Pc infecté qui plante et désactive antivir!

Résolu
lilium6 -  
verni29 Messages postés 6699 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,

Windows XP / Internet Explorer 8.0

Depuis une semaine, j'ai des virus sur mon pc. ca a commencé par :

Cheval de troie TR/Trash.gen et cheval de troie TR/fake.rean.741

Puis hier soir, mon pc s'éteint tout seul, impossible de le rallumer, écran noir.
Je me suis servie du cd de réinstallation pour lancer une restauration. Ensuite je découvre que les virus ont désactivé antivir et je ne peux pas le relancer. J'ai passé malwaresbytes qui m'a détecté 3 rootkit.tdss + trojan.fakems + trojan.exeshell.gen

Le rapport :

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6593

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17/05/2011 00:52:42
mbam-log-2011-05-17 (00-52-42).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 344054
Temps écoulé: 1 heure(s), 16 minute(s), 48 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\documents and settings\hp_administrateur\local settings\temp\rneosxcwam.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrateur\local settings\temp\15B5.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrateur\local settings\temp\15B6.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{512df77d-45b5-4ae1-9c2a-ec48b0f584c1}\RP1611\A0607281.DLL (Trojan.FakeMS) -> Quarantined and deleted successfully.

Antivir vient de redémarrer donc je passe un scan. Je posterais le rapport dés qu'il sera fini. Je pense que mon pc n'est pas clean. Est ce que vous pouvez m'aider à réparer ca ? Merci beaucoup.
A voir également:

88 réponses

Précédent
Réponse 41 / 88
lilium6
 
Résultat analyse OTL :

http://cjoint.com/?AEtomPkdex7
0
Réponse 42 / 88
verni29 Messages postés 6699 Date d'inscription   Statut Contributeur sécurité Dernière intervention   180
 
Bon,

Il aurait du être supprimé avec OTL mais comme l'outil n'a pas marché.
Je le ferais d'une autre manière.

passe à l'autre manip.

je ne serais pas présent avant la fin de journée sur le forum.

A+
0
lilium6
 
Tu as le résultat OTL au dessus. Tu ne m'as pas in diqué d'autres manips.
Bonne journée.
A+
0
Réponse 43 / 88
verni29 Messages postés 6699 Date d'inscription   Statut Contributeur sécurité Dernière intervention   180
 
Re,

Oups, je n'avais pas remarqué que tu avais posté le rapport d'OTL

------------------------------------

On va réutiliser combofix.
par précaution et vu que l'outil ne passait pas sous windows, redémarre le PC en mode sans échec avec prise en charge réseau

1/ Ouvre le bloc-notes et sélectionne le texte suivant : 

Killall::

File::
C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3119477796-3183868988-2340673429-1007.job
C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3119477796-3183868988-2340673429-1007.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\System32\1353889894.dat
C:\WINDOWS\system32\drivers\klif.sys

Folder::
C:\Program Files\AOL\Active Virus Shield
C:\Documents and Settings\HP_Administrateur\Application Data\OfferBox
C:\Documents and Settings\HP_Administrateur\Application Data\Uniblue
C:\Documents and Settings\All Users\Application Data\88gp201n6643mxxcl6tfj
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\3kf68ax70480i5080438whe3w2m71qndd
C:\Documents and Settings\All Users\Application Data\3kf68ax70480i5080438whe3w2m71qndd
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\88gp201n6643mxxcl6tfj

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=-
"NPSStartup"=-
"KernelFaultCheck"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{75193929-9A52-4CA4-98DE-8C7296940920}"=-
"InstallWIX_{75193929-9A52-4CA4-98DE-8C7296940920}"=-

ADS::
C:\Documents and Settings\All Users\Application Data\TEMP

driver::
AVP
klif
tmcomm


# Copie/colle ce texte dans le bloc-notes.
# Enregistre le fichier sur le bureau et nomme-le CFScript.txt

2/ Glisse/dépose le script sur ComBoFix comme indiqué sur ce lien
http://img399.imageshack.us/img399/7183/img210914jjufmoj0.gif

Suis les invites.

# Ton bureau va disparaître à plusieurs reprises. Normal.
# L'ordinateur va redémarrer et un rapport sera crée.
# Poste le contenu dans ton prochain message.

Note : Si tu ne le trouves pas, il est en C:\Combofix.txt

A+
0
Réponse 44 / 88
lilium6
 
ComboFix 11-05-18.04 - Administrateur 19/05/2011 18:15:48.3.2 - x86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3070.2783 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FILE ::
"C:\WINDOWS\System32\1353889894.dat"
"C:\WINDOWS\system32\drivers\klif.sys"
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job"
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job"
"C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3119477796-3183868988-2340673429-1007.job"
"C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3119477796-3183868988-2340673429-1007.job"

[i] ADS - TEMP: deleted 218 bytes in 2 streams. /i

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\HP_Administrateur\Application Data\OfferBox
C:\Documents and Settings\HP_Administrateur\Application Data\OfferBox\config.xml
C:\Documents and Settings\HP_Administrateur\Application Data\Uniblue
C:\Documents and Settings\HP_Administrateur\Application Data\Uniblue\Registry Booster\SystemRestore.dat
C:\Program Files\AOL\Active Virus Shield
C:\Program Files\AOL\Active Virus Shield\ArcSession.ppl
C:\Program Files\AOL\Active Virus Shield\Arj.ppl
C:\Program Files\AOL\Active Virus Shield\ArjPack.ppl
C:\Program Files\AOL\Active Virus Shield\avlib.ppl
C:\Program Files\AOL\Active Virus Shield\avp.com
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\AOL\Active Virus Shield\avp_io32.dll
C:\Program Files\AOL\Active Virus Shield\Avp1.ppl
C:\Program Files\AOL\Active Virus Shield\avp3info.ppl
C:\Program Files\AOL\Active Virus Shield\avpgs.ppl
C:\Program Files\AOL\Active Virus Shield\avpgui.ppl
C:\Program Files\AOL\Active Virus Shield\avpgui.tlb
C:\Program Files\AOL\Active Virus Shield\AvpMgr.ppl
C:\Program Files\AOL\Active Virus Shield\avs.ppl
C:\Program Files\AOL\Active Virus Shield\avspm.ppl
C:\Program Files\AOL\Active Virus Shield\AxKLProd60.dll
C:\Program Files\AOL\Active Virus Shield\AxKLSysInfo.dll
C:\Program Files\AOL\Active Virus Shield\base64.ppl
C:\Program Files\AOL\Active Virus Shield\base64p.ppl
C:\Program Files\AOL\Active Virus Shield\basegui.dll
C:\Program Files\AOL\Active Virus Shield\BaseInstaller.ppl
C:\Program Files\AOL\Active Virus Shield\bl.ppl
C:\Program Files\AOL\Active Virus Shield\btdisk.ppl
C:\Program Files\AOL\Active Virus Shield\btimages.ppl
C:\Program Files\AOL\Active Virus Shield\buffer.ppl
C:\Program Files\AOL\Active Virus Shield\CAB.ppl
C:\Program Files\AOL\Active Virus Shield\CKAHCOMM.dll
C:\Program Files\AOL\Active Virus Shield\CKAHRULE.dll
C:\Program Files\AOL\Active Virus Shield\CKAHUM.dll
C:\Program Files\AOL\Active Virus Shield\ComStreamIO.ppl
C:\Program Files\AOL\Active Virus Shield\crpthlpr.ppl
C:\Program Files\AOL\Active Virus Shield\deflate.ppl
C:\Program Files\AOL\Active Virus Shield\diff.ppl
C:\Program Files\AOL\Active Virus Shield\DMAP.ppl
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\asm_background_body.jpg
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\asm_breakout.gif
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\asm_button.jpg
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\asm_headline_courtesy.gif
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\asm_headline_monitor.gif
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\asm_headline_monitor_r2_c1.gif
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\asm_headline_nomembership.gif
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\asm_headline_nowfree.gif
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\asm_heroshot.jpg
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\av_background_body.jpg
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\av_background_body_bottom.jpg
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\av_background_body_middle.jpg
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\av_background_body_top.jpg
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\av_bullet.gif
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\av_button.jpg
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\av_button_wonder.gif
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\av_headline_courtesy.gif
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\av_headline_half.gif
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\av_headline_nowfree.gif
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\av_headline_shield.gif
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\av_heroshot.jpg
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\av_rule.gif
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\background.jpg
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\button_uninstall.gif
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\learnmore_av_heroshot.gif
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\learnmore_av_heroshot.jpg
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\learnmore_background.jpg
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\learnmore_background_body_bottom.gif
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\learnmore_background_body_bottom.jpg
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\learnmore_background_body_middle.gif
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\learnmore_background_body_middle.jpg
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\learnmore_background_body_top.jpg
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\learnmore_button_clickhere.jpg
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\learnmore_headline_asm.gif
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\learnmore_headline_av.gif
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\learnmore_headline_knowledge.gif
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\learnmore_headline_more.gif
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\learnmore_heroshot.jpg
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\aol_images\title_uninstall.gif
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\Install.htm
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\uninstall.css
C:\Program Files\AOL\Active Virus Shield\Doc\AOL\uninstall.htm
C:\Program Files\AOL\Active Virus Shield\Doc\context.chm
C:\Program Files\AOL\Active Virus Shield\Doc\license.txt
C:\Program Files\AOL\Active Virus Shield\dtreg.ppl
C:\Program Files\AOL\Active Virus Shield\ExecInstaller.ppl
C:\Program Files\AOL\Active Virus Shield\Explode.ppl
C:\Program Files\AOL\Active Virus Shield\FileSession.ppl
C:\Program Files\AOL\Active Virus Shield\fsdrvplgn.ppl
C:\Program Files\AOL\Active Virus Shield\fssync.dll
C:\Program Files\AOL\Active Virus Shield\FTPSession.ppl
C:\Program Files\AOL\Active Virus Shield\GetSystemInfo.dll
C:\Program Files\AOL\Active Virus Shield\HashCont.ppl
C:\Program Files\AOL\Active Virus Shield\HASHMD5.PPL
C:\Program Files\AOL\Active Virus Shield\HCCMP.ppl
C:\Program Files\AOL\Active Virus Shield\HTTPSession.ppl
C:\Program Files\AOL\Active Virus Shield\icheckersa.ppl
C:\Program Files\AOL\Active Virus Shield\ichk2.ppl
C:\Program Files\AOL\Active Virus Shield\imapprotocoller.ppl
C:\Program Files\AOL\Active Virus Shield\Inflate.ppl
C:\Program Files\AOL\Active Virus Shield\inifile.ppl
C:\Program Files\AOL\Active Virus Shield\iwgen.ppl
C:\Program Files\AOL\Active Virus Shield\kav60.bav
C:\Program Files\AOL\Active Virus Shield\keyfiledl.dll
C:\Program Files\AOL\Active Virus Shield\kl.url
C:\Program Files\AOL\Active Virus Shield\L_llio.ppl
C:\Program Files\AOL\Active Virus Shield\lha.ppl
C:\Program Files\AOL\Active Virus Shield\lic60.ppl
C:\Program Files\AOL\Active Virus Shield\MailMsg.ppl
C:\Program Files\AOL\Active Virus Shield\MAPIEDK.dll
C:\Program Files\AOL\Active Virus Shield\mc.ppl
C:\Program Files\AOL\Active Virus Shield\mcou.dll
C:\Program Files\AOL\Active Virus Shield\mdb.ppl
C:\Program Files\AOL\Active Virus Shield\MDMAP.ppl
C:\Program Files\AOL\Active Virus Shield\MemModSc.ppl
C:\Program Files\AOL\Active Virus Shield\MemScan.ppl
C:\Program Files\AOL\Active Virus Shield\minizip.ppl
C:\Program Files\AOL\Active Virus Shield\mkavio.ppl
C:\Program Files\AOL\Active Virus Shield\msoe.ppl
C:\Program Files\AOL\Active Virus Shield\ndetect.ppl
C:\Program Files\AOL\Active Virus Shield\NetSession.ppl
C:\Program Files\AOL\Active Virus Shield\nfio.ppl
C:\Program Files\AOL\Active Virus Shield\NNTPprotocoller.ppl
C:\Program Files\AOL\Active Virus Shield\NTFSstrm.ppl
C:\Program Files\AOL\Active Virus Shield\ntlm.ppl
C:\Program Files\AOL\Active Virus Shield\oas.ppl
C:\Program Files\AOL\Active Virus Shield\ods.ppl
C:\Program Files\AOL\Active Virus Shield\params.ppl
C:\Program Files\AOL\Active Virus Shield\passdmap.ppl
C:\Program Files\AOL\Active Virus Shield\pop3protocoller.ppl
C:\Program Files\AOL\Active Virus Shield\pr_remote.dll
C:\Program Files\AOL\Active Virus Shield\PrKernel.ppl
C:\Program Files\AOL\Active Virus Shield\prloader.dll
C:\Program Files\AOL\Active Virus Shield\procmon.ppl
C:\Program Files\AOL\Active Virus Shield\ProductInfo.ppl
C:\Program Files\AOL\Active Virus Shield\prseqio.ppl
C:\Program Files\AOL\Active Virus Shield\PrUtil.ppl
C:\Program Files\AOL\Active Virus Shield\pxstub.ppl
C:\Program Files\AOL\Active Virus Shield\qb.ppl
C:\Program Files\AOL\Active Virus Shield\rar.ppl
C:\Program Files\AOL\Active Virus Shield\RegInstaller.ppl
C:\Program Files\AOL\Active Virus Shield\report.ppl
C:\Program Files\AOL\Active Virus Shield\resip.ppl
C:\Program Files\AOL\Active Virus Shield\schedule.ppl
C:\Program Files\AOL\Active Virus Shield\SFDB.PPL
C:\Program Files\AOL\Active Virus Shield\shellex.dll
C:\Program Files\AOL\Active Virus Shield\Skin\ah.loc
C:\Program Files\AOL\Active Virus Shield\Skin\bb.loc
C:\Program Files\AOL\Active Virus Shield\Skin\en\ah.loc
C:\Program Files\AOL\Active Virus Shield\Skin\en\as.loc
C:\Program Files\AOL\Active Virus Shield\Skin\en\bb.loc
C:\Program Files\AOL\Active Virus Shield\Skin\en\cf.loc
C:\Program Files\AOL\Active Virus Shield\Skin\en\credits.loc
C:\Program Files\AOL\Active Virus Shield\Skin\en\hints.loc
C:\Program Files\AOL\Active Virus Shield\Skin\en\main.loc
C:\Program Files\AOL\Active Virus Shield\Skin\en\mc.loc
C:\Program Files\AOL\Active Virus Shield\Skin\en\oas.loc
C:\Program Files\AOL\Active Virus Shield\Skin\en\prot.loc
C:\Program Files\AOL\Active Virus Shield\Skin\en\report.loc
C:\Program Files\AOL\Active Virus Shield\Skin\en\sc.loc
C:\Program Files\AOL\Active Virus Shield\Skin\en\scan.loc
C:\Program Files\AOL\Active Virus Shield\Skin\en\service.loc
C:\Program Files\AOL\Active Virus Shield\Skin\en\settings.loc
C:\Program Files\AOL\Active Virus Shield\Skin\en\spy.loc
C:\Program Files\AOL\Active Virus Shield\Skin\en\updater.loc
C:\Program Files\AOL\Active Virus Shield\Skin\enums.loc
C:\Program Files\AOL\Active Virus Shield\Skin\glock.loc
C:\Program Files\AOL\Active Virus Shield\Skin\guitest.htm
C:\Program Files\AOL\Active Virus Shield\Skin\images\activity.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\adapter.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\alert24.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\alert32.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\aol2006.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\aollogo.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\application.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\badmail.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\banner.gif
C:\Program Files\AOL\Active Virus Shield\Skin\images\Banner.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\battery.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\bootsect.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\connection.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\danger24.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\danger32.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\datafiles.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\datafiles32.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\dialer.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\dialer.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\disk.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\display.PNG
C:\Program Files\AOL\Active Virus Shield\Skin\images\error.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\exception.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\floppy.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\Goodmail.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\gripper.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\help.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\help.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\help16.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\i16.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\i32.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\ids.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\ie.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\info.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\integrity.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\internet.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\internet.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\intranet.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\kav_en.gif
C:\Program Files\AOL\Active Virus Shield\Skin\images\key.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\kl.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\local.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\lockbutton.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\Mail.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\main_aol.bmp
C:\Program Files\AOL\Active Virus Shield\Skin\images\main_off.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\main_on.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\memory.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\msg_bad.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\msg_deleted.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\msg_good.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\msg_new16.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\msg_question.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\msg16.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\navstate.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\nempty.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\network.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\network.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\nonrecursive.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\Notify.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\office.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\office.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\ok.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\ok24.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\ok32.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\password.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\pause.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\popup_allowed.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\popup_blocked.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\Privacy.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\prot32.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\protection.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\rdisk.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\red.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\regedit.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\regicons.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\run.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\serv32.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\settings.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\settings32.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\setWnd.bmp
C:\Program Files\AOL\Active Virus Shield\Skin\images\sound.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\startupobj.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\stealth.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\stop.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\support.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\sys_close.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\sys_min.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\taskbar.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\tasks\antihacker32.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\tasks\antihackerX.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\tasks\antispam32.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\tasks\antispamX.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\tasks\antispy32.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\tasks\antispyX.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\tasks\datafiles.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\tasks\datafiles32.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\tasks\file32.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\tasks\fileX.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\tasks\mail32.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\tasks\mailX.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\tasks\pdm32.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\tasks\pdmX.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\tasks\prot32.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\tasks\protection.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\tasks\scan.gif
C:\Program Files\AOL\Active Virus Shield\Skin\images\tasks\scan.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\tasks\scan32.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\tasks\support.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\tasks\support32.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\tasks\updater32.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\tasks\updaterX.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\tasks\web32.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\tasks\webX.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\tray\tray_error.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\tray\tray_mail.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\tray\tray_off.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\tray\tray_on.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\tray\tray_red.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\tray\tray_scan.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\tray\tray_script.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\tray\tray_web.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\tray\tray_yellow.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\trusted.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\unkobj.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\visa.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\warning.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\warning24.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\wizard.png
C:\Program Files\AOL\Active Virus Shield\Skin\images\yellow.ico
C:\Program Files\AOL\Active Virus Shield\Skin\images\yellow.png
C:\Program Files\AOL\Active Virus Shield\Skin\layout\cf.ini
C:\Program Files\AOL\Active Virus Shield\Skin\layout\main.ini
C:\Program Files\AOL\Active Virus Shield\Skin\layout\mc.ini
C:\Program Files\AOL\Active Virus Shield\Skin\layout\oas.ini
C:\Program Files\AOL\Active Virus Shield\Skin\layout\prot.ini
C:\Program Files\AOL\Active Virus Shield\Skin\layout\report.ini
C:\Program Files\AOL\Active Virus Shield\Skin\layout\sc.ini
C:\Program Files\AOL\Active Virus Shield\Skin\layout\scan.ini
C:\Program Files\AOL\Active Virus Shield\Skin\layout\service.ini
C:\Program Files\AOL\Active Virus Shield\Skin\layout\settings.ini
C:\Program Files\AOL\Active Virus Shield\Skin\layout\updater.ini
C:\Program Files\AOL\Active Virus Shield\Skin\prot.loc
C:\Program Files\AOL\Active Virus Shield\Skin\skin.ini
C:\Program Files\AOL\Active Virus Shield\Skin\sounds\Infected.wav
C:\Program Files\AOL\Active Virus Shield\smtpprotocoller.ppl
C:\Program Files\AOL\Active Virus Shield\Socket.ppl
C:\Program Files\AOL\Active Virus Shield\startupenum2.ppl
C:\Program Files\AOL\Active Virus Shield\StdComp.ppl
C:\Program Files\AOL\Active Virus Shield\stored.ppl
C:\Program Files\AOL\Active Virus Shield\SuperIO.ppl
C:\Program Files\AOL\Active Virus Shield\TempFile.ppl
C:\Program Files\AOL\Active Virus Shield\thpimpl.ppl
C:\Program Files\AOL\Active Virus Shield\timer.ppl
C:\Program Files\AOL\Active Virus Shield\tm.ppl
C:\Program Files\AOL\Active Virus Shield\trafficmonitor2.ppl
C:\Program Files\AOL\Active Virus Shield\UnArj.ppl
C:\Program Files\AOL\Active Virus Shield\UniArc.ppl
C:\Program Files\AOL\Active Virus Shield\UnLZX.ppl
C:\Program Files\AOL\Active Virus Shield\Unreduce.ppl
C:\Program Files\AOL\Active Virus Shield\UNSHRINK.ppl
C:\Program Files\AOL\Active Virus Shield\UnStored.ppl
C:\Program Files\AOL\Active Virus Shield\UpdateCategory.ppl
C:\Program Files\AOL\Active Virus Shield\UpdateInfo.ppl
C:\Program Files\AOL\Active Virus Shield\UpdateInstaller.ppl
C:\Program Files\AOL\Active Virus Shield\UpdateObjectInfo.ppl
C:\Program Files\AOL\Active Virus Shield\Updater.ppl
C:\Program Files\AOL\Active Virus Shield\Updater2005.ppl
C:\Program Files\AOL\Active Virus Shield\userdump.exe
C:\Program Files\AOL\Active Virus Shield\WDiskIO.ppl
C:\Program Files\AOL\Active Virus Shield\WinReg.ppl
C:\Program Files\AOL\Active Virus Shield\wmihlpr.ppl
C:\Program Files\AOL\Active Virus Shield\xorio.ppl
C:\Program Files\AOL\Active Virus Shield\zcompare.ppl
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3119477796-3183868988-2340673429-1007.job
C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3119477796-3183868988-2340673429-1007.job


((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVP
-------\Legacy_KLIF
-------\Legacy_TMCOMM
-------\Service_AVP
-------\Service_klif
-------\Service_tmcomm


((((((((((((((((((((((((((((( Fichiers créés du 2011-04-19 au 2011-05-19 ))))))))))))))))))))))))))))))))))))


2011-05-17 18:38:54 . 2011-05-17 18:38:54 -------- d-----w- C:\_OTL
2011-05-17 08:59:09 . 2011-05-17 08:59:09 -------- d-----w- C:\Documents and Settings\Administrateur\Application Data\Avira
2011-05-16 21:01:27 . 2011-05-16 21:01:28 -------- d-----w- C:\WINDOWS\system32\wbem\Repository
2011-04-21 11:25:13 . 2011-04-21 11:25:15 -------- d-----w- C:\e9c6af05f2a48107c7db
2011-04-20 12:47:31 . 2011-04-20 13:05:28 -------- d-----w- C:\Program Files\ICQ7.4
.


(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

2011-04-13 22:40:10 . 2011-04-13 22:40:10 4284416 ----a-w- C:\WINDOWS\system32\GPhotos.scr
2011-03-31 18:19:18 . 2009-05-19 08:05:27 137656 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys
2011-03-07 05:33:47 . 2004-08-10 11:00:00 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll
2011-03-04 06:36:19 . 2004-08-10 11:00:00 420864 ----a-w- C:\WINDOWS\system32\vbscript.dll
2011-03-03 13:53:37 . 2004-08-10 11:00:00 1858048 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-02-22 23:05:48 . 2004-08-10 11:00:00 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-02-22 23:05:47 . 2004-08-10 11:00:00 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2011-02-22 23:05:47 . 2004-08-10 11:00:00 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2011-02-22 11:42:13 . 2004-08-10 11:00:00 385024 ----a-w- C:\WINDOWS\system32\html.iec
2007-02-24 17:22:48 . 2007-02-24 17:22:48 278528 -c--a-w- C:\Program Files\Fichiers communs\FDEUnInstaller.exe


((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
2009-10-15 08:53:58 165184 ----a-w- C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 21:12:52 3872080]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 17:05:22 102400]
"Connexion SFR 9props.exe"="C:\Program Files\SFR\Kit\9props.exe" [2009-10-15 08:53:54 959808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 18:34:32 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 12:05:38 106496]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 23:56:38 16261632]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-22 00:59:00 143360]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-28 00:59:00 8466432]
"nwiz"="nwiz.exe" [2007-08-28 00:59:00 1626112]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 07:05:00 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 20:14:00 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 20:34:58 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 19:34:40 49152]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 10:01:15 70952]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1172346016\ee\AOLSoftware.exe" [2006-11-17 13:16:56 50736]
"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2004-06-09 14:37:02 40960]
"SunJavaUpdateSched"="C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 09:43:18 248040]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16:38 39792]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 12:38:55 281768]
"SMSTray"="C:\Program Files\Samsung\EmoDio\SMSTray.exe" [2009-03-21 07:06:26 484888]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-11-29 16:38:18 421888]

C:\Documents and Settings\All Users\Menu D'marrer\Programmes\D'marrage\
AOL 9.0 Ic"ne AOL.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2007-2-24 156784]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Lancer l'utilitaire d'enregistrement.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2008-12-6 1073152]
TrayMin210.exe.lnk - C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe [2007-2-25 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;C:\Program Files\Avira\AntiVir Desktop\sched.exe [19/05/2009 10:05:27 136360]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [08/01/2010 21:33:20 233472]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [08/01/2010 21:33:20 36608]
R3 NeroCd2k;NeroCd2k;C:\WINDOWS\system32\drivers\NeroCd2k.sys [01/03/2007 16:55:26 44227]
S2 gupdate;Service Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [30/01/2010 11:49:52 135664]
S3 gupdatem;Service Google Update (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [30/01/2010 11:49:52 135664]
S3 PCD5SRVC{8A863ACB-F5F6CC6A-05010004};PCD5SRVC{8A863ACB-F5F6CC6A-05010004} - PCDR Kernel Mode Service Helper Driver;\??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms --> C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\WINDOWS\system32\drivers\ss_bbus.sys [08/01/2010 21:33:38 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\WINDOWS\system32\drivers\ss_bmdfl.sys [08/01/2010 21:33:38 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\WINDOWS\system32\drivers\ss_bmdm.sys [08/01/2010 21:33:38 121856]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - FSUSBEXDISK
*Deregistered* - ATWPKT2

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Contenu du dossier 'Tâches planifiées'

2011-05-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34:12 . 2008-07-30 11:34:12]


------- Examen supplémentaire -------

uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://photoservice.fujicolor.de/ips-opdata/operator/27859021/activex/IPSUploader4.cab


**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-19 18:28:49
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 88
verni29 Messages postés 6699 Date d'inscription   Statut Contributeur sécurité Dernière intervention   180
 
Re,

Le rapport est incomplet.
Poste la fin du rapport.

A+
0
Réponse 46 / 88
lilium6
 
Re, Je t'ai envoyé ce qu'il y avait. Sinon, il y a des petits bouts dans des dossiers nommés mbr, pend, resident, osId; reglocks.

Mais combofix s'est encore passé bizarement, j'ai eu encore un message me demandant de le mettre à jour, j'ai dit oui. Après un autre message me signalant que le logiciel est sans garantie et qu'il n'est pas affilié à tel adresse... et aucune proposition d'installer une console de réparation ...

Je trouve ça bizarre...
0
lilium6
 
mbr :
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD25 rev.10.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
0
lilium6
 
pend :

.:\\\(0!\|0\\0\)
C:\\WINDOWS\\system32\\\(\\\|0!\|0\\0\)
C:\\WINDOWS\\system32\\config\\\(\\\|0!\|0\\0\)
C:\\WINDOWS\\system32\\csrss.exe\\\(0!\|0\\0\)
C:\\WINDOWS\\system32\\Drivers\\\(\\\|0!\|0\\0\)
C:\\WINDOWS\\system32\\hal.dll\\\(0!\|0\\0\)
C:\\WINDOWS\\system32\\lsass.exe\\\(0!\|0\\0\)
C:\\WINDOWS\\system32\\ntdll.dll\\\(0!\|0\\0\)
C:\\WINDOWS\\system32\\services.exe\\\(0!\|0\\0\)
C:\\WINDOWS\\system32\\smss.exe\\\(0!\|0\\0\)
C:\\WINDOWS\\system32\\svchost.exe\\\(0!\|0\\0\)
C:\\WINDOWS\\system32\\userinit.exe\\\(0!\|0\\0\)
C:\\WINDOWS\\system32\\wbem\\\(\\\|0!\|0\\0\)
C:\\WINDOWS\\system32\\winlogon.exe\\\(0!\|0\\0\)
C:\\boot.ini\\\(0!\|0\\0\)
C:\\ntdetect.com\\\(0!\|0\\0\)
C:\\ntldr\\\(0!\|0\\0\)
C:\\WINDOWS\\\(\\\|0!\|0\\0\)
C:\\WINDOWS\\explorer.exe\\\(0!\|0\\0\)
0
lilium6
 
Resident :

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
0
lilium6
 
mbr :

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD25 rev.10.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
0
lilium6
 
Reglocks :


[HKEY_USERS\S-1-5-21-3119477796-3183868988-2340673429-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a9,ac,7a,6f,0b,f5,94,a4,a7,7f,5a,3a,a9,e5,78,a4,76,57,7d,50,a9,ff,5e,
22,90,80,d7,8b,ef,a8,a0,87,bd,2d,06,5d,1e,69,4d,b8,3a,be,f6,d4,b4,89,f4,db,\
"??"=hex:32,a3,a4,16,0f,23,1c,03,86,48,53,ad,db,94,d3,48

[HKEY_USERS\S-1-5-21-3119477796-3183868988-2340673429-1007\Software\SecuROM\License information*]
"datasecu"=hex:7d,d6,0f,68,09,88,cf,fe,f1,ab,36,29,63,5d,53,3a,61,fe,3c,cd,de,
95,fa,83,7b,0b,b6,de,65,0d,2f,29,9a,84,25,86,51,d7,67,24,45,35,14,97,59,f8,\
"rkeysecu"=hex:5f,fb,da,15,0c,9e,37,72,da,c8,42,f8,9b,ce,8d,3a

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\] '|
]
"DisplayName"="?\11???"
"DeviceDesc"="?\11???"
"ProviderName"=""
"MFG"="?????"
"ReinstallString"="C:\\WINDOWS\\System32\\ReinstallBackups\\]???\\DriverFiles\\.INF"
"DeviceInstanceIds"=multi:"\0c\00"

[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"WinSock_Registry_Version"="2.0"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
0
Réponse 47 / 88
lilium6
 
http://cjoint.com/?AEtvb1RtRXM

Je t'ai posté le rapport que j'ai. Il n'est pas complet. Je te le remets avec c joint. Je n'ai touché à rien!
0
Réponse 48 / 88
verni29 Messages postés 6699 Date d'inscription   Statut Contributeur sécurité Dernière intervention   180
 
Re,

Bon, l'autre antivirus a été supprimé.

---------------------------------------

Il y a une possible infection sur les supports amovibles ( clés USB, ... )

Télécharge USBFix ( par El Desaparecido ) sur ton bureau.

* Double clique sur UsbFix.exe présent sur ton bureau .
* clique sur Recherche .
* Un message t'avertira de brancher les supports amovibles.
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées sans les ouvrir
FAIS-LE.
* Laisse travailler l'outil.
* Ensuite post le rapport UsbFix.txt qui apparaitra.
<ital>
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )</ital

A+
0
Réponse 49 / 88
lilium6
 
Re, Active Virus Shield n'est pas supprimé, je l'ai toujours dans ma liste de programme. Je n'ai pas AUCUN support amovible! La clé USB est à ma fille et elle n'est pas là. De plus, elle ne s'en sert que pour le collège et les profs la teste à chaque fois avant de l'ouvrir!
0
verni29 Messages postés 6699 Date d'inscription   Statut Contributeur sécurité Dernière intervention   180
 
C'est quoi le lecteur F: sur le PC ?

Passe USBFix sans la clé.

A+
0
lilium6
 
Comment je peux savoir ce que c'est? Tout ce que je peux te dire, c'est que j'ai 4 ports usb utilisé. Souris, Webcam, Imprimante et Modem. C'est tout. Bon je vais passer usbfix.

A+
0
Réponse 50 / 88
lilium6
 
Pare-feu Windows: Désactivé /!\
Antivirus: AntiVir Desktop 10.0.1.58 [(!) Disabled | Updated]
Firewall: Norton Internet Worm Protection 2006 [(!) Disabled]
RAM -> 3070 Mo
C:\ (%systemdrive%) -> Disque fixe # 226 Go (127 Go libre(s) - 56%) [HP_PAVILION] # NTFS
D:\ -> Disque fixe # 7 Go (856 Mo libre(s) - 12%) [HP_RECOVERY] # FAT32
E:\ -> CD-ROM

################## | Éléments infectieux |


Présent! C:\WINDOWS\fonts\RandFont.dll

################## | Registre |

Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |


################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F |
0
lilium6
 
C'est très mauvais tout ca! JE sens que ca va se terminer par un formatage total... Tu ne crois pas?
0
verni29 Messages postés 6699 Date d'inscription   Statut Contributeur sécurité Dernière intervention   180
 
La désinfection du PC a été un peu galère pour l'instant.
Les outils avaient du mal à passer.
Ce qui ne veut pas dire nécessairement que c'était un mauvais signe.

le problème venait plutot de multiples installations de logiciel sur le PC.
C'est sur que le formatage te permettra de remettre le PC à plat.

Sinon, du point de vue des infections, quand on aura nettoyé l'infection avec USBFix, il n'y aura plus grand chose à faire. Le PC doit être propre après ces manips.

A toi de voir.
0
lilium6
 
Ok on continue si tu peux m'aider à le nettoyer efficacement. C'est juste que j'ai la trouille qu'il reste quelque chose. Ca m'énerve car je fais les mises à jour de l'antivirus, je passe le scan régulièrement et je ne télécharge plus depuis longtemps !! Par contre je regarde des films en streaming. Est ce que c là que j'ai pu chopper tout ca?
0
Réponse 51 / 88
verni29 Messages postés 6699 Date d'inscription   Statut Contributeur sécurité Dernière intervention   180
 
Re,

Pour le steaming, peut-être .
Il y a en effet des infections via ce qu'on appelle des exploits , c'est du code incorporé dans les pages webs mais pour des sites de streaming, sans doute que non.

En tout cas, on n'est pas à l'abri de se faire infecter de cette manière en surfant sur le net.

---------------------------------------

1/ Double clic sur usbfix.exe présent sur ton bureau

* clique sur nettoyer.
* Un message t'avertira de brancher les supports amovibles.
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées sans les ouvrir
FAIS-LE.
* Le bureau va disparaitre et ne sera plus accessible tout le temps du scan. C'est normal.
* Ensuite poste le rapport UsbFix.txt qui apparaitra avec le bureau .

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

2/ relance OTL et choisis Analyse rapide.
poste le rapport.

A+
0
lilium6
 
Euh sur usb fix il n'y a pas nettoyer?!
0
lilium6
 
Il y a suppression, vacciner, désinstaller
0
verni29 Messages postés 6699 Date d'inscription   Statut Contributeur sécurité Dernière intervention   180
 
Suppression.
0
Réponse 52 / 88
lilium6 Messages postés 117 Date d'inscription   Statut Membre Dernière intervention   1
 
############################## | UsbFix 7.045 | [Suppression]

Utilisateur: HP_Administrateur (Administrateur) # VIGOUROUX [ ]
Mis à jour le 15/05/2011 par TeamXscript
Lancé à 09:34:23 | 20/05/2011
Site Web: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com

CPU: Intel(R) Pentium(R) D CPU 2.80GHz
CPU 2: Intel(R) Pentium(R) D CPU 2.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Pare-feu Windows: Désactivé /!\
Antivirus: AntiVir Desktop 10.0.1.58 [(!) Disabled | Updated]
Firewall: Norton Internet Worm Protection 2006 [(!) Disabled]
RAM -> 3070 Mo
C:\ (%systemdrive%) -> Disque fixe # 226 Go (127 Go libre(s) - 56%) [HP_PAVILION] # NTFS
D:\ -> Disque fixe # 7 Go (856 Mo libre(s) - 12%) [HP_RECOVERY] # FAT32
E:\ -> CD-ROM

################## | Éléments infectieux |


Supprimé! C:\WINDOWS\fonts\RandFont.dll
Supprimé! C:\Recycler\S-1-5-21-3119477796-3183868988-2340673429-1007

################## | Registre |

Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |


################## | Listing |

[09/11/2008 - 13:00:08 | D ] C:\$AVG8.VAULT$
[14/07/2010 - 23:33:38 | D ] C:\64fc39460b6f0d50e357433929
[26/02/2007 - 21:52:28 | D ] C:\7dad743d46e0542fdc78ab36fdc0
[11/02/2010 - 18:57:37 | D ] C:\ATI
[19/09/2006 - 06:26:46 | N | 100] C:\AUTOEXEC.BAT
[18/05/2011 - 16:22:09 | N | 325] C:\Boot.bak
[18/05/2011 - 22:29:52 | RASH | 325] C:\boot.ini
[09/08/2004 - 23:00:00 | N | 4952] C:\Bootfont.bin
[15/05/2010 - 23:32:59 | D ] C:\ca8ec2a7c9527ccbc6013b
[18/05/2011 - 22:29:52 | D ] C:\cmdcons
[09/08/2004 - 23:00:00 | N | 263488] C:\cmldr
[15/11/2005 - 04:22:08 | D ] C:\CMPNENTS
[19/05/2011 - 18:34:04 | D ] C:\ComboFix
[11/05/2011 - 18:34:59 | D ] C:\Config.Msi
[10/10/2005 - 13:34:04 | N | 0] C:\CONFIG.SYS
[24/02/2007 - 17:52:51 | D ] C:\Documents and Settings
[21/04/2011 - 13:25:15 | D ] C:\e9c6af05f2a48107c7db
[20/05/2011 - 09:30:07 | ASH | 3219607552] C:\hiberfil.sys
[25/02/2007 - 21:28:06 | D ] C:\hp
[10/10/2005 - 13:34:04 | N | 0] C:\IO.SYS
[25/12/2009 - 00:25:16 | D ] C:\Manual-PCProgram
[08/12/2010 - 16:04:18 | N | 127] C:\mbam-error.txt
[10/10/2005 - 13:34:04 | N | 0] C:\MSDOS.SYS
[09/08/2004 - 23:00:00 | RASH | 47564] C:\NTDETECT.COM
[09/11/2008 - 15:09:23 | N | 252240] C:\ntldr
[20/05/2011 - 09:30:05 | ASH | 1610612736] C:\pagefile.sys
[19/05/2011 - 10:55:51 | D ] C:\Program Files
[19/09/2006 - 05:49:44 | D ] C:\Python22
[19/05/2011 - 18:15:46 | D ] C:\Qoobox
[20/05/2011 - 09:38:53 | SHD ] C:\RECYCLER
[10/12/2008 - 22:19:08 | N | 232] C:\sqmdata00.sqm
[11/12/2008 - 23:35:46 | N | 232] C:\sqmdata01.sqm
[12/12/2008 - 15:31:46 | N | 232] C:\sqmdata02.sqm
[12/12/2008 - 19:29:38 | N | 232] C:\sqmdata03.sqm
[27/12/2008 - 11:58:28 | N | 232] C:\sqmdata04.sqm
[10/01/2009 - 15:11:14 | N | 232] C:\sqmdata05.sqm
[25/01/2009 - 02:22:59 | N | 232] C:\sqmdata06.sqm
[25/01/2009 - 11:56:19 | N | 232] C:\sqmdata07.sqm
[09/03/2009 - 19:08:43 | N | 232] C:\sqmdata08.sqm
[22/04/2009 - 21:36:42 | N | 268] C:\sqmdata09.sqm
[25/06/2007 - 12:12:35 | N | 136] C:\sqmdata10.sqm
[14/07/2007 - 19:17:25 | N | 268] C:\sqmdata11.sqm
[28/07/2007 - 22:55:55 | N | 268] C:\sqmdata12.sqm
[12/09/2007 - 16:36:18 | N | 268] C:\sqmdata13.sqm
[20/12/2007 - 14:19:53 | N | 268] C:\sqmdata14.sqm
[14/03/2008 - 17:30:06 | N | 232] C:\sqmdata15.sqm
[07/06/2008 - 12:15:51 | N | 232] C:\sqmdata16.sqm
[25/11/2008 - 13:52:54 | N | 232] C:\sqmdata17.sqm
[25/11/2008 - 22:54:45 | N | 232] C:\sqmdata18.sqm
[10/12/2008 - 14:29:01 | N | 232] C:\sqmdata19.sqm
[10/12/2008 - 22:19:08 | N | 244] C:\sqmnoopt00.sqm
[11/12/2008 - 23:35:46 | N | 244] C:\sqmnoopt01.sqm
[12/12/2008 - 15:31:46 | N | 244] C:\sqmnoopt02.sqm
[12/12/2008 - 19:29:38 | N | 244] C:\sqmnoopt03.sqm
[27/12/2008 - 11:58:27 | N | 244] C:\sqmnoopt04.sqm
[10/01/2009 - 15:11:14 | N | 244] C:\sqmnoopt05.sqm
[25/01/2009 - 02:22:59 | N | 244] C:\sqmnoopt06.sqm
[25/01/2009 - 11:56:18 | N | 244] C:\sqmnoopt07.sqm
[09/03/2009 - 19:08:43 | N | 244] C:\sqmnoopt08.sqm
[22/04/2009 - 21:36:42 | N | 244] C:\sqmnoopt09.sqm
[25/06/2007 - 12:12:35 | N | 244] C:\sqmnoopt10.sqm
[14/07/2007 - 19:17:25 | N | 244] C:\sqmnoopt11.sqm
[28/07/2007 - 22:55:55 | N | 244] C:\sqmnoopt12.sqm
[12/09/2007 - 16:36:18 | N | 244] C:\sqmnoopt13.sqm
[20/12/2007 - 14:19:53 | N | 244] C:\sqmnoopt14.sqm
[14/03/2008 - 17:30:06 | N | 244] C:\sqmnoopt15.sqm
[07/06/2008 - 12:15:51 | N | 244] C:\sqmnoopt16.sqm
[25/11/2008 - 13:52:54 | N | 244] C:\sqmnoopt17.sqm
[25/11/2008 - 22:54:45 | N | 244] C:\sqmnoopt18.sqm
[10/12/2008 - 14:29:01 | N | 244] C:\sqmnoopt19.sqm
[18/05/2011 - 22:43:18 | SHD ] C:\System Volume Information
[19/09/2006 - 05:49:26 | D ] C:\system.sav
[11/11/2008 - 23:00:37 | N | 562] C:\TCleaner.txt
[17/05/2011 - 13:25:18 | N | 45070] C:\TDSSKiller.2.5.1.0_17.05.2011_13.22.04_log.txt
[11/10/2010 - 22:56:38 | D ] C:\Temp
[11/11/2008 - 19:28:49 | D ] C:\Test
[02/12/2008 - 15:55:06 | N | 594] C:\updatedatfix.log
[20/05/2011 - 09:38:54 | D ] C:\UsbFix
[20/05/2011 - 09:39:48 | A | 1357] C:\UsbFix.txt
[18/05/2010 - 17:55:35 | D ] C:\VERBIRA 3.0
[20/05/2011 - 09:30:23 | D ] C:\WINDOWS
[17/05/2011 - 20:38:54 | D ] C:\_OTL
[27/07/2001 - 08:07:38 | N | 0] D:\AUTOEXEC.BAT
[15/07/2010 - 09:18:16 | D ] D:\FOUND.000
[09/01/2002 - 18:52:30 | SH | 244] D:\BOOT.INI
[10/12/2005 - 03:00:14 | D ] D:\cmdcons
[16/08/2001 - 11:26:26 | N | 237728] D:\CMLDR
[28/07/2001 - 06:07:38 | N | 0] D:\CONFIG.SYS
[24/05/2005 - 20:48:26 | SH | 102] D:\Desktop.ini
[10/09/2002 - 02:21:08 | N | 7850] D:\Folder.htt
[17/06/2001 - 09:31:08 | N | 0] D:\GRAPH
[25/01/2002 - 02:21:24 | N | 0] D:\GRAPH16
[29/11/2004 - 21:01:50 | N | 73728] D:\Info.exe
[28/07/2001 - 06:07:38 | N | 0] D:\IO.SYS
[17/08/2006 - 07:21:10 | D ] D:\MiniNT
[28/07/2001 - 06:07:38 | N | 0] D:\MSDOS.SYS
[25/07/2001 - 22:00:00 | SH | 45124] D:\NTDETECT.COM
[25/07/2001 - 22:00:00 | N | 222880] D:\NTLDR
[10/12/2005 - 06:02:48 | D ] D:\PRELOAD
[09/09/2002 - 23:58:12 | N | 181616] D:\protect.ed
[19/09/2006 - 00:04:36 | N | 36] D:\SAVEFILE.DIR
[08/02/2002 - 01:44:24 | N | 88038] D:\Warning.bmp
[19/09/2006 - 00:05:18 | D ] D:\I386
[19/09/2006 - 00:07:54 | D ] D:\HP
[19/09/2006 - 00:08:54 | D ] D:\TOOLS
[24/02/2007 - 17:01:46 | N | 968] D:\MASTER.LOG
[17/08/2001 - 00:32:24 | N | 0] D:\Ntfs
[23/05/2001 - 13:19:06 | N | 0] D:\Svga
[18/08/2001 - 00:00:00 | N | 10] D:\Win51
[21/01/2001 - 23:00:00 | N | 11] D:\Win51.b2
[25/07/2001 - 00:00:00 | N | 11] D:\Win51.rc1
[25/07/2001 - 05:47:04 | N | 11] D:\Win51.rc2
[18/08/2001 - 00:00:00 | N | 10] D:\Win51ic
[19/03/2001 - 23:00:00 | N | 11] D:\Win51ic.b2
[25/07/2001 - 00:00:00 | N | 11] D:\Win51ic.rc1
[25/07/2001 - 00:00:00 | N | 11] D:\Win51ic.rc2
[17/08/2001 - 00:00:00 | N | 10] D:\Win51ip
[21/01/2001 - 23:00:00 | N | 11] D:\Win51ip.b2
[25/07/2001 - 05:47:04 | N | 11] D:\Win51ip.rc2
[16/08/2001 - 22:17:02 | N | 184] D:\Winbom.ini
[19/09/2006 - 00:31:34 | N | 6] D:\BLOCK.RIN
[19/09/2006 - 00:34:48 | N | 0] D:\USER
[19/09/2006 - 00:34:50 | D ] D:\Réinstallation Système
[24/02/2007 - 16:54:56 | SHD ] D:\System Volume Information
[24/02/2007 - 17:02:52 | N | 26] D:\RCBoot.sys
[24/02/2007 - 17:55:08 | N | 22] D:\HPCD.sys
[25/02/2007 - 10:42:52 | SHD ] D:\Recycled

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
D:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_VIGOUROUX.zip
http://www.teamxscript.org/Upload.php
Merci de votre contribution.

################## | E.O.F |
0
Réponse 53 / 88
lilium6 Messages postés 117 Date d'inscription   Statut Membre Dernière intervention   1
 
OTL logfile created on: 20/05/2011 10:05:21 - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HP_Administrateur\Bureau
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 82,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 226,04 Gb Total Space | 127,14 Gb Free Space | 56,25% Space Free | Partition Type: NTFS
Drive D: | 6,83 Gb Total Space | 0,84 Gb Free Space | 12,24% Space Free | Partition Type: FAT32

Computer Name: VIGOUROUX | User Name: HP_Administrateur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========/color

PRC - [2011/05/17 13:44:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrateur\Bureau\OTL.exe
PRC - [2011/04/27 20:20:37 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/31 20:19:17 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/08/17 14:38:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 23:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/09 16:59:48 | 000,259,632 | ---- | M] (America Online, Inc.) -- C:\Program Files\AOL 9.0\waol.exe
PRC - [2006/11/17 15:16:56 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Fichiers communs\AOL\1172346016\ee\aolsoftware.exe
PRC - [2006/10/23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe
PRC - [2006/06/01 22:33:22 | 000,001,536 | ---- | M] () -- c:\Program Files\Fichiers communs\AOL\1172346016\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe
PRC - [2004/12/07 18:02:40 | 000,487,518 | ---- | M] (America Online Inc) -- C:\Program Files\Fichiers communs\AOL\aoltpspd.exe
PRC - [2004/05/10 23:49:50 | 000,038,512 | ---- | M] (America Online, Inc.) -- C:\Program Files\AOL 9.0\shellmon.exe


[color=#E56717]========== Modules (SafeList) ==========/color

MOD - [2011/05/17 13:44:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrateur\Bureau\OTL.exe
MOD - [2010/08/23 18:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/05/10 23:49:20 | 000,006,144 | ---- | M] (America Online, Inc.) -- C:\Program Files\AOL 9.0\idleproc.dll


[color=#E56717]========== Win32 Services (SafeList) ==========/color

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/27 20:20:37 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/31 20:19:17 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/03/31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/10/23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2006/06/21 04:08:48 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/06/01 23:25:00 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe -- (ELService) Intel(R)
SRV - [2006/02/22 02:58:34 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2005/04/04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/08/27 11:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


[color=#E56717]========== Driver Services (SafeList) ==========/color

DRV - [2011/03/31 20:19:18 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/17 13:06:01 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/22 14:38:42 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 16:27:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/12/11 23:02:42 | 004,525,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/03/31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/10/31 07:52:16 | 000,093,184 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/08/23 12:10:06 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/08/23 12:10:06 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/03/01 16:55:07 | 000,044,227 | ---- | M] (ahead software gmbh
im stoeckmaedle 6
76307 karlsbad, germany
Fax: ++49-7248-911-888
e-mail: info@nero.com) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NeroCd2k.sys -- (NeroCd2k)
DRV - [2007/02/24 19:21:23 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.sys -- (PCANDIS5)
DRV - [2006/07/25 01:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/09 22:36:44 | 000,009,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2006/05/09 22:36:42 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmon.sys -- (ELmon)
DRV - [2006/05/09 22:36:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elkbd.sys -- (ELkbd)
DRV - [2006/05/09 22:36:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmou.sys -- (ELmou)
DRV - [2006/05/09 22:36:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elhid.sys -- (ELhid)
DRV - [2005/12/13 02:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/09 06:53:14 | 000,162,944 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS -- (RT25USBAP)
DRV - [2005/08/24 15:55:48 | 000,066,560 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005/08/10 16:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/08/10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/06/29 17:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/05/16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/02/26 17:25:52 | 000,091,527 | ---- | M] (VM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2003/11/05 07:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


[color=#E56717]========== Standard Registry (SafeList) ==========/color


[color=#E56717]========== Internet Explorer ==========/color

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 CA A0 9F 63 85 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/26 11:13:25 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/05/19 18:25:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (XBTP06568 Class) - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AOL Security Toolbar) - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar avec bloqueur de fenêtres pop-up) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Security Toolbar) - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll ()
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (BIGDOG)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1172346016\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Connexion SFR 9props.exe] C:\Program Files\SFR\Kit\9props.exe (SFR)
O4 - HKLM..\RunOnce: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin210.exe.lnk = C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe ()
O4 - Startup: C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://62.1.34.103:8084/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} http://www.normandie-webcam.com/plugins/h263ctrl20013/h263ctrl.cab (VaPgCtrl Class)
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} http://photoservice.fujicolor.de/ips-opdata/operator/27859021/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} http://a532.g.akamai.net/... (Reg Error: Key error.)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} http://photoservice.fujicolor.de/ips-opdata/operator/27859021/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 06:26:46 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/05/20 09:39:51 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2011/05/20 09:39:52 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color

[2011/05/20 09:39:51 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2011/05/19 22:13:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/19 21:54:52 | 000,000,000 | ---D | C] -- C:\UsbFix
[2011/05/19 21:54:27 | 001,229,735 | ---- | C] (TeamXscript.org) -- C:\Documents and Settings\HP_Administrateur\Bureau\UsbFix.exe
[2011/05/19 18:24:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/19 18:12:30 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/05/18 22:29:49 | 000,000,000 | ---D | C] -- C:\cmdcons
[2011/05/18 22:26:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/18 22:26:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/18 22:26:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/18 22:26:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/18 22:13:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/18 17:21:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrateur\Recent
[2011/05/17 20:38:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/17 13:44:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrateur\Bureau\OTL.exe
[2011/05/17 13:21:48 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrateur\Bureau\TDSSKiller.exe
[2011/04/21 13:25:13 | 000,000,000 | ---D | C] -- C:\e9c6af05f2a48107c7db
[2011/04/20 14:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.4
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========/color

[2011/05/20 09:39:57 | 014,789,982 | ---- | M] () -- C:\UsbFix_Upload_Me_VIGOUROUX.zip
[2011/05/20 09:34:23 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/05/20 09:31:49 | 000,000,434 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/05/20 09:30:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/20 09:30:07 | 3219,607,552 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/19 21:54:31 | 001,229,735 | ---- | M] (TeamXscript.org) -- C:\Documents and Settings\HP_Administrateur\Bureau\UsbFix.exe
[2011/05/19 21:39:09 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Bureau\Raccourci vers Centre de sécurité.lnk
[2011/05/19 18:25:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/19 13:59:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/19 13:57:06 | 012,825,376 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2011/05/19 13:57:06 | 001,203,452 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2011/05/19 13:57:05 | 454,614,304 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011/05/19 13:57:05 | 006,086,656 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011/05/19 10:58:52 | 000,019,988 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Bureau\KisKav6Remove.zip
[2011/05/18 22:29:52 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/05/18 16:40:50 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/18 16:22:09 | 000,000,325 | ---- | M] () -- C:\Boot.bak
[2011/05/17 13:44:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrateur\Bureau\OTL.exe
[2011/05/17 13:41:58 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Bureau\2cjtjbqg.exe
[2011/05/17 13:20:55 | 001,280,208 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Bureau\tdsskiller.zip
[2011/05/16 23:03:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/16 18:42:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/14 22:02:11 | 000,124,937 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Bureau\maison mont saint jean.jpg
[2011/05/13 13:21:28 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrateur\Bureau\TDSSKiller.exe
[2011/05/11 18:34:52 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk
[2011/05/08 12:49:05 | 000,622,142 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2011/05/08 12:49:05 | 000,541,198 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/08 12:49:05 | 000,127,574 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2011/05/08 12:49:05 | 000,106,628 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/08 12:44:31 | 000,016,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\3kf68ax70480i5080438whe3w2m71qndd
[2011/05/08 12:44:31 | 000,016,278 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3kf68ax70480i5080438whe3w2m71qndd
[2011/04/20 15:00:29 | 000,016,334 | -HS- | M] () -- C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\88gp201n6643mxxcl6tfj
[2011/04/20 15:00:29 | 000,016,334 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\88gp201n6643mxxcl6tfj
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========/color

[2011/05/20 09:39:55 | 014,789,982 | ---- | C] () -- C:\UsbFix_Upload_Me_VIGOUROUX.zip
[2011/05/19 21:39:09 | 000,000,372 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Bureau\Raccourci vers Centre de sécurité.lnk
[2011/05/19 18:25:34 | 3219,607,552 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/19 10:58:51 | 000,019,988 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Bureau\KisKav6Remove.zip
[2011/05/18 22:26:02 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/18 22:26:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/18 22:26:02 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/18 22:26:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/18 22:26:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/17 13:41:58 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Bureau\2cjtjbqg.exe
[2011/05/17 13:20:50 | 001,280,208 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Bureau\tdsskiller.zip
[2011/05/14 21:49:57 | 000,124,937 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Bureau\maison mont saint jean.jpg
[2011/05/11 18:34:52 | 000,001,926 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk
[2011/05/08 11:16:40 | 000,016,278 | -HS- | C] () -- C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\3kf68ax70480i5080438whe3w2m71qndd
[2011/05/08 11:16:40 | 000,016,278 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3kf68ax70480i5080438whe3w2m71qndd
[2011/04/20 14:58:12 | 000,016,334 | -HS- | C] () -- C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\88gp201n6643mxxcl6tfj
[2011/04/20 14:58:12 | 000,016,334 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\88gp201n6643mxxcl6tfj
[2010/11/18 16:47:36 | 000,148,816 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/13 22:34:50 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/04/26 20:30:19 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/26 11:12:56 | 000,023,775 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/03/27 23:51:15 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
[2010/03/08 15:12:08 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2010/02/11 18:59:35 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/02/11 18:59:35 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/02/11 18:59:34 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/02/11 18:59:34 | 000,203,336 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/02/11 18:59:34 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/02/11 13:20:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/01/08 21:33:20 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/01/08 21:33:20 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/01/08 21:33:03 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Application Data\$_hpcst$.hpc
[2008/09/17 13:36:22 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/09/17 13:36:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/09/17 13:36:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/09/17 13:36:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2008/09/14 13:01:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2008/08/23 12:10:06 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/08/23 12:10:06 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/06/27 18:28:02 | 000,000,571 | ---- | C] () -- C:\WINDOWS\System32\FeMakro.ini
[2008/06/27 18:28:02 | 000,000,497 | ---- | C] () -- C:\WINDOWS\System32\FeAnim.ini
[2008/06/11 22:42:00 | 000,038,520 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/06/01 08:40:04 | 000,162,933 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2008/06/01 08:40:04 | 000,008,138 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2008/03/31 11:56:02 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/12/17 22:46:58 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2007/12/14 17:37:59 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/10/25 17:56:57 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/10/25 17:56:57 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007/05/12 18:16:05 | 000,005,170 | ---- | C] () -- C:\WINDOWS\easyc.ini
[2007/05/12 18:14:51 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2007/05/12 18:14:51 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2007/05/12 18:14:12 | 000,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2007/03/05 11:21:48 | 454,614,304 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2007/03/05 11:21:48 | 012,825,376 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2007/03/01 22:59:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/03/01 16:55:30 | 000,507,960 | ---- | C] () -- C:\WINDOWS\UNNERO.exe
[2007/02/26 21:06:07 | 000,019,474 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
[2007/02/26 21:04:39 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS2P.DLL
[2007/02/25 19:55:48 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/24 19:35:14 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/24 19:30:23 | 000,000,746 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2007/02/24 19:28:36 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/02/24 19:22:48 | 000,278,528 | ---- | C] () -- C:\Program Files\Fichiers communs\FDEUnInstaller.exe
[2007/02/24 17:52:51 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\fusioncache.dat
[2006/09/19 07:02:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/19 06:37:44 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/09/19 06:31:00 | 000,014,399 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/09/19 06:30:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/09/19 06:20:24 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/09/19 06:15:34 | 000,106,126 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/09/19 06:14:39 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/09/19 06:11:59 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/09/19 06:11:59 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/09/19 06:11:59 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/09/19 06:11:59 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/09/19 06:11:59 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/09/19 06:11:59 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/09/19 06:11:59 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/09/19 06:11:37 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\Elusetup.exe
[2006/09/19 05:54:50 | 000,000,821 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/09/19 05:49:43 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/09/19 05:49:43 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/09/19 05:49:27 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 20:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/05/25 02:22:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2005/10/10 14:31:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/10/10 13:39:46 | 000,622,142 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2005/10/10 13:39:46 | 000,541,198 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/10/10 13:39:46 | 000,127,574 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2005/10/10 13:39:46 | 000,106,628 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/10/10 13:37:46 | 000,252,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/10/10 13:33:42 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/10/10 13:29:58 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 22:38:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/14 15:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/09/17 05:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/10 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 06:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2004/08/10 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 06:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2004/08/10 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/06/24 19:20:22 | 000,000,651 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/03/17 02:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000091.DLL
[2001/08/24 00:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/24 00:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1997/06/14 12:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

[color=#E56717]========== LOP Check ==========/color

[2007/12/25 02:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alexandra Ledermann 8
[2010/07/10 12:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/04/20 15:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2010/02/11 16:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2007/02/25 10:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/01/08 21:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/04/04 13:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skyline
[2008/12/02 11:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/19 22:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/02/24 19:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/11/08 17:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[color=#E56717]========== Purity Check ==========/color



< End of report >
0
Réponse 54 / 88
verni29 Messages postés 6699 Date d'inscription   Statut Contributeur sécurité Dernière intervention   180
 
Re,

Il y a encore plein d'outils liés à AOL.
Cela pollue le PC.

Si tu es d'accird, on vire tout ce qui touche à AOL.
Tu m'as bien dit que tu te connectais via SFR ?

Dans le panneau de configuration, désinstalle Tout ce qui touche à AOL.

AOL Security Toolbar
AOL - Assistant de désinstallatio

-----------------------------------

Fais unscan en ligne .
Tuto : https://www.commentcamarche.net/faq/29643-scanner-en-ligne-avec-eset-nod32

Poste le rapport.
Il se trouve en C:\Program Files\ESET Online Scanner\log.txt

A+
0
lilium6 Messages postés 117 Date d'inscription   Statut Membre Dernière intervention   1
 
Est ce qu'il y a encore des virus sur mon pc? Ou bien à ce niveau là c'est bon?
0
Réponse 55 / 88
lilium6
 
Voilà le résultat :

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=ab2373b36c0fc04a918346641820b59f
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-20 08:57:55
# local_time=2011-05-20 10:57:55 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1036
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 97393756 97393756 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775141 100 100 913 80814537 0 0
# compatibility_mode=8192 67108863 100 0 221 221 0 0
# scanned=164456
# found=3
# cleaned=3
# scan_time=7117
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP3\A0002155.EXE une variante probable de Win32/StartPage.HSZAKFT cheval de troie (supprimé - mis en quarantaine) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP3\A0002158.exe une variante probable de Win32/StartPage.HSZAKFT cheval de troie (supprimé - mis en quarantaine) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP3\A0002462.dll une variante probable de Win32/Adware.Softomate.AA application (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
0
lilium6
 
Est ce que je peux remettre mon anti virus et le pare feu en route? Et active Virus Shield apparait toujours dans ajout, suppression de programmes. Impossible de l'enlever alors que j'ai désinstallé tout aol. J'ai aussi désinstallé Yahoo toolbar, il était déjà inactif...Je fais comment?
0
Réponse 56 / 88
verni29 Messages postés 6699 Date d'inscription   Statut Contributeur sécurité Dernière intervention   180
 
Re,

ESET n'a trouvé qu'une infection dans la restauration système.
elle sera à nettoyer.

Le PC est propre.

Peux-tu relancer OTl et choisir analyse rapide ?
Je pourrais vérifier qu'il ne reste plus de trace d'AOL.

A+
0
Réponse 57 / 88
lilium6 Messages postés 117 Date d'inscription   Statut Membre Dernière intervention   1
 
Bonjour,

Résultat otl :

OTL logfile created on: 21/05/2011 09:30:30 - Run 6
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HP_Administrateur\Bureau
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 226,04 Gb Total Space | 127,70 Gb Free Space | 56,50% Space Free | Partition Type: NTFS
Drive D: | 6,83 Gb Total Space | 0,84 Gb Free Space | 12,24% Space Free | Partition Type: FAT32

Computer Name: VIGOUROUX | User Name: HP_Administrateur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011/05/17 13:44:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrateur\Bureau\OTL.exe
PRC - [2011/04/27 20:20:37 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/31 20:19:17 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/08/17 14:38:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/05/21 00:58:48 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:58:46 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/05/14 11:35:26 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
PRC - [2010/02/18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
PRC - [2010/01/14 23:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/15 10:53:54 | 000,959,808 | ---- | M] (SFR) -- C:\Program Files\SFR\Kit\9props.exe
PRC - [2009/04/02 19:05:22 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009/03/31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009/03/21 09:06:26 | 000,484,888 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files\Samsung\EmoDio\SMSTray.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/04 17:47:39 | 000,278,528 | ---- | M] () -- C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe
PRC - [2006/06/21 04:08:48 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
PRC - [2006/06/01 23:25:00 | 000,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
PRC - [2006/04/13 09:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
PRC - [2006/02/22 02:59:00 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/02/22 02:58:34 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2005/12/15 10:28:36 | 001,073,152 | ---- | M] () -- C:\Program Files\WiFiConnector\NintendoWFCReg.exe
PRC - [2004/06/09 16:37:02 | 000,040,960 | ---- | M] (BIGDOG) -- C:\WINDOWS\VM_STI.EXE


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2011/05/17 13:44:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrateur\Bureau\OTL.exe
MOD - [2010/08/23 18:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/27 20:20:37 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/31 20:19:17 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/03/31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/06/21 04:08:48 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/06/01 23:25:00 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe -- (ELService) Intel(R)
SRV - [2006/02/22 02:58:34 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2005/04/04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011/03/31 20:19:18 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/17 13:06:01 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/22 14:38:42 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 16:27:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/12/11 23:02:42 | 004,525,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/03/31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/10/31 07:52:16 | 000,093,184 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/08/23 12:10:06 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/08/23 12:10:06 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/03/01 16:55:07 | 000,044,227 | ---- | M] (ahead software gmbh
im stoeckmaedle 6
76307 karlsbad, germany
Fax: ++49-7248-911-888
e-mail: info@nero.com) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NeroCd2k.sys -- (NeroCd2k)
DRV - [2007/02/24 19:21:23 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.sys -- (PCANDIS5)
DRV - [2006/07/25 01:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/09 22:36:44 | 000,009,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2006/05/09 22:36:42 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmon.sys -- (ELmon)
DRV - [2006/05/09 22:36:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elkbd.sys -- (ELkbd)
DRV - [2006/05/09 22:36:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmou.sys -- (ELmou)
DRV - [2006/05/09 22:36:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elhid.sys -- (ELhid)
DRV - [2005/12/13 02:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/09 06:53:14 | 000,162,944 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS -- (RT25USBAP)
DRV - [2005/08/24 15:55:48 | 000,066,560 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005/08/10 16:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/08/10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/06/29 17:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/05/16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/02/26 17:25:52 | 000,091,527 | ---- | M] (VM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2003/11/05 07:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 CA A0 9F 63 85 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/26 11:13:25 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/05/19 18:25:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [AOLDialer] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (BIGDOG)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Connexion SFR 9props.exe] C:\Program Files\SFR\Kit\9props.exe (SFR)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin210.exe.lnk = C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe ()
O4 - Startup: C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://62.1.34.103:8084/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} http://www.normandie-webcam.com/plugins/h263ctrl20013/h263ctrl.cab (VaPgCtrl Class)
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} http://photoservice.fujicolor.de/ips-opdata/operator/27859021/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} http://a532.g.akamai.net/... (Reg Error: Key error.)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} http://photoservice.fujicolor.de/ips-opdata/operator/27859021/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 06:26:46 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/05/20 09:39:51 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2011/05/20 09:39:52 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/05/20 20:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/20 09:39:51 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2011/05/19 22:13:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/19 21:54:52 | 000,000,000 | ---D | C] -- C:\UsbFix
[2011/05/19 21:54:27 | 001,229,735 | ---- | C] (TeamXscript.org) -- C:\Documents and Settings\HP_Administrateur\Bureau\UsbFix.exe
[2011/05/19 18:24:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/19 18:12:30 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/05/18 22:29:49 | 000,000,000 | ---D | C] -- C:\cmdcons
[2011/05/18 22:26:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/18 22:26:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/18 22:26:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/18 22:26:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/18 22:13:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/18 17:21:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrateur\Recent
[2011/05/17 20:38:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/17 13:44:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrateur\Bureau\OTL.exe
[2011/05/17 13:21:48 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrateur\Bureau\TDSSKiller.exe
[2011/04/21 13:25:13 | 000,000,000 | ---D | C] -- C:\e9c6af05f2a48107c7db
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/05/21 09:21:37 | 000,000,434 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/05/21 09:20:26 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/05/21 09:19:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/21 09:19:25 | 3219,607,552 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/20 20:26:18 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2011/05/20 09:39:57 | 014,789,982 | ---- | M] () -- C:\UsbFix_Upload_Me_VIGOUROUX.zip
[2011/05/19 21:54:31 | 001,229,735 | ---- | M] (TeamXscript.org) -- C:\Documents and Settings\HP_Administrateur\Bureau\UsbFix.exe
[2011/05/19 21:39:09 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Bureau\Raccourci vers Centre de sécurité.lnk
[2011/05/19 18:25:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/19 13:59:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/19 13:57:06 | 012,825,376 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2011/05/19 13:57:06 | 001,203,452 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2011/05/19 13:57:05 | 454,614,304 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011/05/19 13:57:05 | 006,086,656 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011/05/19 10:58:52 | 000,019,988 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Bureau\KisKav6Remove.zip
[2011/05/18 22:29:52 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/05/18 16:40:50 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/18 16:22:09 | 000,000,325 | ---- | M] () -- C:\Boot.bak
[2011/05/17 13:44:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrateur\Bureau\OTL.exe
[2011/05/17 13:41:58 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Bureau\2cjtjbqg.exe
[2011/05/17 13:20:55 | 001,280,208 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Bureau\tdsskiller.zip
[2011/05/16 23:03:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/16 18:42:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/14 22:02:11 | 000,124,937 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Bureau\maison mont saint jean.jpg
[2011/05/13 13:21:28 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrateur\Bureau\TDSSKiller.exe
[2011/05/11 18:34:52 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk
[2011/05/08 12:49:05 | 000,622,142 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2011/05/08 12:49:05 | 000,541,198 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/08 12:49:05 | 000,127,574 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2011/05/08 12:49:05 | 000,106,628 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/08 12:44:31 | 000,016,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\3kf68ax70480i5080438whe3w2m71qndd
[2011/05/08 12:44:31 | 000,016,278 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3kf68ax70480i5080438whe3w2m71qndd
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/05/20 20:26:18 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/05/20 09:39:55 | 014,789,982 | ---- | C] () -- C:\UsbFix_Upload_Me_VIGOUROUX.zip
[2011/05/19 21:39:09 | 000,000,372 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Bureau\Raccourci vers Centre de sécurité.lnk
[2011/05/19 18:25:34 | 3219,607,552 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/19 10:58:51 | 000,019,988 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Bureau\KisKav6Remove.zip
[2011/05/18 22:26:02 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/18 22:26:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/18 22:26:02 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/18 22:26:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/18 22:26:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/17 13:41:58 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Bureau\2cjtjbqg.exe
[2011/05/17 13:20:50 | 001,280,208 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Bureau\tdsskiller.zip
[2011/05/14 21:49:57 | 000,124,937 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Bureau\maison mont saint jean.jpg
[2011/05/11 18:34:52 | 000,001,926 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk
[2011/05/08 11:16:40 | 000,016,278 | -HS- | C] () -- C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\3kf68ax70480i5080438whe3w2m71qndd
[2011/05/08 11:16:40 | 000,016,278 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3kf68ax70480i5080438whe3w2m71qndd
[2011/04/20 14:58:12 | 000,016,334 | -HS- | C] () -- C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\88gp201n6643mxxcl6tfj
[2011/04/20 14:58:12 | 000,016,334 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\88gp201n6643mxxcl6tfj
[2010/11/18 16:47:36 | 000,148,816 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/13 22:34:50 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/04/26 20:30:19 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/26 11:12:56 | 000,023,775 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/03/27 23:51:15 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
[2010/03/08 15:12:08 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2010/02/11 18:59:35 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/02/11 18:59:35 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/02/11 18:59:34 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/02/11 18:59:34 | 000,203,336 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/02/11 18:59:34 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/02/11 13:20:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/01/08 21:33:20 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/01/08 21:33:20 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/01/08 21:33:03 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Application Data\$_hpcst$.hpc
[2008/09/17 13:36:22 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/09/17 13:36:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/09/17 13:36:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/09/17 13:36:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2008/09/14 13:01:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2008/08/23 12:10:06 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/08/23 12:10:06 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/06/27 18:28:02 | 000,000,571 | ---- | C] () -- C:\WINDOWS\System32\FeMakro.ini
[2008/06/27 18:28:02 | 000,000,497 | ---- | C] () -- C:\WINDOWS\System32\FeAnim.ini
[2008/06/11 22:42:00 | 000,038,520 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/06/01 08:40:04 | 000,162,933 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2008/06/01 08:40:04 | 000,008,138 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2008/03/31 11:56:02 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/12/17 22:46:58 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2007/12/14 17:37:59 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/10/25 17:56:57 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/10/25 17:56:57 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007/05/12 18:16:05 | 000,005,170 | ---- | C] () -- C:\WINDOWS\easyc.ini
[2007/05/12 18:14:51 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2007/05/12 18:14:51 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2007/05/12 18:14:12 | 000,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2007/03/05 11:21:48 | 454,614,304 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2007/03/05 11:21:48 | 012,825,376 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2007/03/01 22:59:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/03/01 16:55:30 | 000,507,960 | ---- | C] () -- C:\WINDOWS\UNNERO.exe
[2007/02/26 21:06:07 | 000,019,474 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
[2007/02/26 21:04:39 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS2P.DLL
[2007/02/25 19:55:48 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/24 19:35:14 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/24 19:30:23 | 000,000,746 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2007/02/24 19:28:36 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/02/24 19:22:48 | 000,278,528 | ---- | C] () -- C:\Program Files\Fichiers communs\FDEUnInstaller.exe
[2007/02/24 17:52:51 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\fusioncache.dat
[2006/09/19 07:02:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/19 06:37:44 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/09/19 06:31:00 | 000,014,399 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/09/19 06:30:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/09/19 06:20:24 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/09/19 06:15:34 | 000,106,126 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/09/19 06:14:39 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/09/19 06:11:59 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/09/19 06:11:59 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/09/19 06:11:59 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/09/19 06:11:59 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/09/19 06:11:59 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/09/19 06:11:59 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/09/19 06:11:59 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/09/19 06:11:37 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\Elusetup.exe
[2006/09/19 05:54:50 | 000,000,821 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/09/19 05:49:43 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/09/19 05:49:43 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/09/19 05:49:27 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 20:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/05/25 02:22:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2005/10/10 14:31:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/10/10 13:39:46 | 000,622,142 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2005/10/10 13:39:46 | 000,541,198 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/10/10 13:39:46 | 000,127,574 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2005/10/10 13:39:46 | 000,106,628 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/10/10 13:37:46 | 000,252,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/10/10 13:33:42 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/10/10 13:29:58 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 22:38:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/14 15:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/09/17 05:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/10 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 06:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2004/08/10 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 06:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2004/08/10 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/06/24 19:20:22 | 000,000,651 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/03/17 02:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000091.DLL
[2001/08/24 00:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/24 00:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1997/06/14 12:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

[color=#E56717]========== LOP Check ==========[/color]

[2007/12/25 02:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alexandra Ledermann 8
[2010/07/10 12:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/04/20 15:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2010/02/11 16:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2007/02/25 10:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/01/08 21:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/04/04 13:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skyline
[2008/12/02 11:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/19 22:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/02/24 19:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/11/08 17:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[color=#E56717]========== Purity Check ==========[/color]



< End of report >

Merci pour ton aide.

A+
0
lilium6 Messages postés 117 Date d'inscription   Statut Membre Dernière intervention   1
 
J'ai également un fichier eula sur mon bureau, est ce que tu peux me dire ce que c'est?

END USER LICENSE AGREEMENT

Kaspersky Lab ZAO (the "Rightholder") is an owner of all rights, whether exclusive or otherwise to the Software.

By using the Software You consent to be bound by the terms and conditions of this agreement.

The Rightholder hereby grants You a non-exclusive perpetual license to store, load, install, execute, and display (to "use") the free of charge Software that will substantially perform within the scope of functionality set forth on https://support.kaspersky.com/viruses The Software should be used as an auxiliary tool for removing threats from Your computer as described on https://support.kaspersky.com/viruses The Rightholder doesn't guarantee complete removal of threats and fixing issues caused by these threats.

No technical support for the Software is available.

You shall not emulate, modify, decompile, or reverse engineer the Software or disassemble or create derivative works based on the Software or any portion thereof with the sole exception of a non-waivable right granted to You by applicable legislation.

THE SOFTWARE IS PROVIDED "AS IS" AND THE RIGHTHOLDER MAKES NO REPRESENTATION AND GIVES NO WARRANTY AS TO ITS USE OR PERFORMANCE. EXCEPT FOR ANY WARRANTY, CONDITION, REPRESENTATION OR TERM THE EXTENT TO WHICH CANNOT BE EXCLUDED OR LIMITED BY APPLICABLE LAW THE RIGHTHOLDER AND ITS PARTNERS MAKE NO WARRANTY, CONDITION, REPRESENTATION, OR TERM (EXPRESS OR IMPLIED, WHETHER BY STATUTE, COMMON LAW, CUSTOM, USAGE OR OTHERWISE) AS TO ANY MATTER INCLUDING, WITHOUT LIMITATION, NONINFRINGEMENT OF THIRD PARTY RIGHTS, MERCHANTABILITY, SATISFACTORY QUALITY, INTEGRATION, OR APPLICABILITY FOR A PARTICULAR PURPOSE. YOU ASSUME ALL FAULTS, AND THE ENTIRE RISK AS TO PERFORMANCE AND RESPONSIBILITY FOR SELECTING THE SOFTWARE TO ACHIEVE YOUR INTENDED RESULTS, AND FOR THE INSTALLATION OF, USE OF, AND RESULTS OBTAINED FROM THE SOFTWARE. WITHOUT LIMITING THE FOREGOING PROVISIONS, THE RIGHTHOLDER MAKES NO REPRESENTATION AND GIVES NO WARRANTY THAT THE SOFTWARE WILL BE ERROR-FREE OR FREE FROM INTERRUPTIONS OR OTHER FAILURES OR THAT THE SOFTWARE WILL MEET ANY OR ALL YOUR REQUIREMENTS WHETHER OR NOT DICLOSED TO THE RIGHTHOLDER.

© 1997-2011 Kaspersky Lab ZAO. All Rights Reserved.
0
lilium6 Messages postés 117 Date d'inscription   Statut Membre Dernière intervention   1
 
J'ai fait un copier-coller du fichier et ca te met autre chose! Le fichier eula ca n'est pas ce que tu as au dessus!!!
0
Réponse 58 / 88
verni29 Messages postés 6699 Date d'inscription   Statut Contributeur sécurité Dernière intervention   180
 
Re,

Des dossiers qui auraient du être supprimé sont toujours présents sur le PC. 

C:\Documents and Settings\All Users\Application Data\88gp201n6643mxxcl6tfj
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\3kf68ax70480i5080438whe3w2m71qndd
C:\Documents and Settings\All Users\Application Data\3kf68ax70480i5080438whe3w2m71qndd
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\88gp201n6643mxxcl6tfj

Ces dossiers sont vides mais leur suppression n'a pas fonctionné.

Vérifie une chose , stp.

1/ Fais apparaitre les fichiers/dossiers cachés.

Pour montrer sur l'ordinateur tous les fichiers, cachés et systèmes :
--> Poste de travail --> Outils --> Options des dossiers --> Onglet Affichage
Vérifier que " Afficher les fichiers et dossiers cachés" est coché.
Vérifier que " Masquer les fichiers protégés du système d'exploitation ( recommandé )" est décoché.

2/ Navigue jusqu'à ces dossiers. Vérifie qu'ils sont vides.
Supprime-les.
Vérifie bien qui ils ont été supprimés.

A+
0
Réponse 59 / 88
lilium6 Messages postés 117 Date d'inscription   Statut Membre Dernière intervention   1
 
On me propose une liste de programme pour ouvrir ces fichiers. Avec quoi je peux les ouvrir pour vérifier qu'ilssont vides?
0
Réponse 60 / 88
verni29 Messages postés 6699 Date d'inscription   Statut Contributeur sécurité Dernière intervention   180
 
Re,

J'aimerais bien voir le contenu de ces dossiers/fichiers.

Peux-tu faire la manip suivante ?

Il faudrait zipper le dossier.

--------------------------------------------

Si tu as un logiciel comme winzip, winrar, tu vas pouvoir facilement zipper ce dossier.

Click droit sur ce dossier --> choisis l'option de compression .
Cela va crée un fichier .zip.

Envoie moi ensuite ce fichier ( si il n'est pas trop important ) à l'adresse suivante :
vi29XnTa@hotmail.fr

Fais cette manip pour les deux dossiers suivants : 

C:\Documents and Settings\All Users\Application Data\88gp201n6643mxxcl6tfj
C:\Documents and Settings\All Users\Application Data\3kf68ax70480i5080438whe3w2m71qndd

--------------------------------------------

Sinon, télécharge un logiciel de compression, installe-le puis fais la manip.
7-zip : https://www.commentcamarche.net/telecharger/utilitaires/2197-7-zip/
winrar : https://www.commentcamarche.net/telecharger/utilitaires/24097-winrar/

A+
0
lilium6 Messages postés 117 Date d'inscription   Statut Membre Dernière intervention   1
 
Voilà, je viens de te les envoyer
0