Infection rogue
lilyie29
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
J'ai chopé un rogue.
Je n'ai plus les multiples messages d'erreurs concernant la RAM et autres, mais avast continue à me balancer des messages comme quoi il bloque des url malveillant.
Néanmoins, j'ai fait plusieurs scan et il n'y a plus rien.
J'ai essayé de faire un autre scan avec bitdefender ca n'a pas marché.
J'ai téléchargé Microsoft security il a aussi trouvé un trojan qu'il n'arrive pas à supprimer apparemment (Trojan:DOS/Alureon.A).
J'ai mis à jour CCleaner RAS.
Enfin, je viens de faire une analyse avec Killrogue, voici le rapport :
RogueKiller V5.2.2 [05/06/2011] par Tigzy
contact sur http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: Administrateur [Droits d'admin]
Mode: Recherche -- Date : 13/06/2011 20:47:07
Processus malicieux: 0
Entrees de registre: 14
[SUSP PATH] HKCU\[...]\Run : fmueldk ("c:\documents and settings\administrateur\local settings\application data\fmueldk.exe" fmueldk) -> FOUND
[SUSP PATH] HKCU\[...]\Run : 4ECYTQ9SIC (C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Fk1.exe) -> FOUND
[SUSP PATH] HKCU\[...]\Run : WiIcWRekwAE (C:\Documents and Settings\All Users\Application Data\WiIcWRekwAE.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1990792646-2492842019-661982708-500[...]\Run : fmueldk ("c:\documents and settings\administrateur\local settings\application data\fmueldk.exe" fmueldk) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1990792646-2492842019-661982708-500[...]\Run : 4ECYTQ9SIC (C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Fk1.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1990792646-2492842019-661982708-500[...]\Run : WiIcWRekwAE (C:\Documents and Settings\All Users\Application Data\WiIcWRekwAE.exe) -> FOUND
[BLACKLIST] HKLM\[...]\Root : LEGACY_SSHNAS () -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> FOUND
[HJPOL] HKCU\[...]\Explorer : NoDesktop (1) -> FOUND
[HJ] HKCU\[...]\ActiveDesktop : NoChangingWallPaper (1) -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
Fichier HOSTS:
Termine : << RKreport[1].txt >>
RKreport[1].txt
Je vous remercie par avance pour les conseils que vous pourrez m'apporter car je suis une vraie billen en informatique.
J'ai chopé un rogue.
Je n'ai plus les multiples messages d'erreurs concernant la RAM et autres, mais avast continue à me balancer des messages comme quoi il bloque des url malveillant.
Néanmoins, j'ai fait plusieurs scan et il n'y a plus rien.
J'ai essayé de faire un autre scan avec bitdefender ca n'a pas marché.
J'ai téléchargé Microsoft security il a aussi trouvé un trojan qu'il n'arrive pas à supprimer apparemment (Trojan:DOS/Alureon.A).
J'ai mis à jour CCleaner RAS.
Enfin, je viens de faire une analyse avec Killrogue, voici le rapport :
RogueKiller V5.2.2 [05/06/2011] par Tigzy
contact sur http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: Administrateur [Droits d'admin]
Mode: Recherche -- Date : 13/06/2011 20:47:07
Processus malicieux: 0
Entrees de registre: 14
[SUSP PATH] HKCU\[...]\Run : fmueldk ("c:\documents and settings\administrateur\local settings\application data\fmueldk.exe" fmueldk) -> FOUND
[SUSP PATH] HKCU\[...]\Run : 4ECYTQ9SIC (C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Fk1.exe) -> FOUND
[SUSP PATH] HKCU\[...]\Run : WiIcWRekwAE (C:\Documents and Settings\All Users\Application Data\WiIcWRekwAE.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1990792646-2492842019-661982708-500[...]\Run : fmueldk ("c:\documents and settings\administrateur\local settings\application data\fmueldk.exe" fmueldk) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1990792646-2492842019-661982708-500[...]\Run : 4ECYTQ9SIC (C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Fk1.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1990792646-2492842019-661982708-500[...]\Run : WiIcWRekwAE (C:\Documents and Settings\All Users\Application Data\WiIcWRekwAE.exe) -> FOUND
[BLACKLIST] HKLM\[...]\Root : LEGACY_SSHNAS () -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> FOUND
[HJPOL] HKCU\[...]\Explorer : NoDesktop (1) -> FOUND
[HJ] HKCU\[...]\ActiveDesktop : NoChangingWallPaper (1) -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
Fichier HOSTS:
Termine : << RKreport[1].txt >>
RKreport[1].txt
Je vous remercie par avance pour les conseils que vous pourrez m'apporter car je suis une vraie billen en informatique.
A voir également:
- Infection rogue
- Rogue killer - Télécharger - Antivirus & Antimalwares
- Rogue remover - Télécharger - Sécurité
- Rogue ali x - Accueil - Jeu vidéo
- Rogue Applications Remover - Télécharger - Sécurité
- Infection ou pas? ✓ - Forum Virus
54 réponses
Connecte tes clés usb etc car ce script va éliminer également une infection par usb
'ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶ Copie/colle les lignes suivantes en gras et place les dans la zone "personnalisation" :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
Updater.exe
:Services
:OTL
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.100005
[2011/06/13 19:08:49 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\n8pu47jh.default\extensions\toolbar@ask.com
[2011/06/14 19:50:21 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\n8pu47jh.default\searchplugins\askcom.xml
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM\..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found
[2011/06/18 16:01:26 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/06/17 22:37:15 | 000,334,300 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fmueldk_nav.dat
[2010/06/17 22:37:15 | 000,006,676 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fmueldk_navps.dat
O33 - MountPoints2\{154a2f26-fca0-11de-b044-001b242183c1}\Shell\AutoRun\command - "" = Faisal\Haram\Faisal.exe
O33 - MountPoints2\{154a2f26-fca0-11de-b044-001b242183c1}\Shell\open\command - "" = Faisal\Haram\Faisal.exe
O33 - MountPoints2\{5d323d09-dbf2-11dd-ad88-001b242183c1}\Shell - "" = AutoRun
O33 - MountPoints2\{5d323d09-dbf2-11dd-ad88-001b242183c1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
O33 - MountPoints2\{61447c42-1360-11e0-b216-001b242183c1}\Shell - "" = AutoRun
O33 - MountPoints2\{61447c42-1360-11e0-b216-001b242183c1}\Shell\AutoRun\command - "" = F:\ReadMe.exe => Infection USB (Trojan.USB)
O33 - MountPoints2\{a3222250-bbb9-11dd-ad31-001b242183c1}\Shell - "" = AutoRun
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" =-
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur « Correction » et laisse l''outil travailler. L''ordinateur redémarre.
▶ Copie/colle la totalité du rapport dans ta prochaine réponse.
'ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶ Copie/colle les lignes suivantes en gras et place les dans la zone "personnalisation" :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
Updater.exe
:Services
:OTL
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.100005
[2011/06/13 19:08:49 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\n8pu47jh.default\extensions\toolbar@ask.com
[2011/06/14 19:50:21 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\n8pu47jh.default\searchplugins\askcom.xml
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM\..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found
[2011/06/18 16:01:26 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/06/17 22:37:15 | 000,334,300 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fmueldk_nav.dat
[2010/06/17 22:37:15 | 000,006,676 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fmueldk_navps.dat
O33 - MountPoints2\{154a2f26-fca0-11de-b044-001b242183c1}\Shell\AutoRun\command - "" = Faisal\Haram\Faisal.exe
O33 - MountPoints2\{154a2f26-fca0-11de-b044-001b242183c1}\Shell\open\command - "" = Faisal\Haram\Faisal.exe
O33 - MountPoints2\{5d323d09-dbf2-11dd-ad88-001b242183c1}\Shell - "" = AutoRun
O33 - MountPoints2\{5d323d09-dbf2-11dd-ad88-001b242183c1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
O33 - MountPoints2\{61447c42-1360-11e0-b216-001b242183c1}\Shell - "" = AutoRun
O33 - MountPoints2\{61447c42-1360-11e0-b216-001b242183c1}\Shell\AutoRun\command - "" = F:\ReadMe.exe => Infection USB (Trojan.USB)
O33 - MountPoints2\{a3222250-bbb9-11dd-ad31-001b242183c1}\Shell - "" = AutoRun
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" =-
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur « Correction » et laisse l''outil travailler. L''ordinateur redémarre.
▶ Copie/colle la totalité du rapport dans ta prochaine réponse.
Bonjour,
J'ai fait la correction sur les USB, mais il y a une erreur lors de la création du rapport. j'ai redémarré l'ordi, effectivement pas de rapport, j'ai donc recommencé, mais là encore il y a eu une erreur lors de la création du rapport et un message d'erreur type "la mémoire ne peut pas être read".
Par ailleurs, avast vient de trouver un rootkit.
J'ai fait la correction sur les USB, mais il y a une erreur lors de la création du rapport. j'ai redémarré l'ordi, effectivement pas de rapport, j'ai donc recommencé, mais là encore il y a eu une erreur lors de la création du rapport et un message d'erreur type "la mémoire ne peut pas être read".
Par ailleurs, avast vient de trouver un rootkit.
Hello,
▶ Télécharge UsbFix (TeamXScript) sur ton Bureau. Si ton antivirus affiche une alerte, ignore le et désactive le temporairement.
▶ Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir
▶ Vista/Seven : Clic droit sur UsbFix > Exécuter en tant qu''administrateur, l''installation se fera automatiquement
XP : double clic sur UsbFix
▶ Clique sur "Recherche"
▶ Laisse travailler l''outil
▶ A la fin, le rapport va s''afficher : poste le dans ta prochaine réponse (il est aussi sauvegardé a la racine du disque dur)
▶ Aide en images : Tutoriel "Recherche"
▶ Télécharge UsbFix (TeamXScript) sur ton Bureau. Si ton antivirus affiche une alerte, ignore le et désactive le temporairement.
▶ Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir
▶ Vista/Seven : Clic droit sur UsbFix > Exécuter en tant qu''administrateur, l''installation se fera automatiquement
XP : double clic sur UsbFix
▶ Clique sur "Recherche"
▶ Laisse travailler l''outil
▶ A la fin, le rapport va s''afficher : poste le dans ta prochaine réponse (il est aussi sauvegardé a la racine du disque dur)
▶ Aide en images : Tutoriel "Recherche"
############################## | UsbFix 7.048 | [Recherche]
Utilisateur: Administrateur (Administrateur) # PSYCHEDELILIE [ ]
Mis à jour le 11/06/2011 par TeamXscript
Lancé à 14:55:17 | 19/06/2011
Site Web: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com
CPU: AMD Turion(tm) 64 Mobile Technology MK-36
Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Pare-feu Windows: Activé
Antivirus: Microsoft Security Essentials 3.0.8107.0 [Enabled | Updated]
Antivirus: avast! Antivirus 5.0.100664421 [(!) Disabled | Updated]
Firewall: Norton Internet Worm Protection 2006 [(!) Disabled]
RAM -> 1023 Mo
C:\ (%systemdrive%) -> Disque fixe # 65 Go (12 Go libre(s) - 19%) [] # NTFS
D:\ -> Disque fixe # 8 Go (1 Go libre(s) - 14%) [HP_RECOVERY] # FAT32
E:\ -> CD-ROM
F:\ -> Disque amovible # 2 Go (2 Go libre(s) - 98%) [BUCAILLE] # FAT
G:\ -> Disque fixe # 233 Go (201 Go libre(s) - 86%) [USB-HDD] # FAT32
################## | Éléments infectieux |
Présent! C:\WINDOWS\fonts\RandFont.dll
################## | Registre |
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{154a2f26-fca0-11de-b044-001b242183c1}
Shell\AutoRun\Command = Faisal\Haram\Faisal.exe
Shell\open\Command = Faisal\Haram\Faisal.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{5d323d09-dbf2-11dd-ad88-001b242183c1}
Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
HKCU\.\.\.\.\Explorer\MountPoints2\{61447c42-1360-11e0-b216-001b242183c1}
Shell\AutoRun\Command = F:\ReadMe.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{a3222250-bbb9-11dd-ad31-001b242183c1}
Shell\AutoRun\Command = G:\LaunchU3.exe -a
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné!
################## | E.O.F |
Utilisateur: Administrateur (Administrateur) # PSYCHEDELILIE [ ]
Mis à jour le 11/06/2011 par TeamXscript
Lancé à 14:55:17 | 19/06/2011
Site Web: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com
CPU: AMD Turion(tm) 64 Mobile Technology MK-36
Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Pare-feu Windows: Activé
Antivirus: Microsoft Security Essentials 3.0.8107.0 [Enabled | Updated]
Antivirus: avast! Antivirus 5.0.100664421 [(!) Disabled | Updated]
Firewall: Norton Internet Worm Protection 2006 [(!) Disabled]
RAM -> 1023 Mo
C:\ (%systemdrive%) -> Disque fixe # 65 Go (12 Go libre(s) - 19%) [] # NTFS
D:\ -> Disque fixe # 8 Go (1 Go libre(s) - 14%) [HP_RECOVERY] # FAT32
E:\ -> CD-ROM
F:\ -> Disque amovible # 2 Go (2 Go libre(s) - 98%) [BUCAILLE] # FAT
G:\ -> Disque fixe # 233 Go (201 Go libre(s) - 86%) [USB-HDD] # FAT32
################## | Éléments infectieux |
Présent! C:\WINDOWS\fonts\RandFont.dll
################## | Registre |
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{154a2f26-fca0-11de-b044-001b242183c1}
Shell\AutoRun\Command = Faisal\Haram\Faisal.exe
Shell\open\Command = Faisal\Haram\Faisal.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{5d323d09-dbf2-11dd-ad88-001b242183c1}
Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
HKCU\.\.\.\.\Explorer\MountPoints2\{61447c42-1360-11e0-b216-001b242183c1}
Shell\AutoRun\Command = F:\ReadMe.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{a3222250-bbb9-11dd-ad31-001b242183c1}
Shell\AutoRun\Command = G:\LaunchU3.exe -a
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné!
################## | E.O.F |
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Hello ;)
Merci gen-hackman !!
#Lilyie : tu peux oui ... !
Remets un mot quand tu auras désinstallé Avast : un seul antivirus sur un pc !
Voici pour désinstaller proprement: https://www.avast.com/fr-fr/uninstall-utility
Mets un mot quand c est fait.
Merci gen-hackman !!
#Lilyie : tu peux oui ... !
Remets un mot quand tu auras désinstallé Avast : un seul antivirus sur un pc !
Voici pour désinstaller proprement: https://www.avast.com/fr-fr/uninstall-utility
Mets un mot quand c est fait.
Autre chose, dans mes programmes, Microsoft office est vide, je ne vois plus ni excel ni word, pourtant en double cliquant sur des fichiers ils s'ouvrent...
Ok.
Pour office, tu vas dans le dossier que tu parles et tu cherches après winword.exe , excel.exe et tu fais clic droit>envoyer vers>bureau
_______________________
Refais un diagnostic avec ZHPDiag
Pour office, tu vas dans le dossier que tu parles et tu cherches après winword.exe , excel.exe et tu fais clic droit>envoyer vers>bureau
_______________________
Refais un diagnostic avec ZHPDiag
Bonsoir,
J'ai toujours le pb des rapports ZHPdiag, rien sur le bureau, j'ai juste trouvé un raccourci qui ne fonctionne pas dans C:\administrateur\recent.
Sans compter les messages d erreurs.
Il y a t il une autre maniere de faire un diagnostic?
J'ai toujours le pb des rapports ZHPdiag, rien sur le bureau, j'ai juste trouvé un raccourci qui ne fonctionne pas dans C:\administrateur\recent.
Sans compter les messages d erreurs.
Il y a t il une autre maniere de faire un diagnostic?
ok ben refais ça alors : https://forums.commentcamarche.net/forum/affich-22357563-infection-rogue#24
'ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶ Copie/colle les lignes suivantes en gras et place les dans la zone "personnalisation" :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
Updater.exe
:Services
:OTL
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.100005
[2011/06/13 19:08:49 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\n8pu47jh.default\extensions\toolbar@ask.com
[2011/06/22 20:10:49 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\n8pu47jh.default\searchplugins\askcom.xml
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM\..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
[2011/06/22 19:01:22 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/06/17 22:37:15 | 000,334,300 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fmueldk_nav.dat
[2010/06/17 22:37:15 | 000,006,676 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fmueldk_navps.dat
[2010/06/17 22:37:15 | 000,003,392 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fmueldk.dat
[2009/12/15 11:22:32 | 000,038,380 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\xcuejcf.exe
[2011/01/06 23:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\AskToolbar
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}"=-
"fmueldk"=-
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur « Correction » et laisse l''outil travailler. L''ordinateur redémarre.
▶ Copie/colle la totalité du rapport dans ta prochaine réponse.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶ Copie/colle les lignes suivantes en gras et place les dans la zone "personnalisation" :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
Updater.exe
:Services
:OTL
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.100005
[2011/06/13 19:08:49 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\n8pu47jh.default\extensions\toolbar@ask.com
[2011/06/22 20:10:49 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\n8pu47jh.default\searchplugins\askcom.xml
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM\..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
[2011/06/22 19:01:22 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/06/17 22:37:15 | 000,334,300 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fmueldk_nav.dat
[2010/06/17 22:37:15 | 000,006,676 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fmueldk_navps.dat
[2010/06/17 22:37:15 | 000,003,392 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fmueldk.dat
[2009/12/15 11:22:32 | 000,038,380 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\xcuejcf.exe
[2011/01/06 23:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\AskToolbar
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}"=-
"fmueldk"=-
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur « Correction » et laisse l''outil travailler. L''ordinateur redémarre.
▶ Copie/colle la totalité du rapport dans ta prochaine réponse.
J'ai un doute sur le rapport parce que j en ai plusieurs sur mon bureau, j'aurais peut etre dû les effacer au fur et à mesure...
OTL logfile created on: 18/06/2011 21:17:19 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
1022,54 Mb Total Physical Memory | 414,25 Mb Available Physical Memory | 40,51% Memory free
2,40 Gb Paging File | 1,75 Gb Available in Paging File | 72,78% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 65,18 Gb Total Space | 12,43 Gb Free Space | 19,06% Space Free | Partition Type: NTFS
Drive D: | 8,32 Gb Total Space | 1,17 Gb Free Space | 14,03% Space Free | Partition Type: FAT32
Computer Name: PSYCHEDELILIE | User Name: Administrateur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2011/06/18 21:16:06 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/05/10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/09/20 23:07:44 | 000,932,288 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/18 16:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - [2011/06/18 21:16:06 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
MOD - [2011/05/10 14:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 18:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/08/18 10:00:00 | 001,470,464 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2006/08/18 10:00:00 | 000,327,680 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwrsfr.dll
MOD - [2006/08/18 10:00:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/05/10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/02/11 19:12:38 | 000,167,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TRENDnet\TEW-649UB\WLSVC.exe -- (WLSVC)
SRV - [2006/06/12 13:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2006/05/18 16:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 21:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2011/06/18 21:09:49 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF20DCC7-C0E4-4ED6-9429-395F647BB87D}\MpKsla541cfd4.sys -- (MpKsla541cfd4)
DRV - [2011/06/18 15:11:06 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF20DCC7-C0E4-4ED6-9429-395F647BB87D}\MpKslfe73bfc9.sys -- (MpKslfe73bfc9)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 14:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 13:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/08/05 22:23:22 | 000,588,032 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2008/05/08 16:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 20:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/02/27 10:54:00 | 000,020,480 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WLNdis50.sys -- (WLNdis50)
DRV - [2006/06/19 14:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/02 02:02:36 | 000,572,928 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/12 22:05:02 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/04/28 19:12:00 | 000,429,184 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/04/19 12:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/19 12:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/19 12:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/04/07 17:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)
DRV - [2006/03/25 06:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2006/03/25 06:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2006/03/06 01:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/03 02:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 02:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/27 02:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/11/19 03:13:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2005/11/16 06:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 04:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/11/01 03:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/09/19 14:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 14:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 14:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/08/04 08:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2003/08/04 14:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.100005
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..keyword.URL: "http://www.search.ask.com/?l=dis"
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/15 18:51:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/15 21:11:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/14 18:32:03 | 000,000,000 | ---D | M]
[2009/04/19 15:06:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions
[2009/04/19 15:06:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/06/14 19:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\n8pu47jh.default\extensions
[2009/09/07 23:30:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\n8pu47jh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/19 15:04:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\n8pu47jh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/06/13 19:08:49 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\n8pu47jh.default\extensions\toolbar@ask.com
[2011/06/12 22:40:32 | 000,002,192 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\n8pu47jh.default\searchplugins\askcom-1.xml
[2011/06/14 19:50:21 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\n8pu47jh.default\searchplugins\askcom.xml
[2011/06/14 19:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/15 18:51:21 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/04/19 14:53:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/07/27 19:41:20 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/07/27 19:41:20 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/07/27 19:41:20 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/08/29 09:39:54 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/07/27 19:41:20 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/07/27 19:41:20 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (ECarteBleueBrowserHelper Class) - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222794248296 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} https://www.photobox.fr/?channel=1005 (PB_Uploader Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 109.0.66.20 109.0.66.10
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 13:07:38 | 000,000,000 | --S- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{154a2f26-fca0-11de-b044-001b242183c1}\Shell\AutoRun\command - "" = Faisal\Haram\Faisal.exe
O33 - MountPoints2\{154a2f26-fca0-11de-b044-001b242183c1}\Shell\open\command - "" = Faisal\Haram\Faisal.exe
O33 - MountPoints2\{5d323d09-dbf2-11dd-ad88-001b242183c1}\Shell - "" = AutoRun
O33 - MountPoints2\{5d323d09-dbf2-11dd-ad88-001b242183c1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
O33 - MountPoints2\{61447c42-1360-11e0-b216-001b242183c1}\Shell - "" = AutoRun
O33 - MountPoints2\{61447c42-1360-11e0-b216-001b242183c1}\Shell\AutoRun\command - "" = F:\ReadMe.exe
O33 - MountPoints2\{a3222250-bbb9-11dd-ad31-001b242183c1}\Shell - "" = AutoRun
O33 - MountPoints2\{a3222250-bbb9-11dd-ad31-001b242183c1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - .NET Framework
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
CREATERESTOREPOINT
Error starting restore point: 87
Error closing restore point: The sequence number is invalid.
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2011/06/18 21:16:10 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2011/06/18 14:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP
[2011/06/18 14:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2011/06/14 20:47:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Microsoft Office Live Add-in
[2011/06/14 20:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2011/06/14 20:45:44 | 000,054,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fssfltr_tdi.sys
[2011/06/14 20:44:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/06/14 20:41:42 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2011/06/14 20:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/06/14 19:14:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
[2011/06/14 19:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2011/06/14 19:14:01 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/14 19:13:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/14 19:13:47 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/14 19:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/14 19:10:36 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrateur\Bureau\mbam-setup-1.51.0.1200.exe
[2011/06/13 20:37:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrateur\Recent
[2011/06/13 20:05:22 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/06/13 19:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/13 19:32:57 | 008,134,272 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrateur\Mes documents\mseinstall.exe
[2011/06/13 19:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\CCleaner
[2011/05/29 18:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Mes documents\Stats
[2011/05/24 22:44:59 | 000,000,000 | --SD | C] -- C:\found.000
[2011/05/24 22:10:42 | 000,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\beep.sys
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Administrateur\Bureau\*.tmp files -> C:\Documents and Settings\Administrateur\Bureau\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2011/06/18 21:22:36 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/06/18 21:16:06 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2011/06/18 21:14:49 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/18 21:11:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/18 21:11:18 | 000,001,439 | -HS- | M] () -- C:\hpqp.ini
[2011/06/18 21:10:46 | 000,000,044 | ---- | M] () -- C:\XP_TV.ini
[2011/06/18 21:10:30 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/06/18 21:09:08 | 1072,279,552 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/18 16:01:26 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/06/18 14:24:23 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\MBRCheck.lnk
[2011/06/18 14:24:23 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\ZHPDiag.lnk
[2011/06/18 14:24:23 | 000,000,661 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\ZHPFix.lnk
[2011/06/18 14:22:42 | 002,478,366 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\ZHPDiag2.zip
[2011/06/18 13:45:00 | 000,375,022 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\DelFix.exe
[2011/06/14 19:14:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/06/14 19:10:30 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrateur\Bureau\mbam-setup-1.51.0.1200.exe
[2011/06/14 18:32:04 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2011/06/13 20:45:22 | 000,511,488 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\RogueKiller.exe
[2011/06/13 19:35:38 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/06/13 19:32:57 | 008,134,272 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrateur\Mes documents\mseinstall.exe
[2011/06/13 19:12:37 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/26 20:54:58 | 000,583,032 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2011/05/26 20:54:58 | 000,485,644 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/26 20:54:58 | 000,114,220 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2011/05/26 20:54:58 | 000,087,886 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/23 22:32:14 | 009,717,572 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\camille.chabernaud_3427.pdf
[2011/05/23 22:21:38 | 000,006,508 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\220px-NF-1-Tache_cafe-au-lait.jpg
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Administrateur\Bureau\*.tmp files -> C:\Documents and Settings\Administrateur\Bureau\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2011/06/18 14:24:23 | 000,000,673 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\MBRCheck.lnk
[2011/06/18 14:24:23 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\ZHPDiag.lnk
[2011/06/18 14:24:23 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\ZHPFix.lnk
[2011/06/18 14:22:42 | 002,478,366 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\ZHPDiag2.zip
[2011/06/18 13:45:01 | 000,375,022 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\DelFix.exe
[2011/06/14 19:14:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/06/14 18:30:10 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 9.lnk
[2011/06/14 18:30:10 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2011/06/13 20:05:32 | 000,000,390 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/06/13 19:52:09 | 000,511,488 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\RogueKiller.exe
[2011/06/13 19:40:28 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/13 19:35:38 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/06/13 19:34:45 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Microsoft Security Essentials.lnk
[2011/06/13 19:12:37 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2011/06/13 18:37:39 | 1072,279,552 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/23 22:32:14 | 009,717,572 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\camille.chabernaud_3427.pdf
[2011/05/23 22:21:38 | 000,006,508 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\220px-NF-1-Tache_cafe-au-lait.jpg
[2011/05/15 17:46:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2010/06/17 22:37:15 | 000,334,300 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fmueldk_nav.dat
[2010/06/17 22:37:15 | 000,006,676 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fmueldk_navps.dat
[2010/06/17 22:37:15 | 000,003,392 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fmueldk.dat
[2010/01/09 17:40:18 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/12/15 11:22:32 | 000,038,380 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\xcuejcf.exe
[2009/05/30 14:49:03 | 000,000,422 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\wklnhst.dat
[2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/10/10 20:52:46 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/26 22:23:32 | 000,016,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 22:23:30 | 000,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 22:23:28 | 000,016,036 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/11/25 14:16:28 | 000,001,368 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/11/25 13:27:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/07/14 22:04:39 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2007/07/14 22:04:39 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2007/05/01 19:59:34 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/05/01 19:56:04 | 000,131,942 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2007/04/15 22:32:35 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/04/15 22:32:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/02/04 14:40:05 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/24 21:15:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/09/20 08:39:19 | 000,030,194 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/08/18 10:00:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/18 10:00:00 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/18 10:00:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/18 10:00:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/18 10:00:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/18 10:00:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/18 10:00:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/18 10:00:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/18 10:00:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/29 12:10:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 11:45:54 | 000,088,020 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/06/29 11:43:36 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 11:39:46 | 000,000,821 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/29 11:24:34 | 000,583,032 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2006/06/29 11:24:34 | 000,485,644 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/29 11:24:34 | 000,114,220 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2006/06/29 11:24:34 | 000,087,886 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/29 11:19:28 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fusioncache.dat
[2006/06/29 11:15:42 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/29 11:11:12 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/29 11:07:00 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/05/06 02:21:26 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/03/25 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/25 06:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2006/03/25 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/25 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/25 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/25 06:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2006/03/25 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/25 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/25 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/25 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/12/02 20:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 23:38:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/06 04:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2003/04/01 11:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 23:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 23:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/07 03:00:00 | 000,003,279 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
[2011/06/14 18:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/05/15 18:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2007/04/16 21:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2010/01/20 21:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2006/09/20 08:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2006/09/20 16:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2011/06/14 19:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/31 16:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/06/14 20:43:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2006/09/20 08:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2006/09/20 16:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2006/09/20 16:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2011/05/15 19:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\StatSoft
[2007/03/29 19:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2007/04/18 08:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/04/04 12:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
[2011/06/14 22:31:16 | 000,084,480 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D343A8D2-B702-4338-B96F-7C2411249F93}-shey.exe
[2007/03/25 19:03:18 | 000,013,069 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\758D3AB1.exe
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2011/05/24 22:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Adobe
[2008/10/11 10:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\AdobeUM
[2011/01/06 23:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\AskToolbar
[2008/10/11 13:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\CyberLink
[2010/05/16 17:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Facebook
[2008/10/06 22:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\HP
[2006/09/20 16:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Identities
[2010/06/03 21:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Image Zone Express
[2011/05/15 17:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\InstallShield
[2010/04/13 20:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\LimeWire
[2008/09/30 19:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Macromedia
[2011/06/14 19:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
[2011/06/14 22:33:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrateur\Application Data\Microsoft
[2009/03/04 22:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla
[2011/05/15 19:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\StatSoft
[2008/10/19 21:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Sun
[2009/05/30 14:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Template
[2008/11/26 15:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\U3
[2009/04/19 11:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\uTorrent
[2008/10/01 03:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Windows Desktop Search
[2008/10/15 23:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Windows Search
[2008/10/15 23:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\WinRAR
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2010/05/16 17:14:17 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Documents and Settings\Administrateur\Application Data\Facebook\uninstall.exe
[2010/03/20 21:36:13 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
[2010/03/20 21:36:14 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\updater.exe
[2010/03/20 21:36:14 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
[2010/03/20 21:36:14 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
[2010/03/20 21:36:14 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xpidl.exe
[2010/03/20 21:36:14 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
[2010/03/20 21:36:14 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
[2010/03/20 21:36:14 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
[2010/03/20 21:36:15 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
[2006/06/29 11:20:48 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{52FBAE98-D389-4281-8C14-21B4046CCB4E}\ARPPRODUCTICON.exe
[2006/06/29 11:20:54 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{B16AF568-A644-483C-A6DA-5028CD019C8C}\ARPPRODUCTICON.exe
[2011/05/13 21:46:20 | 003,325,832 | ---- | M] (Ask) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\n8pu47jh.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
[2007/10/23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\U3\temp\cleanup.exe
[2008/05/02 11:41:48 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Administrateur\Application Data\U3\temp\Launchpad Removal.exe
[color=#A23BEC]< %temp%\*.exe /s >[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2006/06/29 12:58:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006/06/29 12:58:44 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2007/06/13 15:10:53 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=B795475444D6D57A572C14B9E1A29839 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 15:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29
OTL logfile created on: 18/06/2011 21:17:19 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
1022,54 Mb Total Physical Memory | 414,25 Mb Available Physical Memory | 40,51% Memory free
2,40 Gb Paging File | 1,75 Gb Available in Paging File | 72,78% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 65,18 Gb Total Space | 12,43 Gb Free Space | 19,06% Space Free | Partition Type: NTFS
Drive D: | 8,32 Gb Total Space | 1,17 Gb Free Space | 14,03% Space Free | Partition Type: FAT32
Computer Name: PSYCHEDELILIE | User Name: Administrateur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2011/06/18 21:16:06 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/05/10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/09/20 23:07:44 | 000,932,288 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/18 16:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - [2011/06/18 21:16:06 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
MOD - [2011/05/10 14:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 18:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/08/18 10:00:00 | 001,470,464 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2006/08/18 10:00:00 | 000,327,680 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwrsfr.dll
MOD - [2006/08/18 10:00:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/05/10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/02/11 19:12:38 | 000,167,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TRENDnet\TEW-649UB\WLSVC.exe -- (WLSVC)
SRV - [2006/06/12 13:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2006/05/18 16:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 21:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2011/06/18 21:09:49 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF20DCC7-C0E4-4ED6-9429-395F647BB87D}\MpKsla541cfd4.sys -- (MpKsla541cfd4)
DRV - [2011/06/18 15:11:06 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF20DCC7-C0E4-4ED6-9429-395F647BB87D}\MpKslfe73bfc9.sys -- (MpKslfe73bfc9)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 14:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 13:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/08/05 22:23:22 | 000,588,032 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2008/05/08 16:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 20:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/02/27 10:54:00 | 000,020,480 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WLNdis50.sys -- (WLNdis50)
DRV - [2006/06/19 14:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/02 02:02:36 | 000,572,928 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/12 22:05:02 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/04/28 19:12:00 | 000,429,184 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/04/19 12:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/19 12:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/19 12:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/04/07 17:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)
DRV - [2006/03/25 06:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2006/03/25 06:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2006/03/06 01:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/03 02:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 02:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/27 02:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/11/19 03:13:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2005/11/16 06:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 04:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/11/01 03:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/09/19 14:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 14:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 14:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/08/04 08:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2003/08/04 14:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.100005
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..keyword.URL: "http://www.search.ask.com/?l=dis"
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/15 18:51:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/15 21:11:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/14 18:32:03 | 000,000,000 | ---D | M]
[2009/04/19 15:06:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions
[2009/04/19 15:06:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/06/14 19:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\n8pu47jh.default\extensions
[2009/09/07 23:30:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\n8pu47jh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/19 15:04:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\n8pu47jh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/06/13 19:08:49 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\n8pu47jh.default\extensions\toolbar@ask.com
[2011/06/12 22:40:32 | 000,002,192 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\n8pu47jh.default\searchplugins\askcom-1.xml
[2011/06/14 19:50:21 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\n8pu47jh.default\searchplugins\askcom.xml
[2011/06/14 19:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/15 18:51:21 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/04/19 14:53:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/07/27 19:41:20 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/07/27 19:41:20 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/07/27 19:41:20 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/08/29 09:39:54 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/07/27 19:41:20 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/07/27 19:41:20 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (ECarteBleueBrowserHelper Class) - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222794248296 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} https://www.photobox.fr/?channel=1005 (PB_Uploader Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 109.0.66.20 109.0.66.10
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 13:07:38 | 000,000,000 | --S- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{154a2f26-fca0-11de-b044-001b242183c1}\Shell\AutoRun\command - "" = Faisal\Haram\Faisal.exe
O33 - MountPoints2\{154a2f26-fca0-11de-b044-001b242183c1}\Shell\open\command - "" = Faisal\Haram\Faisal.exe
O33 - MountPoints2\{5d323d09-dbf2-11dd-ad88-001b242183c1}\Shell - "" = AutoRun
O33 - MountPoints2\{5d323d09-dbf2-11dd-ad88-001b242183c1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
O33 - MountPoints2\{61447c42-1360-11e0-b216-001b242183c1}\Shell - "" = AutoRun
O33 - MountPoints2\{61447c42-1360-11e0-b216-001b242183c1}\Shell\AutoRun\command - "" = F:\ReadMe.exe
O33 - MountPoints2\{a3222250-bbb9-11dd-ad31-001b242183c1}\Shell - "" = AutoRun
O33 - MountPoints2\{a3222250-bbb9-11dd-ad31-001b242183c1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - .NET Framework
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
CREATERESTOREPOINT
Error starting restore point: 87
Error closing restore point: The sequence number is invalid.
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2011/06/18 21:16:10 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2011/06/18 14:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP
[2011/06/18 14:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2011/06/14 20:47:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Microsoft Office Live Add-in
[2011/06/14 20:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2011/06/14 20:45:44 | 000,054,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fssfltr_tdi.sys
[2011/06/14 20:44:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/06/14 20:41:42 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2011/06/14 20:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/06/14 19:14:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
[2011/06/14 19:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2011/06/14 19:14:01 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/14 19:13:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/14 19:13:47 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/14 19:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/14 19:10:36 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrateur\Bureau\mbam-setup-1.51.0.1200.exe
[2011/06/13 20:37:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrateur\Recent
[2011/06/13 20:05:22 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/06/13 19:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/13 19:32:57 | 008,134,272 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrateur\Mes documents\mseinstall.exe
[2011/06/13 19:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\CCleaner
[2011/05/29 18:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Mes documents\Stats
[2011/05/24 22:44:59 | 000,000,000 | --SD | C] -- C:\found.000
[2011/05/24 22:10:42 | 000,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\beep.sys
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Administrateur\Bureau\*.tmp files -> C:\Documents and Settings\Administrateur\Bureau\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2011/06/18 21:22:36 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/06/18 21:16:06 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2011/06/18 21:14:49 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/18 21:11:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/18 21:11:18 | 000,001,439 | -HS- | M] () -- C:\hpqp.ini
[2011/06/18 21:10:46 | 000,000,044 | ---- | M] () -- C:\XP_TV.ini
[2011/06/18 21:10:30 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/06/18 21:09:08 | 1072,279,552 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/18 16:01:26 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/06/18 14:24:23 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\MBRCheck.lnk
[2011/06/18 14:24:23 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\ZHPDiag.lnk
[2011/06/18 14:24:23 | 000,000,661 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\ZHPFix.lnk
[2011/06/18 14:22:42 | 002,478,366 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\ZHPDiag2.zip
[2011/06/18 13:45:00 | 000,375,022 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\DelFix.exe
[2011/06/14 19:14:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/06/14 19:10:30 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrateur\Bureau\mbam-setup-1.51.0.1200.exe
[2011/06/14 18:32:04 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2011/06/13 20:45:22 | 000,511,488 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\RogueKiller.exe
[2011/06/13 19:35:38 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/06/13 19:32:57 | 008,134,272 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrateur\Mes documents\mseinstall.exe
[2011/06/13 19:12:37 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/26 20:54:58 | 000,583,032 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2011/05/26 20:54:58 | 000,485,644 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/26 20:54:58 | 000,114,220 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2011/05/26 20:54:58 | 000,087,886 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/23 22:32:14 | 009,717,572 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\camille.chabernaud_3427.pdf
[2011/05/23 22:21:38 | 000,006,508 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\220px-NF-1-Tache_cafe-au-lait.jpg
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Administrateur\Bureau\*.tmp files -> C:\Documents and Settings\Administrateur\Bureau\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2011/06/18 14:24:23 | 000,000,673 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\MBRCheck.lnk
[2011/06/18 14:24:23 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\ZHPDiag.lnk
[2011/06/18 14:24:23 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\ZHPFix.lnk
[2011/06/18 14:22:42 | 002,478,366 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\ZHPDiag2.zip
[2011/06/18 13:45:01 | 000,375,022 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\DelFix.exe
[2011/06/14 19:14:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/06/14 18:30:10 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 9.lnk
[2011/06/14 18:30:10 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2011/06/13 20:05:32 | 000,000,390 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/06/13 19:52:09 | 000,511,488 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\RogueKiller.exe
[2011/06/13 19:40:28 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/13 19:35:38 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/06/13 19:34:45 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Microsoft Security Essentials.lnk
[2011/06/13 19:12:37 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2011/06/13 18:37:39 | 1072,279,552 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/23 22:32:14 | 009,717,572 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\camille.chabernaud_3427.pdf
[2011/05/23 22:21:38 | 000,006,508 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\220px-NF-1-Tache_cafe-au-lait.jpg
[2011/05/15 17:46:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2010/06/17 22:37:15 | 000,334,300 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fmueldk_nav.dat
[2010/06/17 22:37:15 | 000,006,676 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fmueldk_navps.dat
[2010/06/17 22:37:15 | 000,003,392 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fmueldk.dat
[2010/01/09 17:40:18 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/12/15 11:22:32 | 000,038,380 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\xcuejcf.exe
[2009/05/30 14:49:03 | 000,000,422 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\wklnhst.dat
[2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/10/10 20:52:46 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/26 22:23:32 | 000,016,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 22:23:30 | 000,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 22:23:28 | 000,016,036 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/11/25 14:16:28 | 000,001,368 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/11/25 13:27:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/07/14 22:04:39 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2007/07/14 22:04:39 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2007/05/01 19:59:34 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/05/01 19:56:04 | 000,131,942 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2007/04/15 22:32:35 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/04/15 22:32:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/02/04 14:40:05 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/24 21:15:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/09/20 08:39:19 | 000,030,194 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/08/18 10:00:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/18 10:00:00 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/18 10:00:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/18 10:00:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/18 10:00:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/18 10:00:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/18 10:00:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/18 10:00:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/18 10:00:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/29 12:10:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 11:45:54 | 000,088,020 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/06/29 11:43:36 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 11:39:46 | 000,000,821 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/29 11:24:34 | 000,583,032 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2006/06/29 11:24:34 | 000,485,644 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/29 11:24:34 | 000,114,220 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2006/06/29 11:24:34 | 000,087,886 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/29 11:19:28 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fusioncache.dat
[2006/06/29 11:15:42 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/29 11:11:12 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/29 11:07:00 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/05/06 02:21:26 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/03/25 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/25 06:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2006/03/25 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/25 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/25 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/25 06:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2006/03/25 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/25 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/25 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/25 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/12/02 20:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 23:38:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/06 04:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2003/04/01 11:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 23:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 23:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/07 03:00:00 | 000,003,279 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
[2011/06/14 18:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/05/15 18:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2007/04/16 21:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2010/01/20 21:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2006/09/20 08:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2006/09/20 16:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2011/06/14 19:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/31 16:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/06/14 20:43:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2006/09/20 08:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2006/09/20 16:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2006/09/20 16:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2011/05/15 19:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\StatSoft
[2007/03/29 19:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2007/04/18 08:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/04/04 12:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
[2011/06/14 22:31:16 | 000,084,480 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D343A8D2-B702-4338-B96F-7C2411249F93}-shey.exe
[2007/03/25 19:03:18 | 000,013,069 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\758D3AB1.exe
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2011/05/24 22:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Adobe
[2008/10/11 10:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\AdobeUM
[2011/01/06 23:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\AskToolbar
[2008/10/11 13:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\CyberLink
[2010/05/16 17:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Facebook
[2008/10/06 22:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\HP
[2006/09/20 16:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Identities
[2010/06/03 21:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Image Zone Express
[2011/05/15 17:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\InstallShield
[2010/04/13 20:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\LimeWire
[2008/09/30 19:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Macromedia
[2011/06/14 19:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
[2011/06/14 22:33:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrateur\Application Data\Microsoft
[2009/03/04 22:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla
[2011/05/15 19:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\StatSoft
[2008/10/19 21:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Sun
[2009/05/30 14:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Template
[2008/11/26 15:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\U3
[2009/04/19 11:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\uTorrent
[2008/10/01 03:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Windows Desktop Search
[2008/10/15 23:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Windows Search
[2008/10/15 23:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\WinRAR
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2010/05/16 17:14:17 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Documents and Settings\Administrateur\Application Data\Facebook\uninstall.exe
[2010/03/20 21:36:13 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
[2010/03/20 21:36:14 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\updater.exe
[2010/03/20 21:36:14 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
[2010/03/20 21:36:14 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
[2010/03/20 21:36:14 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xpidl.exe
[2010/03/20 21:36:14 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
[2010/03/20 21:36:14 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
[2010/03/20 21:36:14 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
[2010/03/20 21:36:15 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
[2006/06/29 11:20:48 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{52FBAE98-D389-4281-8C14-21B4046CCB4E}\ARPPRODUCTICON.exe
[2006/06/29 11:20:54 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{B16AF568-A644-483C-A6DA-5028CD019C8C}\ARPPRODUCTICON.exe
[2011/05/13 21:46:20 | 003,325,832 | ---- | M] (Ask) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\n8pu47jh.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
[2007/10/23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\U3\temp\cleanup.exe
[2008/05/02 11:41:48 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Administrateur\Application Data\U3\temp\Launchpad Removal.exe
[color=#A23BEC]< %temp%\*.exe /s >[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2006/06/29 12:58:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006/06/29 12:58:44 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2007/06/13 15:10:53 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=B795475444D6D57A572C14B9E1A29839 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 15:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29
