Virus Hadopi - nouvelle variante !!
Résolu/Fermé
mitomat
-
11 avril 2013 à 00:00
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 - 12 avril 2013 à 17:16
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 - 12 avril 2013 à 17:16
A voir également:
- Virus Hadopi - nouvelle variante !!
- Darkino nouvelle adresse - Guide
- Darkino devient DarkiWorld : le site pirate change de nom, d'adresse et d'interface - Guide
- Flixcord nouvelle adresse - Guide
- Nouvelle version outlook - Guide
- Nouvelle chaîne tnt gratuite 2024 - Guide
6 réponses
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 651
Modifié par Malekal_morte- le 11/04/2013 à 21:51
Modifié par Malekal_morte- le 11/04/2013 à 21:51
non c'est pas résolu, faut remettre la clef shell.
Smart91 peux s'en charger (sauf si ça le saoul).
J'ai fait un post sur cette variante : https://www.malekal.com/ransomware-office-centrale-de-la-lutte-contre-la-criminalite-variante-3-nymaim/
J'éditerai http://www.commentcamarche.net/faq/36326-virus-hadopi-virus-ukash-virus-police demain, la flemme là :)
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
Smart91 peux s'en charger (sauf si ça le saoul).
J'ai fait un post sur cette variante : https://www.malekal.com/ransomware-office-centrale-de-la-lutte-contre-la-criminalite-variante-3-nymaim/
J'éditerai http://www.commentcamarche.net/faq/36326-virus-hadopi-virus-ukash-virus-police demain, la flemme là :)
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
Smart91
Messages postés
29096
Date d'inscription
dimanche 15 juillet 2007
Statut
Contributeur sécurité
Dernière intervention
5 avril 2014
2 326
11 avril 2013 à 00:47
11 avril 2013 à 00:47
Bonjour
Est-ce que tu poster le rapport RogueKiller s'il te plait
Ensuite après avoir démarré le PC avec le LiveCD
Fais ceci:
- Double clique sur OTLPE
- Si tu obtiens la même fenêtre avec le message : "Erreur du processus cible", il faut donc aller et sélectionner jusqu'au dossier c:\windows dans l'arborescence en dessous de Disque Local (c:)
- Une fenêtre s'ouvre : Voulez-vous charger les Profils utilisateurs à scanne?[ ; Clique sur OUI
- La liste des profils utilisateurs s'affichent.
- Sélectionne le profil dont la session est infectée.
- Cliquez sur Oui.
OTL se lance
- Copie et colle ce texte dans la partie Custom Scans/Files
----------------------------------------------------------------------------------
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
CREATERESTOREPOINT
nslookup www.google.fr /c
SAVEMBR:0
------------------------------------------------------------------------------------
- Clique sur RunScan et poste le rapport
- La rapport se trouve dans C:\OTL
Smart
Est-ce que tu poster le rapport RogueKiller s'il te plait
Ensuite après avoir démarré le PC avec le LiveCD
Fais ceci:
- Double clique sur OTLPE
- Si tu obtiens la même fenêtre avec le message : "Erreur du processus cible", il faut donc aller et sélectionner jusqu'au dossier c:\windows dans l'arborescence en dessous de Disque Local (c:)
- Une fenêtre s'ouvre : Voulez-vous charger les Profils utilisateurs à scanne?[ ; Clique sur OUI
- La liste des profils utilisateurs s'affichent.
- Sélectionne le profil dont la session est infectée.
- Cliquez sur Oui.
OTL se lance
- Copie et colle ce texte dans la partie Custom Scans/Files
----------------------------------------------------------------------------------
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
CREATERESTOREPOINT
nslookup www.google.fr /c
SAVEMBR:0
------------------------------------------------------------------------------------
- Clique sur RunScan et poste le rapport
- La rapport se trouve dans C:\OTL
Smart
Voici les rapports:
RogueKiller:
RogueKiller V8.5.1 [Feb 12 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Demarrage : Mode normal
Utilisateur : Système [Droits d'admin]
Mode : Recherche -- Date : 11/04/2013 19:36:44
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 13 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowDownloads (0) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> TROUVÉ
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
-> E:\windows\system32\config\SOFTWARE
¤¤¤ Fichier HOSTS: ¤¤¤
--> X:\windows\system32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] f153c1ae80f112861b8680804b71a014
[BSP] f3e6eaf5a97ba0cf9e6823796765844c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 244697 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 532068352 | Size: 217140 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[1]_S_11042013_193644.txt >>
RKreport[1]_S_11042013_193644.txt
OTL:
OTL logfile created on: 2013-04-11 20:29:46 - Run
OTLPE by OldTimer - Version 3.1.29.0 Folder = Y:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 14,65 Gb Total Space | 6,97 Gb Free Space | 47,59% Space Free | Partition Type: NTFS
Drive D: | 28,80 Gb Total Space | 5,02 Gb Free Space | 17,44% Space Free | Partition Type: FAT32
Drive E: | 212,05 Gb Total Space | 30,07 Gb Free Space | 14,18% Space Free | Partition Type: NTFS
Drive F: | 238,96 Gb Total Space | 2,17 Gb Free Space | 0,91% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 256,79 Mb Total Space | 254,36 Mb Free Space | 99,05% Space Free | Partition Type: NTFS
Drive Y: | 577,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: MININT-V2P5C6N
Current User Name: Système
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001
[color=#E56717]========== Win32 Services (SafeList) ==========/color
SRV - [2010-11-21 05:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2010-11-20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009-07-14 03:41:53 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\qwave.dll -- (QWAVE)
[color=#E56717]========== Driver Services (SafeList) ==========/color
[color=#E56717]========== Standard Registry (All) ==========/color
[color=#E56717]========== Internet Explorer ==========/color
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\windows\SysWow64\ieframe.dll File not found
IE - HKU\Matthieu_ON_F\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\Matthieu_ON_F\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\Matthieu_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\Matthieu_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\windows\SysWow64\ieframe.dll File not found
IE - HKU\Matthieu_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Matthieu_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\NetworkService_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\windows\SysWow64\ieframe.dll File not found
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Local Page = X:\windows\system32\blank.htm
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.malekal.com
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = hu
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D4 D9 FD B4 82 D5 CA 01 [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\windows\SysWow64\ieframe.dll File not found
IE - HKU\UpdatusUser_ON_F\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\UpdatusUser_ON_F\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\UpdatusUser_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\UpdatusUser_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\windows\SysWow64\ieframe.dll File not found
IE - HKU\UpdatusUser_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
Hosts file not found
O2:[b]64bit:/b - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:[b]64bit:/b - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL File not found
O2:[b]64bit:/b - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found
O2:[b]64bit:/b - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL File not found
O2:[b]64bit:/b - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll File not found
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll File not found
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll File not found
O4:[b]64bit:/b - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe File not found
O4:[b]64bit:/b - HKLM..\Run: [BTMTrayAgent] File not found
O4:[b]64bit:/b - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe File not found
O4:[b]64bit:/b - HKLM..\Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe File not found
O4:[b]64bit:/b - HKLM..\Run: [IgfxTray] C:\windows\System32\igfxtray.exe File not found
O4:[b]64bit:/b - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe File not found
O4:[b]64bit:/b - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe File not found
O4:[b]64bit:/b - HKLM..\Run: [Persistence] C:\windows\System32\igfxpers.exe File not found
O4:[b]64bit:/b - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe File not found
O4:[b]64bit:/b - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe File not found
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe File not found
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe File not found
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe File not found
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe File not found
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe File not found
O4 - HKU\LocalService_ON_F..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe File not found
O4 - HKU\Matthieu_ON_F..\Run: [AdobeBridge] File not found
O4 - HKU\Matthieu_ON_F..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe File not found
O4 - HKU\Matthieu_ON_F..\Run: [Facebook Update] C:\Users\Matthieu\AppData\Local\Facebook\Update\FacebookUpdate.exe File not found
O4 - HKU\Matthieu_ON_F..\Run: [Google Update] C:\Users\Matthieu\AppData\Local\Google\Update\GoogleUpdate.exe File not found
O4 - HKU\Matthieu_ON_F..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
O4 - HKU\Matthieu_ON_F..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe File not found
O4 - HKU\Matthieu_ON_F..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe File not found
O4 - HKU\Matthieu_ON_F..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe File not found
O4 - HKU\Matthieu_ON_F..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe File not found
O4 - HKU\Matthieu_ON_F..\Run: [SuperCopier2.exe] C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe File not found
O4 - HKU\NetworkService_ON_F..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe File not found
O4 - HKU\UpdatusUser_ON_F..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe File not found
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe File not found
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin] C:\windows\SysWow64\mctadmin.exe File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin] C:\windows\SysWow64\mctadmin.exe File not found
O4 - HKU\UpdatusUser_ON_F..\RunOnce: [mctadmin] C:\windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecycleFiles = 0
O7 - HKU\UpdatusUser_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:[b]64bit:/b - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll File not found
O9:[b]64bit:/b - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll File not found
O9:[b]64bit:/b - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll File not found
O9:[b]64bit:/b - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll File not found
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll File not found
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll File not found
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll File not found
O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll File not found
O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe File not found
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\windows\System32\NLAapi.dll File not found
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\windows\System32\napinsp.dll File not found
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\windows\System32\pnrpnsp.dll File not found
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\windows\System32\pnrpnsp.dll File not found
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\windows\System32\mswsock.dll File not found
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\windows\System32\winrnr.dll File not found
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\windows\System32\wshbth.dll File not found
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\System32\mswsock.dll File not found
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\System32\mswsock.dll File not found
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\windows\System32\mswsock.dll File not found
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\windows\System32\mswsock.dll File not found
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\windows\System32\mswsock.dll File not found
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\windows\System32\mswsock.dll File not found
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\windows\System32\mswsock.dll File not found
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\windows\System32\mswsock.dll File not found
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\windows\System32\mswsock.dll File not found
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\windows\System32\mswsock.dll File not found
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\windows\System32\mswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\windows\SysWow64\NLAapi.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\windows\SysWow64\napinsp.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\windows\SysWow64\pnrpnsp.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\windows\SysWow64\pnrpnsp.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\windows\SysWow64\mswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\windows\SysWow64\winrnr.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\windows\SysWow64\wshbth.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\SysWow64\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\SysWow64\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\windows\SysWow64\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\windows\SysWow64\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\windows\SysWow64\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\windows\SysWow64\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\windows\SysWow64\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\windows\SysWow64\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\windows\SysWow64\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\windows\SysWow64\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\windows\SysWow64\mswsock.dll File not found
O13:[b]64bit:/b - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:[b]64bit:/b - ..Trusted Domains: atos.net ([*.aw] http in Trusted sites)
O15:[b]64bit:/b - ..Trusted Domains: atosorigin.com ([*.aw] http in Trusted sites)
O15:[b]64bit:/b - ..Trusted Domains: geoportail.fr ([]http in Trusted sites)
O15:[b]64bit:/b - ..Trusted Domains: gouv.fr ([*.geoportail] http in Trusted sites)
O15:[b]64bit:/b - ..Trusted Domains: gouv.fr ([geoportail] http in Trusted sites)
O15:[b]64bit:/b - ..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O15:[b]64bit:/b - Matthieu_ON_F\..Trusted Domains: atos.net ([*.aw] http in Trusted sites)
O15:[b]64bit:/b - Matthieu_ON_F\..Trusted Domains: atosorigin.com ([*.aw] http in Trusted sites)
O15:[b]64bit:/b - Matthieu_ON_F\..Trusted Domains: geoportail.fr ([]http in Trusted sites)
O15:[b]64bit:/b - Matthieu_ON_F\..Trusted Domains: gouv.fr ([*.geoportail] http in Trusted sites)
O15:[b]64bit:/b - Matthieu_ON_F\..Trusted Domains: gouv.fr ([geoportail] http in Trusted sites)
O15:[b]64bit:/b - Matthieu_ON_F\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\Matthieu_ON_F\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O16:[b]64bit:/b - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:[b]64bit:/b - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:[b]64bit:/b - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:[b]64bit:/b - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:[b]64bit:/b - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll File not found
O18:[b]64bit:/b - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\windows\System32\urlmon.dll File not found
O18:[b]64bit:/b - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\windows\System32\msvidctl.dll File not found
O18:[b]64bit:/b - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll File not found
O18:[b]64bit:/b - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll File not found
O18:[b]64bit:/b - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll File not found
O18:[b]64bit:/b - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll File not found
O18:[b]64bit:/b - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll File not found
O18:[b]64bit:/b - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll File not found
O18:[b]64bit:/b - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll File not found
O18:[b]64bit:/b - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll File not found
O18:[b]64bit:/b - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\windows\System32\inetcomm.dll File not found
O18:[b]64bit:/b - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll File not found
O18:[b]64bit:/b - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found
O18:[b]64bit:/b - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll File not found
O18:[b]64bit:/b - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll File not found
O18:[b]64bit:/b - Protocol\Handler\skyline {3a4f9195-65a8-11d5-85c1-0001023952c1} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\windows\System32\msvidctl.dll File not found
O18:[b]64bit:/b - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll File not found
O18:[b]64bit:/b - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:[b]64bit:/b - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:[b]64bit:/b - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:[b]64bit:/b - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL File not found
O20:[b]64bit:/b - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\windows\System32\nvinitx.dll File not found
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll File not found
O20:[b]64bit:/b - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20:[b]64bit:/b - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\windows\System32\userinit.exe File not found
O20:[b]64bit:/b - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:/b - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Matthieu_ON_F Winlogon: Shell - (C:\Users\Matthieu\AppData\Roaming\mcafee.ini) - C:\Users\Matthieu\AppData\Roaming\mcafee.ini File not found
O20 - HKU\Matthieu_ON_F Winlogon: Shell - (explorer.exe) - File not found
O20:[b]64bit:/b - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O21:[b]64bit:/b - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:[b]64bit:/b - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL File not found
O29:[b]64bit:/b - HKLM SecurityProviders - (credssp.dll) - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O30:[b]64bit:/b - LSA: Authentication Packages - (msv1_0) - File not found
O30 - LSA: Authentication Packages - (msv1_0) - File not found
O30:[b]64bit:/b - LSA: Security Packages - (kerberos) - File not found
O30:[b]64bit:/b - LSA: Security Packages - (msv1_0) - File not found
O30:[b]64bit:/b - LSA: Security Packages - (schannel) - File not found
O30:[b]64bit:/b - LSA: Security Packages - (wdigest) - File not found
O30:[b]64bit:/b - LSA: Security Packages - (tspkg) - File not found
O30:[b]64bit:/b - LSA: Security Packages - (pku2u) - File not found
O30:[b]64bit:/b - LSA: Security Packages - (livessp) - File not found
O30 - LSA: Security Packages - (kerberos) - File not found
O30 - LSA: Security Packages - (msv1_0) - File not found
O30 - LSA: Security Packages - (schannel) - File not found
O30 - LSA: Security Packages - (wdigest) - File not found
O30 - LSA: Security Packages - (tspkg) - File not found
O30 - LSA: Security Packages - (pku2u) - File not found
O30 - LSA: Security Packages - (livessp) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004-05-01 00:01:00 | 000,000,053 | -HS- | M] () - C:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{cd6ab28b-8b8e-11e1-ab52-bc77378986c1}\Shell - "" = AutoRun
O33 - MountPoints2\{cd6ab28b-8b8e-11e1-ab52-bc77378986c1}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
[b]64bit:/b O35 - comfile [open] -- "%1" %* File not found
[b]64bit:/b O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- Reg Error: Key error.
O35 - exefile [open] -- Reg Error: Key error.
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color
[color=#E56717]========== Files - Modified Within 30 Days ==========/color
[2013-04-11 20:28:08 | 000,001,744 | ---- | M] () -- X:\Users\Default\Desktop\Internet Explorer.lnk
[2013-04-11 20:28:08 | 000,001,663 | ---- | M] () -- X:\Users\Default\Desktop\PENetwork.lnk
[2013-04-11 20:28:08 | 000,001,560 | ---- | M] () -- X:\Users\Default\Desktop\Command Prompt.lnk
[2013-04-11 20:28:08 | 000,001,444 | ---- | M] () -- X:\Users\Default\Desktop\Explorer.lnk
[2013-04-11 20:28:08 | 000,000,891 | ---- | M] () -- X:\Users\Default\Desktop\OTLPE.lnk
[2013-04-11 20:28:08 | 000,000,697 | ---- | M] () -- X:\Users\Default\Desktop\RogueKiller.lnk
[2013-04-11 20:28:08 | 000,000,625 | ---- | M] () -- X:\Users\Default\Desktop\Opera12.lnk
[color=#E56717]========== Files Created - No Company Name ==========/color
[2013-04-11 20:28:08 | 000,001,744 | ---- | C] () -- X:\Users\Default\Desktop\Internet Explorer.lnk
[2013-04-11 20:28:08 | 000,001,663 | ---- | C] () -- X:\Users\Default\Desktop\PENetwork.lnk
[2013-04-11 20:28:08 | 000,001,560 | ---- | C] () -- X:\Users\Default\Desktop\Command Prompt.lnk
[2013-04-11 20:28:08 | 000,001,444 | ---- | C] () -- X:\Users\Default\Desktop\Explorer.lnk
[2013-04-11 20:28:08 | 000,000,891 | ---- | C] () -- X:\Users\Default\Desktop\OTLPE.lnk
[2013-04-11 20:28:08 | 000,000,697 | ---- | C] () -- X:\Users\Default\Desktop\RogueKiller.lnk
[2013-04-11 20:28:08 | 000,000,625 | ---- | C] () -- X:\Users\Default\Desktop\Opera12.lnk
[color=#E56717]========== LOP Check ==========/color
[color=#E56717]========== Purity Check ==========/color
< End of report >
RogueKiller:
RogueKiller V8.5.1 [Feb 12 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Demarrage : Mode normal
Utilisateur : Système [Droits d'admin]
Mode : Recherche -- Date : 11/04/2013 19:36:44
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 13 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowDownloads (0) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> TROUVÉ
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
-> E:\windows\system32\config\SOFTWARE
¤¤¤ Fichier HOSTS: ¤¤¤
--> X:\windows\system32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] f153c1ae80f112861b8680804b71a014
[BSP] f3e6eaf5a97ba0cf9e6823796765844c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 244697 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 532068352 | Size: 217140 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[1]_S_11042013_193644.txt >>
RKreport[1]_S_11042013_193644.txt
OTL:
OTL logfile created on: 2013-04-11 20:29:46 - Run
OTLPE by OldTimer - Version 3.1.29.0 Folder = Y:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 14,65 Gb Total Space | 6,97 Gb Free Space | 47,59% Space Free | Partition Type: NTFS
Drive D: | 28,80 Gb Total Space | 5,02 Gb Free Space | 17,44% Space Free | Partition Type: FAT32
Drive E: | 212,05 Gb Total Space | 30,07 Gb Free Space | 14,18% Space Free | Partition Type: NTFS
Drive F: | 238,96 Gb Total Space | 2,17 Gb Free Space | 0,91% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 256,79 Mb Total Space | 254,36 Mb Free Space | 99,05% Space Free | Partition Type: NTFS
Drive Y: | 577,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: MININT-V2P5C6N
Current User Name: Système
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001
[color=#E56717]========== Win32 Services (SafeList) ==========/color
SRV - [2010-11-21 05:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2010-11-20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009-07-14 03:41:53 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\qwave.dll -- (QWAVE)
[color=#E56717]========== Driver Services (SafeList) ==========/color
[color=#E56717]========== Standard Registry (All) ==========/color
[color=#E56717]========== Internet Explorer ==========/color
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\windows\SysWow64\ieframe.dll File not found
IE - HKU\Matthieu_ON_F\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\Matthieu_ON_F\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\Matthieu_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\Matthieu_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\windows\SysWow64\ieframe.dll File not found
IE - HKU\Matthieu_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Matthieu_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\NetworkService_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\windows\SysWow64\ieframe.dll File not found
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Local Page = X:\windows\system32\blank.htm
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.malekal.com
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = hu
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D4 D9 FD B4 82 D5 CA 01 [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\windows\SysWow64\ieframe.dll File not found
IE - HKU\UpdatusUser_ON_F\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\UpdatusUser_ON_F\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\UpdatusUser_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\UpdatusUser_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\windows\SysWow64\ieframe.dll File not found
IE - HKU\UpdatusUser_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
Hosts file not found
O2:[b]64bit:/b - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:[b]64bit:/b - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL File not found
O2:[b]64bit:/b - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found
O2:[b]64bit:/b - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL File not found
O2:[b]64bit:/b - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll File not found
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll File not found
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll File not found
O4:[b]64bit:/b - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe File not found
O4:[b]64bit:/b - HKLM..\Run: [BTMTrayAgent] File not found
O4:[b]64bit:/b - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe File not found
O4:[b]64bit:/b - HKLM..\Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe File not found
O4:[b]64bit:/b - HKLM..\Run: [IgfxTray] C:\windows\System32\igfxtray.exe File not found
O4:[b]64bit:/b - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe File not found
O4:[b]64bit:/b - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe File not found
O4:[b]64bit:/b - HKLM..\Run: [Persistence] C:\windows\System32\igfxpers.exe File not found
O4:[b]64bit:/b - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe File not found
O4:[b]64bit:/b - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe File not found
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe File not found
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe File not found
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe File not found
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe File not found
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe File not found
O4 - HKU\LocalService_ON_F..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe File not found
O4 - HKU\Matthieu_ON_F..\Run: [AdobeBridge] File not found
O4 - HKU\Matthieu_ON_F..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe File not found
O4 - HKU\Matthieu_ON_F..\Run: [Facebook Update] C:\Users\Matthieu\AppData\Local\Facebook\Update\FacebookUpdate.exe File not found
O4 - HKU\Matthieu_ON_F..\Run: [Google Update] C:\Users\Matthieu\AppData\Local\Google\Update\GoogleUpdate.exe File not found
O4 - HKU\Matthieu_ON_F..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
O4 - HKU\Matthieu_ON_F..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe File not found
O4 - HKU\Matthieu_ON_F..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe File not found
O4 - HKU\Matthieu_ON_F..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe File not found
O4 - HKU\Matthieu_ON_F..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe File not found
O4 - HKU\Matthieu_ON_F..\Run: [SuperCopier2.exe] C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe File not found
O4 - HKU\NetworkService_ON_F..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe File not found
O4 - HKU\UpdatusUser_ON_F..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe File not found
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe File not found
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin] C:\windows\SysWow64\mctadmin.exe File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin] C:\windows\SysWow64\mctadmin.exe File not found
O4 - HKU\UpdatusUser_ON_F..\RunOnce: [mctadmin] C:\windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecycleFiles = 0
O7 - HKU\UpdatusUser_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:[b]64bit:/b - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll File not found
O9:[b]64bit:/b - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll File not found
O9:[b]64bit:/b - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll File not found
O9:[b]64bit:/b - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll File not found
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll File not found
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll File not found
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll File not found
O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll File not found
O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe File not found
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\windows\System32\NLAapi.dll File not found
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\windows\System32\napinsp.dll File not found
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\windows\System32\pnrpnsp.dll File not found
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\windows\System32\pnrpnsp.dll File not found
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\windows\System32\mswsock.dll File not found
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\windows\System32\winrnr.dll File not found
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\windows\System32\wshbth.dll File not found
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\System32\mswsock.dll File not found
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\System32\mswsock.dll File not found
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\windows\System32\mswsock.dll File not found
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\windows\System32\mswsock.dll File not found
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\windows\System32\mswsock.dll File not found
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\windows\System32\mswsock.dll File not found
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\windows\System32\mswsock.dll File not found
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\windows\System32\mswsock.dll File not found
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\windows\System32\mswsock.dll File not found
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\windows\System32\mswsock.dll File not found
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\windows\System32\mswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\windows\SysWow64\NLAapi.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\windows\SysWow64\napinsp.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\windows\SysWow64\pnrpnsp.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\windows\SysWow64\pnrpnsp.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\windows\SysWow64\mswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\windows\SysWow64\winrnr.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\windows\SysWow64\wshbth.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\SysWow64\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\SysWow64\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\windows\SysWow64\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\windows\SysWow64\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\windows\SysWow64\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\windows\SysWow64\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\windows\SysWow64\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\windows\SysWow64\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\windows\SysWow64\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\windows\SysWow64\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\windows\SysWow64\mswsock.dll File not found
O13:[b]64bit:/b - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:[b]64bit:/b - ..Trusted Domains: atos.net ([*.aw] http in Trusted sites)
O15:[b]64bit:/b - ..Trusted Domains: atosorigin.com ([*.aw] http in Trusted sites)
O15:[b]64bit:/b - ..Trusted Domains: geoportail.fr ([]http in Trusted sites)
O15:[b]64bit:/b - ..Trusted Domains: gouv.fr ([*.geoportail] http in Trusted sites)
O15:[b]64bit:/b - ..Trusted Domains: gouv.fr ([geoportail] http in Trusted sites)
O15:[b]64bit:/b - ..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O15:[b]64bit:/b - Matthieu_ON_F\..Trusted Domains: atos.net ([*.aw] http in Trusted sites)
O15:[b]64bit:/b - Matthieu_ON_F\..Trusted Domains: atosorigin.com ([*.aw] http in Trusted sites)
O15:[b]64bit:/b - Matthieu_ON_F\..Trusted Domains: geoportail.fr ([]http in Trusted sites)
O15:[b]64bit:/b - Matthieu_ON_F\..Trusted Domains: gouv.fr ([*.geoportail] http in Trusted sites)
O15:[b]64bit:/b - Matthieu_ON_F\..Trusted Domains: gouv.fr ([geoportail] http in Trusted sites)
O15:[b]64bit:/b - Matthieu_ON_F\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\Matthieu_ON_F\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O16:[b]64bit:/b - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:[b]64bit:/b - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:[b]64bit:/b - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:[b]64bit:/b - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:[b]64bit:/b - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll File not found
O18:[b]64bit:/b - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\windows\System32\urlmon.dll File not found
O18:[b]64bit:/b - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\windows\System32\msvidctl.dll File not found
O18:[b]64bit:/b - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll File not found
O18:[b]64bit:/b - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll File not found
O18:[b]64bit:/b - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll File not found
O18:[b]64bit:/b - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll File not found
O18:[b]64bit:/b - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll File not found
O18:[b]64bit:/b - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll File not found
O18:[b]64bit:/b - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll File not found
O18:[b]64bit:/b - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll File not found
O18:[b]64bit:/b - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\windows\System32\inetcomm.dll File not found
O18:[b]64bit:/b - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll File not found
O18:[b]64bit:/b - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found
O18:[b]64bit:/b - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll File not found
O18:[b]64bit:/b - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll File not found
O18:[b]64bit:/b - Protocol\Handler\skyline {3a4f9195-65a8-11d5-85c1-0001023952c1} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\windows\System32\msvidctl.dll File not found
O18:[b]64bit:/b - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll File not found
O18:[b]64bit:/b - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:[b]64bit:/b - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:[b]64bit:/b - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:[b]64bit:/b - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL File not found
O20:[b]64bit:/b - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\windows\System32\nvinitx.dll File not found
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll File not found
O20:[b]64bit:/b - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20:[b]64bit:/b - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\windows\System32\userinit.exe File not found
O20:[b]64bit:/b - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:/b - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Matthieu_ON_F Winlogon: Shell - (C:\Users\Matthieu\AppData\Roaming\mcafee.ini) - C:\Users\Matthieu\AppData\Roaming\mcafee.ini File not found
O20 - HKU\Matthieu_ON_F Winlogon: Shell - (explorer.exe) - File not found
O20:[b]64bit:/b - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O21:[b]64bit:/b - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:[b]64bit:/b - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL File not found
O29:[b]64bit:/b - HKLM SecurityProviders - (credssp.dll) - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O30:[b]64bit:/b - LSA: Authentication Packages - (msv1_0) - File not found
O30 - LSA: Authentication Packages - (msv1_0) - File not found
O30:[b]64bit:/b - LSA: Security Packages - (kerberos) - File not found
O30:[b]64bit:/b - LSA: Security Packages - (msv1_0) - File not found
O30:[b]64bit:/b - LSA: Security Packages - (schannel) - File not found
O30:[b]64bit:/b - LSA: Security Packages - (wdigest) - File not found
O30:[b]64bit:/b - LSA: Security Packages - (tspkg) - File not found
O30:[b]64bit:/b - LSA: Security Packages - (pku2u) - File not found
O30:[b]64bit:/b - LSA: Security Packages - (livessp) - File not found
O30 - LSA: Security Packages - (kerberos) - File not found
O30 - LSA: Security Packages - (msv1_0) - File not found
O30 - LSA: Security Packages - (schannel) - File not found
O30 - LSA: Security Packages - (wdigest) - File not found
O30 - LSA: Security Packages - (tspkg) - File not found
O30 - LSA: Security Packages - (pku2u) - File not found
O30 - LSA: Security Packages - (livessp) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004-05-01 00:01:00 | 000,000,053 | -HS- | M] () - C:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{cd6ab28b-8b8e-11e1-ab52-bc77378986c1}\Shell - "" = AutoRun
O33 - MountPoints2\{cd6ab28b-8b8e-11e1-ab52-bc77378986c1}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
[b]64bit:/b O35 - comfile [open] -- "%1" %* File not found
[b]64bit:/b O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- Reg Error: Key error.
O35 - exefile [open] -- Reg Error: Key error.
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color
[color=#E56717]========== Files - Modified Within 30 Days ==========/color
[2013-04-11 20:28:08 | 000,001,744 | ---- | M] () -- X:\Users\Default\Desktop\Internet Explorer.lnk
[2013-04-11 20:28:08 | 000,001,663 | ---- | M] () -- X:\Users\Default\Desktop\PENetwork.lnk
[2013-04-11 20:28:08 | 000,001,560 | ---- | M] () -- X:\Users\Default\Desktop\Command Prompt.lnk
[2013-04-11 20:28:08 | 000,001,444 | ---- | M] () -- X:\Users\Default\Desktop\Explorer.lnk
[2013-04-11 20:28:08 | 000,000,891 | ---- | M] () -- X:\Users\Default\Desktop\OTLPE.lnk
[2013-04-11 20:28:08 | 000,000,697 | ---- | M] () -- X:\Users\Default\Desktop\RogueKiller.lnk
[2013-04-11 20:28:08 | 000,000,625 | ---- | M] () -- X:\Users\Default\Desktop\Opera12.lnk
[color=#E56717]========== Files Created - No Company Name ==========/color
[2013-04-11 20:28:08 | 000,001,744 | ---- | C] () -- X:\Users\Default\Desktop\Internet Explorer.lnk
[2013-04-11 20:28:08 | 000,001,663 | ---- | C] () -- X:\Users\Default\Desktop\PENetwork.lnk
[2013-04-11 20:28:08 | 000,001,560 | ---- | C] () -- X:\Users\Default\Desktop\Command Prompt.lnk
[2013-04-11 20:28:08 | 000,001,444 | ---- | C] () -- X:\Users\Default\Desktop\Explorer.lnk
[2013-04-11 20:28:08 | 000,000,891 | ---- | C] () -- X:\Users\Default\Desktop\OTLPE.lnk
[2013-04-11 20:28:08 | 000,000,697 | ---- | C] () -- X:\Users\Default\Desktop\RogueKiller.lnk
[2013-04-11 20:28:08 | 000,000,625 | ---- | C] () -- X:\Users\Default\Desktop\Opera12.lnk
[color=#E56717]========== LOP Check ==========/color
[color=#E56717]========== Purity Check ==========/color
< End of report >
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 651
Modifié par Malekal_morte- le 11/04/2013 à 20:18
Modifié par Malekal_morte- le 11/04/2013 à 20:18
chelou les pics de porn child sur la page de blocage, jamais eu ça.
EDIT : je devrais avoir un sample sous peu, je vous dis comment il s'installe sur le système.
PS : Le scan OTLPE a scanné le CD Live et non ton Windows.
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
EDIT : je devrais avoir un sample sous peu, je vous dis comment il s'installe sur le système.
PS : Le scan OTLPE a scanné le CD Live et non ton Windows.
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 651
Modifié par Malekal_morte- le 11/04/2013 à 20:46
Modifié par Malekal_morte- le 11/04/2013 à 20:46
t'as un fichier
C:\Documents and Settings\Mak\Application Data\mcafee.ini ? (Windows XP)
ou
C:\Users\session\App Data\Roaming\mcafee.ini ? (Windows Vista / Seven / 8 ).
ou un fichier .ini là dedans ?
C:\Documents and Settings\Mak\Application Data\mcafee.ini ? (Windows XP)
ou
C:\Users\session\App Data\Roaming\mcafee.ini ? (Windows Vista / Seven / 8 ).
ou un fichier .ini là dedans ?
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 651
11 avril 2013 à 21:11
11 avril 2013 à 21:11
ok,
Supprime le.
Pis tu prends ton fichier C:\Windows\explorer.exe
tu le copies dans C:\Users\session\App Data\Roaming\
pis tu renommes explorer.exe en mcafee.ini
et tu redémarres sur ton Windows.
Et tu dis ce que ça donne.
Supprime le.
Pis tu prends ton fichier C:\Windows\explorer.exe
tu le copies dans C:\Users\session\App Data\Roaming\
pis tu renommes explorer.exe en mcafee.ini
et tu redémarres sur ton Windows.
Et tu dis ce que ça donne.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Smart91
Messages postés
29096
Date d'inscription
dimanche 15 juillet 2007
Statut
Contributeur sécurité
Dernière intervention
5 avril 2014
2 326
12 avril 2013 à 17:16
12 avril 2013 à 17:16
@mitomat
Tu as réussi à remettre le clef shell en t'aidant de ce qui Mak ici ==>
https://www.malekal.com/ransomware-office-centrale-de-la-lutte-contre-la-criminalite-variante-3-nymaim/
Smart
Tu as réussi à remettre le clef shell en t'aidant de ce qui Mak ici ==>
https://www.malekal.com/ransomware-office-centrale-de-la-lutte-contre-la-criminalite-variante-3-nymaim/
Smart
