - BHO: (Share Accelerator MM Toolbar) - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha0.dll (Conduit Ltd.)
    O2 - BHO: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL File not found
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKLM\..\Toolbar: (Share Accelerator MM Toolbar) - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL File not found
    O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (Share Accelerator MM Toolbar) - {4596013B-6C31-408B-A266-DEAE5C086DC2} - C:\Program Files\Share_Accelerator_MM\tbSha0.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Device Detector] File not found
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [SPAMfighter Agent] C:\Program Files\SPAMfighter\SFAgent.exe (SPAMfighter ApS)
    O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_15\Trayserver.exe (Magix)
    O4 - HKCU..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
    O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
    O4 - Startup: C:\Documents and Settings\FM\Menu Démarrer\Programmes\Démarrage\updyrb32.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O15 - HKCU\..Trusted Domains: localhost ([]http in Trusted sites)
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll File not found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\FM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\FM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/07/11 12:01:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    [color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color

    [2010/11/10 17:50:53 | 000,000,000 | ---D | C] -- C:\Avenger
    [2010/11/08 15:42:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/10/29 12:47:56 | 000,000,000 | ---D | C] -- C:\FR-files
    [2010/10/29 12:44:29 | 000,000,000 | ---D | C] -- C:\WinFileReplace
    [2010/10/29 00:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\SEAF
    [2010/10/28 11:12:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\FM\Recent
    [2010/10/26 10:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
    [2010/10/25 11:14:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/10/25 10:48:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/10/25 10:37:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/10/25 10:37:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/10/25 10:37:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/10/25 10:37:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/10/25 10:37:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/10/25 09:03:45 | 004,627,688 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\FM\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [2010/10/24 09:20:58 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/23 18:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FM\Application Data\Sunbelt
    [2010/10/23 18:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\CounterSpy
    [2010/10/22 16:14:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FM\Application Data\Malwarebytes
    [2010/10/22 16:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/10/22 16:11:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/10/21 14:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\PC Tools
    [2010/10/21 14:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2009/04/03 17:08:21 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\FM\Application Data\pcouffin.sys
    [2007/07/11 12:46:57 | 001,432,836 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\v90drv.sys
    [2007/07/11 12:46:56 | 000,175,160 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    [color=#E56717]========== Files - Modified Within 30 Days ==========/color

    [2010/11/10 17:53:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/11/10 16:20:05 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\ACDSee Pro.lnk
    [2010/11/09 21:54:29 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/11/02 02:08:46 | 000,086,528 | ---- | M] () -- C:\WINDOWS\MBR.exe
    [2010/11/01 23:59:53 | 000,000,259 | ---- | M] () -- C:\Documents and Settings\FM\Bureau\Raccourci vers FM.exe.lnk
    [2010/11/01 13:27:30 | 000,000,278 | ---- | M] () -- C:\Documents and Settings\FM\Bureau\Raccourci vers svchost.exe.lnk
    [2010/10/26 22:12:40 | 000,000,332 | RHS- | M] () -- C:\boot.ini
    [2010/10/26 11:20:21 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\MBRCheck.lnk
    [2010/10/26 11:20:21 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\ZHPDiag.lnk
    [2010/10/26 11:20:21 | 000,000,661 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\ZHPFix.lnk
    [2010/10/25 23:50:59 | 000,001,046 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/10/25 11:18:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/10/25 11:18:11 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
    [2010/10/25 11:18:05 | 000,001,042 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/10/25 09:00:50 | 004,627,688 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\FM\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [2010/10/22 19:54:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\FM\Local Settings\Application Data\prvlcl.dat
    [2010/10/21 13:29:26 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\FM\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/10/21 13:29:26 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
    [2010/10/21 11:38:29 | 000,197,120 | ---- | M] () -- C:\Documents and Settings\FM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/10/21 10:48:03 | 000,000,216 | ---- | M] () -- C:\Boot.bak
    [2010/10/20 21:00:17 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/10/20 17:37:38 | 066,614,401 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2010/10/20 13:34:02 | 000,008,564 | ---- | M] () -- C:\WINDOWS\System32\EPPICResdb0000
    [2010/10/20 13:34:02 | 000,000,120 | ---- | M] () -- C:\WINDOWS\System32\EPPICResdb
    [2010/10/19 15:00:00 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\FM\Bureau\gmer.exe
    [2010/10/19 14:49:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/10/15 06:26:23 | 003,866,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    [color=#E56717]========== Files Created - No Company Name ==========/color

    [2010/11/01 23:59:53 | 000,000,259 | ---- | C] () -- C:\Documents and Settings\FM\Bureau\Raccourci vers FM.exe.lnk
    [2010/11/01 13:27:30 | 000,000,278 | ---- | C] () -- C:\Documents and Settings\FM\Bureau\Raccourci vers svchost.exe.lnk
    [2010/10/26 10:41:21 | 000,000,673 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\MBRCheck.lnk
    [2010/10/26 10:41:21 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\ZHPDiag.lnk
    [2010/10/26 10:41:21 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\ZHPFix.lnk
    [2010/10/25 10:48:45 | 000,263,488 | RHS- | C] () -- C:\cmldr
    [2010/10/25 10:44:29 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\FM\Bureau\gmer.exe
    [2010/10/25 10:37:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/10/25 10:37:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/10/25 10:37:40 | 000,086,528 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/10/25 10:37:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/10/25 10:37:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/10/21 10:00:53 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\sprkwi.dat
    [2010/10/21 08:37:35 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\sprkwi.dat
    [2010/06/24 07:30:19 | 000,001,537 | ---- | C] () -- C:\Program Files\LISEZMOI.TXT
    [2010/06/23 21:03:33 | 000,000,104 | ---- | C] () -- C:\WINDOWS\PLE2.INI
    [2010/05/17 16:15:15 | 000,000,575 | ---- | C] () -- C:\WINDOWS\AndreaMosaic.INI
    [2010/03/11 21:00:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\FM\Local Settings\Application Data\prvlcl.dat
    [2010/03/09 15:35:33 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
    [2009/12/13 09:11:42 | 000,000,021 | ---- | C] () -- C:\WINDOWS\kit.ini
    [2009/07/16 17:19:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
    [2009/04/28 10:20:09 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE SPR265DEFGIPS.ini
    [2009/04/28 09:39:22 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
    [2009/04/28 09:39:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
    [2009/04/28 09:36:05 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
    [2009/04/28 09:36:05 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
    [2009/04/21 16:59:50 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
    [2009/04/10 10:26:12 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Devices
    [2009/04/10 10:26:12 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\FM\Application Data\Database
    [2009/04/10 10:26:12 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
    [2009/04/10 10:26:12 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\LaserPrinter
    [2009/04/10 10:26:10 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Dialogs
    [2009/04/10 10:26:10 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\FM\Application Data\Definition Bundle
    [2009/04/10 10:26:10 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Legacy
    [2009/04/10 10:21:42 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
    [2009/04/06 11:32:22 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/04/03 22:07:22 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
    [2009/04/03 17:08:45 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\FM\Application Data\vso_ts_preview.xml
    [2009/04/03 17:08:29 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\FM\Application Data\pcouffin.log
    [2009/04/03 17:08:21 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\FM\Application Data\pcouffin.cat
    [2009/04/03 17:08:21 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\FM\Application Data\pcouffin.inf
    [2009/02/15 15:51:33 | 000,006,029 | ---- | C] () -- C:\Documents and Settings\FM\Application Data\mdb.bin
    [2008/12/09 15:24:35 | 000,000,046 | ---- | C] () -- C:\WINDOWS\Goya.INI
    [2008/11/17 22:10:22 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
    [2008/11/17 22:09:59 | 000,006,642 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
    [2008/10/06 21:13:29 | 000,000,082 | ---- | C] () -- C:\WINDOWS\DeliveryReader.INI
    [2008/10/04 13:37:00 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPSONCD.INI
    [2008/09/26 10:34:40 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\NMOCOD.DLL
    [2008/07/31 08:43:28 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
    [2008/07/04 06:49:29 | 000,015,397 | ---- | C] () -- C:\Program Files\settings.dat
    [2008/07/01 00:25:47 | 000,210,740 | ---- | C] () -- C:\Documents and Settings\FM\Application Data\NMM-MetaData.db
    [2008/04/03 07:36:48 | 000,000,739 | ---- | C] () -- C:\WINDOWS\XMLEditor4.INI
    [2008/03/18 14:25:30 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/01/04 09:56:09 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2007/11/16 18:31:01 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS
    [2007/11/07 09:23:44 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\FM\Application Data\Settings.cfg
    [2007/10/14 21:13:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
    [2007/10/14 21:06:44 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2007/10/01 10:59:32 | 000,000,091 | ---- | C] () -- C:\WINDOWS\fpxpress.ini
    [2007/09/01 10:03:01 | 000,000,099 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2007/08/28 18:14:56 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
    [2007/08/01 08:36:16 | 000,000,325 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2007/07/19 13:07:10 | 000,000,032 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
    [2007/07/19 09:45:23 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
    [2007/07/19 09:09:21 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE P3170EIF.ini
    [2007/07/19 09:06:29 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2007/07/17 23:06:22 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2007/07/16 23:11:53 | 000,197,120 | ---- | C] () -- C:\Documents and Settings\FM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/07/12 10:43:36 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll
    [2007/07/11 12:52:15 | 000,004,383 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2007/07/11 12:46:56 | 000,607,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
    [2007/07/11 12:46:56 | 000,322,948 | ---- | C] () -- C:\WINDOWS\System32\drivers\slntamr.sys
    [2007/07/11 12:46:56 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
    [2007/07/11 12:46:55 | 002,383,460 | ---- | C] () -- C:\WINDOWS\System32\drivers\mtlstrm.sys
    [2007/07/11 12:46:55 | 000,172,708 | ---- | C] () -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
    [2007/07/11 12:46:55 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
    [2007/03/29 22:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
    [2005/12/21 11:36:46 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2004/08/04 01:54:38 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2002/03/21 13:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
    [1997/11/18 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

    [color=#E56717]========== Custom Scans ==========/color

    [color=#A23BEC]< :OTL >/color

    [color=#A23BEC]< 04 - Startup: C:\Documents and Setting\FM\Menu >/color

    [color=#A23BEC]< Démarrer\Programmes\Démarrage\updyrb32.exe {} >/color

    [color=#A23BEC]< :files >/color

    [color=#A23BEC]< C:\Documents and settings\FM\Menu Démarrer\Programmes\Démarrage\updyrb32.exe >/color
    [2008/04/14 03:34:22 | 000,022,016 | R-S- | M] () -- C:\Documents and Settings\FM\Menu Démarrer\Programmes\Démarrage\updyrb32.exe

    [color=#A23BEC]< :files >/color

    [color=#A23BEC]< C:\windows\system32\svchost.exe\C:\WINDOWS\$NtServicePackUnistall$\svchost.exe >/color

    [color=#A23BEC]< /replace >/color
    Invalid Switch: replace

    [color=#E56717]========== Alternate Data Streams ==========/color

    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    < End of report >
    0
  21. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 711
     
    C'est pas bon.
    T'es censé faire une correction "bouton Correction".
    Ca va générer un rapport voir te dire de redémarrer le PC.

    et ensuite tu refais un scan avec le script comme la première fois;
    0
  • 1
  • 2

Discussions similaires

question pix mot caché
aorum10 -
pixlagalere -

7 réponses
Chemin Logo du site de la Cité de l'espace
Keiios -
blux -

11 réponses
Ouvrir un fichier .pub sans Publisher
baissaoui -
baissaoui -

0 réponse