146 utilisateurs connectés
 |
|
 |
macrovirus : W97/Thus.AD (résolu)
smugles
le 09 mars 2009 à 18h53
j'ai recu une pièce jointe (non ouverte encore) contenant le macrovirus :
W97/Thus.AD
mon antivirus (Avira) ne trouve pas de description spécifique.
Renseignements pris auprès de la personne qui entretient son ordi :
(1 mac),
il n'y a pas de virus, ce sont les anti-virus actuels, très puissants,
qui alertent.
q'en est-il ? merci
W97/Thus.AD
mon antivirus (Avira) ne trouve pas de description spécifique.
Renseignements pris auprès de la personne qui entretient son ordi :
(1 mac),
il n'y a pas de virus, ce sont les anti-virus actuels, très puissants,
qui alertent.
q'en est-il ? merci
-->Message édité par smugles le 18/03/2009 22:11:47<--
répondre
Curson
le 09 mars 2009 à 19h06
smugles
le 09 mars 2009 à 19h25
salut,
comment faire ce que tu me demande ?
comment faire ce que tu me demande ?
Curson
le 09 mars 2009 à 19h30
Lis le tutorial : http://forum.malekal.com/viewtopic.php?f=59&t=9828
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
Si votre sujet reste sans réponse, merci de le signaler ici.
smugles
le 09 mars 2009 à 20h15
le hic :
si je veux le télécharger, une fenêtre Avira s'ouvre et me demande :
réparer
déplacer en quarantaine
supp
renomer
refuser l'accès
ignorer
si je choisi le dernier choix c'est OK ?
si je veux le télécharger, une fenêtre Avira s'ouvre et me demande :
réparer
déplacer en quarantaine
supp
renomer
refuser l'accès
ignorer
si je choisi le dernier choix c'est OK ?
Curson
le 09 mars 2009 à 20h16
Oui.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
Si votre sujet reste sans réponse, merci de le signaler ici.
smugles
le 09 mars 2009 à 20h34
ça marche pas... dois-je couper l'antivirus pour le téléchargement ?
Curson
le 09 mars 2009 à 20h36
Oui, désactive AntiVir le temps de l'upload.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
Si votre sujet reste sans réponse, merci de le signaler ici.
smugles
le 09 mars 2009 à 21h12
rapport établi
Fichier AMAR__convoc21mars09.doc reçu le 2009.03.09 21:06:32 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 29/37 (78.38%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: ___.
L'heure estimée de démarrage est entre ___ et ___ .
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.03.09 Virus.MSWord.Thus.AA!IK
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.107 2009.03.09 W97M/Thus.AD
Authentium 5.1.0.4 2009.03.09 W97M/Thus.I
Avast 4.8.1335.0 2009.03.09 MW97:Thus family
AVG 8.0.0.237 2009.03.09 W97M/Thus
BitDefender 7.2 2009.03.09 W97M.Thus.I
CAT-QuickHeal 10.00 2009.03.09 a variant of virus W97M.Groovie
ClamAV 0.94.1 2009.03.09 W97M.Thus.gen-1
Comodo 1039 2009.03.09 -
DrWeb 4.44.0.09170 2009.03.09 W97M.Thus
eSafe 7.0.17.0 2009.03.09 -
eTrust-Vet 31.6.6387 2009.03.09 W97M/Thus.I
F-Prot 4.4.4.56 2009.03.09 W97M/Thus.I
Fortinet 3.117.0.0 2009.03.09 W97M/Thus.fam
GData 19 2009.03.09 W97M.Thus.I
Ikarus T3.1.1.45.0 2009.03.09 Virus.MSWord.Thus.AA
K7AntiVirus 7.10.664 2009.03.09 -
Kaspersky 7.0.0.125 2009.03.09 Virus.MSWord.Thus-based
McAfee 5548 2009.03.09 W97M/Thus.gen
McAfee+Artemis 5548 2009.03.09 W97M/Thus.gen
Microsoft 1.4405 2009.03.09 Virus:W97M/Thus.G
NOD32 3921 2009.03.09 W97M/Thus.I
Norman 6.00.06 2009.03.09 Generic
nProtect 2009.1.8.0 2009.03.09 W97M.Thus.I
Panda 10.0.0.10 2009.03.09 W97M/Thus.V
PCTools 4.4.2.0 2009.03.09 WORD.97.Thus.Gen
Rising 21.20.02.00 2009.03.09 -
SecureWeb-Gateway 6.7.6 2009.03.09 Macro.Thus.AD
Sophos 4.39.0 2009.03.09 WM97/Thus-T
Sunbelt 3.2.1858.2 2009.03.08 -
Symantec 1.4.4.12 2009.03.09 W97M.Thus.Family
TheHacker 6.3.3.0.277 2009.03.09 -
TrendMicro 8.700.0.1004 2009.03.09 W97M_THUS.T
VBA32 3.12.10.1 2009.03.09 Virus.MSWord.Thus-based
ViRobot 2009.3.9.1641 2009.03.09 -
VirusBuster 4.5.11.0 2009.03.09 WORD.97.Thus.Gen
Information additionnelle
File size: 60928 bytes
MD5...: b4a29e6680383566cc5964b2c0854977
SHA1..: 44e219bbf8bd612836d7b3c75036143686d08b48
SHA256: 6461c3e21214a9bba40a94e92ed4191b636fa176f588b8662531ac1861852018
SHA512: bee905c8c1f71c2735af54531a7cb06a9964984a4ec86a8acd5234db588332a8
4e68afca4dfa1b038d4db9f9424045c070fe669084b0f49400d6b93c671192de
ssdeep: 768:yYcNfbMePgaXYog8A1pbvC1AmoFwMmJp0neobQxzzUIVM4fDI67aD/NthpCo
ZMy8:OTI/sm/wm+f
PEiD..: -
TrID..: File type identification
Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
PEInfo: -
Fichier AMAR__convoc21mars09.doc reçu le 2009.03.09 21:06:32 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 29/37 (78.38%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: ___.
L'heure estimée de démarrage est entre ___ et ___ .
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.03.09 Virus.MSWord.Thus.AA!IK
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.107 2009.03.09 W97M/Thus.AD
Authentium 5.1.0.4 2009.03.09 W97M/Thus.I
Avast 4.8.1335.0 2009.03.09 MW97:Thus family
AVG 8.0.0.237 2009.03.09 W97M/Thus
BitDefender 7.2 2009.03.09 W97M.Thus.I
CAT-QuickHeal 10.00 2009.03.09 a variant of virus W97M.Groovie
ClamAV 0.94.1 2009.03.09 W97M.Thus.gen-1
Comodo 1039 2009.03.09 -
DrWeb 4.44.0.09170 2009.03.09 W97M.Thus
eSafe 7.0.17.0 2009.03.09 -
eTrust-Vet 31.6.6387 2009.03.09 W97M/Thus.I
F-Prot 4.4.4.56 2009.03.09 W97M/Thus.I
Fortinet 3.117.0.0 2009.03.09 W97M/Thus.fam
GData 19 2009.03.09 W97M.Thus.I
Ikarus T3.1.1.45.0 2009.03.09 Virus.MSWord.Thus.AA
K7AntiVirus 7.10.664 2009.03.09 -
Kaspersky 7.0.0.125 2009.03.09 Virus.MSWord.Thus-based
McAfee 5548 2009.03.09 W97M/Thus.gen
McAfee+Artemis 5548 2009.03.09 W97M/Thus.gen
Microsoft 1.4405 2009.03.09 Virus:W97M/Thus.G
NOD32 3921 2009.03.09 W97M/Thus.I
Norman 6.00.06 2009.03.09 Generic
nProtect 2009.1.8.0 2009.03.09 W97M.Thus.I
Panda 10.0.0.10 2009.03.09 W97M/Thus.V
PCTools 4.4.2.0 2009.03.09 WORD.97.Thus.Gen
Rising 21.20.02.00 2009.03.09 -
SecureWeb-Gateway 6.7.6 2009.03.09 Macro.Thus.AD
Sophos 4.39.0 2009.03.09 WM97/Thus-T
Sunbelt 3.2.1858.2 2009.03.08 -
Symantec 1.4.4.12 2009.03.09 W97M.Thus.Family
TheHacker 6.3.3.0.277 2009.03.09 -
TrendMicro 8.700.0.1004 2009.03.09 W97M_THUS.T
VBA32 3.12.10.1 2009.03.09 Virus.MSWord.Thus-based
ViRobot 2009.3.9.1641 2009.03.09 -
VirusBuster 4.5.11.0 2009.03.09 WORD.97.Thus.Gen
Information additionnelle
File size: 60928 bytes
MD5...: b4a29e6680383566cc5964b2c0854977
SHA1..: 44e219bbf8bd612836d7b3c75036143686d08b48
SHA256: 6461c3e21214a9bba40a94e92ed4191b636fa176f588b8662531ac1861852018
SHA512: bee905c8c1f71c2735af54531a7cb06a9964984a4ec86a8acd5234db588332a8
4e68afca4dfa1b038d4db9f9424045c070fe669084b0f49400d6b93c671192de
ssdeep: 768:yYcNfbMePgaXYog8A1pbvC1AmoFwMmJp0neobQxzzUIVM4fDI67aD/NthpCo
ZMy8:OTI/sm/wm+f
PEiD..: -
TrID..: File type identification
Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
PEInfo: -
Curson
le 09 mars 2009 à 21h17
Bonsoir,
Le rapport est clair. Il ne s'agit pas d'un faux-positif, le fichier est bien infecté.
Je te conseille de demander des explications à ton contact. Le cas échéant, son ordinateur est infecté.
Cordialement.
Le rapport est clair. Il ne s'agit pas d'un faux-positif, le fichier est bien infecté.
Je te conseille de demander des explications à ton contact. Le cas échéant, son ordinateur est infecté.
Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
Si votre sujet reste sans réponse, merci de le signaler ici.
smugles
le 09 mars 2009 à 21h33
bon...
le fichier est téléchargé...
maintenant je suis infecté ou pas ?
la pièce jointe n'est pas ouverte
merci
le fichier est téléchargé...
maintenant je suis infecté ou pas ?
la pièce jointe n'est pas ouverte
merci
Curson
le 09 mars 2009 à 21h37
Si tu n'as pas ouvert le fichier, tu n'es pas infecté.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
Si votre sujet reste sans réponse, merci de le signaler ici.
Curson
le 09 mars 2009 à 22h22
Bonne continuation.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
Si votre sujet reste sans réponse, merci de le signaler ici.
smugles
le 10 mars 2009 à 21h26
re,
je pense que le PC doit avoir un truc car depuis 4h il RAME attrocement (50" pour ouvrir une page !!), en rapport ou pas avec la pièce jointe ?
je ne sais si je l'ai ouverte, tant les alertes Avira m'ouvraient des fenêtres d'alertes...
Alors si demain on pouvait voir ça de plus prêt...
merci.
je pense que le PC doit avoir un truc car depuis 4h il RAME attrocement (50" pour ouvrir une page !!), en rapport ou pas avec la pièce jointe ?
je ne sais si je l'ai ouverte, tant les alertes Avira m'ouvraient des fenêtres d'alertes...
Alors si demain on pouvait voir ça de plus prêt...
merci.
Curson
le 11 mars 2009 à 16h50
Bonjour,
Télécharge HiJackThis de Merijn sur ton bureau.
- Double-clic sur HijackThis.
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note.
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
Aide : N'hésite pas à consulter l'aide HiJackThis.
Cordialement.
Télécharge HiJackThis de Merijn sur ton bureau.
- Double-clic sur HijackThis.
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note.
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
Aide : N'hésite pas à consulter l'aide HiJackThis.
Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
Si votre sujet reste sans réponse, merci de le signaler ici.
smugles
le 11 mars 2009 à 17h43
rapport demandé :
j'ai aussi ouvert un disque dur externe, le rapport là-t-il pris en compte ?
je viens de lire des clefs contenant : BHO: EoRezoBHO - puis spyware secure-...ils faut les enlevées ?
merci.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:33:32, on 11/03/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\twain_32\ca561a\SnapDetect.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Orange\GLOBAL\Mnu\IGOMNU.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c(...)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Pense-bête.lnk = C:\Windows\System32\StikyNot.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = C:\Windows\twain_32\ca561a\SnapDetect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Personnaliser - d:\Progam Files\promtie4\options.htm
O8 - Extra context menu item: Rechercher sur Internet - d:\Progam Files\promtie4\search.htm
O8 - Extra context menu item: Traduire - d:\Progam Files\promtie4\translat.htm
O8 - Extra context menu item: Traduire dans WebView - d:\Progam Files\promtie4\webview.htm
O8 - Extra context menu item: Traduire la page - d:\Progam Files\promtie4\page.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 9714 bytes
Curson
le 11 mars 2009 à 21h11
Bonsoir,
Désactive tes logiciels de sécurité durant la procédure.
1) Désactive l'UAC. Tutorial.
2) Télécharge le Norton Removal Tool et sauvegarde-le sur ton bureau.
- Clique deux fois sur l'icône Norton Removal Tool.
- Suis les instructions. L'ordinateur pourra être redémarré plusieurs fois et tu seras peut-être invité à répéter certaines étapes.
3) Télécharge OTViewIt de OldTimer sur ton bureau.
- Ferme toutes les fenêtres et applications.
- Double clique sur OTViewIt.exe pour le lancer.
- Dans la liste déroulante "File Age" choisis : 30 days (ou selon votre choix)
- Clique sur le bouton "Run Scan".
- Patiente quelques minutes.
- le bloc note va s'ouvrir, poste les deux rapports obtenus dans ta prochaine réponse.
Cordialement.
Désactive tes logiciels de sécurité durant la procédure.
1) Désactive l'UAC. Tutorial.
2) Télécharge le Norton Removal Tool et sauvegarde-le sur ton bureau.
- Clique deux fois sur l'icône Norton Removal Tool.
- Suis les instructions. L'ordinateur pourra être redémarré plusieurs fois et tu seras peut-être invité à répéter certaines étapes.
3) Télécharge OTViewIt de OldTimer sur ton bureau.
- Ferme toutes les fenêtres et applications.
- Double clique sur OTViewIt.exe pour le lancer.
- Dans la liste déroulante "File Age" choisis : 30 days (ou selon votre choix)
- Clique sur le bouton "Run Scan".
- Patiente quelques minutes.
- le bloc note va s'ouvrir, poste les deux rapports obtenus dans ta prochaine réponse.
Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
Si votre sujet reste sans réponse, merci de le signaler ici.
smugles
le 11 mars 2009 à 22h03
rapport OTViewLt généré : Qu'est ce que j'ai choppé ??
Je n'ai qu'un seul rapport...
avec Norton y'a qu'une désinstallation de clefs à faire, car apprès la remise en route du PC une fenêtre s'est ouverte pour y installer des produits...(donc j'ai fermé)
OTViewIt logfile created on: 11/03/2009 21:49:57 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\eric\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16448)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
1021,87 Mb Total Physical Memory | 438,23 Mb Available Physical Memory | 42,89% Memory free
2,23 Gb Paging File | 1,42 Gb Available in Paging File | 63,72% Paging File free
Paging file location(s): ?:\pagefile.sys;
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 227,61 Gb Total Space | 175,42 Gb Free Space | 77,07% Space Free | Partition Type: NTFS
Drive D: | 5,28 Gb Total Space | 0,88 Gb Free Space | 16,71% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 298,09 Gb Total Space | 222,81 Gb Free Space | 74,74% Space Free | Partition Type: NTFS
Computer Name: PC-DE-ERIC
Current User Name: eric
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: Off
File Age = 30 Days
========== Processes ==========
[2006/11/02 10:45:57 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2006/11/02 10:45:21 | 00,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2006/11/02 10:45:45 | 02,592,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2008/10/15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2006/11/02 10:45:04 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2006/11/02 10:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006/11/03 10:01:16 | 00,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
[2008/02/19 13:10:32 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/06/12 02:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
[2008/06/12 13:28:40 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2006/11/02 13:35:15 | 01,196,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
[2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2008/10/15 13:29:28 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2006/09/03 10:32:28 | 00,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
[2006/09/29 12:38:50 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
[2006/10/19 13:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2007/01/02 20:40:10 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
[2009/01/14 17:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
[2003/01/15 15:43:14 | 00,065,536 | ---- | M] () -- C:\Windows\twain_32\ca561a\SnapDetect.exe
[2006/11/02 13:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2006/11/02 13:35:47 | 00,289,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
[2006/11/02 10:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006/11/02 13:35:24 | 00,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2006/11/02 13:35:15 | 01,196,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
[2006/12/10 20:51:08 | 00,271,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
[2008/02/19 13:10:24 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2009/03/11 21:32:16 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\eric\Downloads\OTViewIt.exe
[2006/11/02 10:46:00 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
[2006/11/02 10:45:49 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\servicing\TrustedInstaller.exe
========== (O23) Win32 Services ==========
File not found -- -- (AlertService [On_Demand | Stopped])
File not found -- -- (AntiVirScheduler [Auto | Running])
File not found -- -- (AntiVirService [Auto | Running])
File not found -- -- (Apple Mobile Device [Auto | Running])
File not found -- -- (aswUpdSv [Auto | Stopped])
File not found -- -- (avast! Antivirus [Auto | Stopped])
File not found -- -- (avast! Mail Scanner [On_Demand | Stopped])
File not found -- -- (avast! Web Scanner [On_Demand | Stopped])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2006/11/02 07:34:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
[2006/11/02 13:36:25 | 02,089,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2006/11/02 10:46:04 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
File not found -- -- (DQLWinService [Auto | Running])
[2006/11/02 13:35:28 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2006/11/02 13:36:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
File not found -- -- (fsssvc [On_Demand | Stopped])
[2006/11/02 10:46:05 | 00,569,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
File not found -- -- (gusvc [On_Demand | Stopped])
File not found -- -- (IAANTMON [Auto | Running])
File not found -- -- (IDriverT [On_Demand | Stopped])
File not found -- -- (IntelDHSvcConf [Auto | Stopped])
File not found -- -- (iPod Service [On_Demand | Running])
File not found -- -- (ISSM [On_Demand | Stopped])
File not found -- -- (LightScribeService [Auto | Running])
File not found -- -- (M1 Server [On_Demand | Stopped])
File not found -- -- (MCLServiceATL [On_Demand | Stopped])
File not found -- -- (MSCSPTISRV [On_Demand | Stopped])
[2006/11/02 14:04:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2006/11/02 13:36:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
File not found -- -- (PACSPTISVR [On_Demand | Stopped])
File not found -- -- (Remote UI Service [On_Demand | Stopped])
[2006/11/02 10:46:12 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
File not found -- -- (SeaPort [Auto | Running])
[2006/11/02 10:45:45 | 02,592,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 10:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
File not found -- -- (SPTISRV [On_Demand | Stopped])
File not found -- -- (stllssvr [On_Demand | Stopped])
[2006/11/02 10:45:50 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2006/11/02 10:45:50 | 00,392,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2006/11/02 13:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
========== Driver Services ==========
[2006/11/02 10:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 10:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 10:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006/11/02 10:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006/11/02 10:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006/11/02 10:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 09:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006/11/02 09:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2006/11/02 10:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 10:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
File not found -- -- (avgio [System | Running])
File not found -- -- (avgntflt [On_Demand | Running])
[2008/10/30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb [System | Running])
[2006/11/02 09:31:12 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/11/02 09:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2006/11/02 09:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2006/11/02 10:51:25 | 00,221,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2006/11/02 10:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006/11/02 10:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 09:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2006/11/02 09:31:04 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2006/11/02 09:51:04 | 00,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4.sys -- (Dot4 [On_Demand | Stopped])
[2006/11/02 09:51:02 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Stopped])
[2006/11/02 09:51:03 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4usb.sys -- (dot4usb [On_Demand | Stopped])
[2006/11/02 09:38:51 | 00,617,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006/11/02 08:30:54 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2006/11/02 08:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2006/11/02 13:34:35 | 00,132,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2006/11/02 10:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2006/11/02 10:49:58 | 00,056,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2006/11/02 09:32:55 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2009/02/06 18:08:52 | 00,055,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr [On_Demand | Stopped])
[2006/11/02 10:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2006/09/19 13:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2006/11/02 08:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2007/04/12 15:45:22 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 09:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 09:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 10:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/04/13 02:04:39 | 00,049,664 | ---- | M] (HP) -- C:\Windows\System32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2006/04/13 02:04:39 | 00,016,496 | ---- | M] (HP) -- C:\Windows\System32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2006/04/13 02:04:39 | 00,021,568 | ---- | M] (HP) -- C:\Windows\System32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2006/09/29 12:59:58 | 00,250,368 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2006/11/02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2006/11/02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2006/11/08 20:09:24 | 01,647,976 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
[2006/11/02 09:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2006/11/02 10:51:12 | 00,168,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2006/11/02 09:51:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [Disabled | Stopped])
[2006/11/02 09:56:49 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006/11/02 10:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 10:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 10:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2006/11/02 09:33:07 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006/11/02 10:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2006/11/02 09:54:05 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006/11/02 10:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2006/11/02 09:56:34 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2006/11/02 09:31:27 | 00,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2006/11/02 09:31:17 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006/11/02 10:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006/11/02 10:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2006/11/02 10:49:20 | 00,013,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2006/11/02 10:51:09 | 00,160,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2006/11/02 13:34:33 | 00,154,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Stopped])
[2006/11/02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2006/11/02 09:57:30 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2006/12/13 12:44:00 | 04,446,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2006/11/02 10:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2006/11/02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2006/11/02 10:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2006/12/05 10:34:42 | 00,507,136 | ---- | M] (PixArt Imaging Inc.) -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207 [On_Demand | Running])
[2006/11/02 10:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2005/12/12 17:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\PS2.sys -- (Ps2 [On_Demand | Running])
[2006/11/02 09:57:33 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2008/07/31 23:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2006/11/02 10:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2006/11/02 13:34:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2006/11/02 10:02:01 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2006/11/02 09:56:49 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2006/11/02 10:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2006/11/02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2006/11/02 09:51:11 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2005/04/04 11:43:22 | 00,048,640 | ---- | M] (Protection Technology) -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Stopped])
[2006/11/02 09:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2006/11/02 09:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006/11/02 09:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2005/02/23 16:59:54 | 00,006,656 | ---- | M] (Protection Technology) -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
[2005/04/14 13:12:32 | 00,019,968 | ---- | M] (Protection Technology) -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
[2006/11/02 10:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006/11/02 10:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 10:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2006/11/02 09:57:10 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2006/11/02 10:49:35 | 00,018,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2006/11/02 09:31:47 | 00,129,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2006/11/02 09:31:44 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2007/11/08 18:03:26 | 00,021,248 | ---- | M] (AVIRA GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2005/08/30 01:47:38 | 00,058,320 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus [On_Demand | Stopped])
[2006/11/02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2006/11/02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2006/11/02 09:57:47 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2006/11/02 09:57:35 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2006/11/02 10:02:07 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2006/11/02 09:57:24 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2006/11/02 09:57:29 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2006/11/02 10:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2006/11/02 10:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 10:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 10:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2006/11/02 09:55:24 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2008/02/18 11:16:24 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2006/11/02 09:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2006/11/02 09:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 09:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2006/11/02 10:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2006/11/02 10:50:24 | 00,050,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2006/11/02 10:51:30 | 00,290,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006/11/02 10:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 09:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006/11/02 10:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2006/11/02 10:51:41 | 00,492,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2006/11/02 09:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
[2006/11/02 09:58:26 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_page_url"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=desktop
"Default_search_url"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=desktop
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=C:\Windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
"StartPageCache"=
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-686098206-3516960793-3859295123-1001\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=C:\Windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
"StartPageCache"=
[HKEY_USERS\S-1-5-21-686098206-3516960793-3859295123-1001\SOFTWARE\Microsoft\Internet Explorer\Search]
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie
[HKEY_USERS\S-1-5-21-686098206-3516960793-3859295123-1001\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
[HKEY_USERS\S-1-5-21-686098206-3516960793-3859295123-1001\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-686098206-3516960793-3859295123-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
========== (O1) Hosts File ==========
HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Programmes\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
{5C255C8A-E604-49b4-9D64-90988571CECB} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{64F56FC1-1272-44CD-BA6E-39723696E350} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} (HKLM) -- C:\Programmes\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Programmes\Java\jre1.6.0_01\bin\ssv.dll File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Programmes\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll File not found
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} (HKLM) -- C:\Programmes\Windows Live\Toolbar\wltcore.dll File not found
========== (O3) Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" (HKLM) -- C:\Programmes\Windows Live\Toolbar\wltcore.dll File not found
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" (HKLM) -- C:\Programmes\Windows Live\Toolbar\wltcore.dll File not found
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-686098206-3516960793-3859295123-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" (HKLM) -- C:\Programmes\Windows Live\Toolbar\wltcore.dll File not found
[HKEY_USERS\S-1-5-21-686098206-3516960793-3859295123-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" File not found
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min File not found
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" File not found
"Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime File not found
"Spyware-Secure"=C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe File not found
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun File not found
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem File not found
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem File not found
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-686098206-3516960793-3859295123-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun File not found
========== (O4) RunOnce Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=%WINDIR%\SMINST\launcher.exe (soft thinks)
========== (O4) RunOnce\Setup Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup]
"Registering TotalScan Components"=C:\Windows\system32\regsvr32.exe /s "C:\Program Files\Panda Security\TotalScan\ASCGuiIE.dll" (Microsoft Corporation)
"Registering TotalScan Components."=C:\Windows\system32\regsvr32.exe /s "C:\Program Files\Panda Security\TotalScan\npwrapper.dll" (Microsoft Corporation)
"Registering TotalScan Components.."=C:\Windows\system32\regsvr32.exe /s "C:\Program Files\Panda Security\TotalScan\libcomm.dll" (Microsoft Corporation)
========== (O6 & O7) Current Version Policies ==========
[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Restrictions]
"NoBrowserContextMenu"=0
[HKEY_USERS\S-1-5-21-686098206-3516960793-3859295123-1001\Software\policies\microsoft\internet explorer\Restrictions]
"NoBrowserContextMenu"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
[HKEY_USERS\S-1-5-21-686098206-3516960793-3859295123-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-21-686098206-3516960793-3859295123-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\Windows\System32\GPhotos.scr [2009/01/05 23:33:03 | 03,751,995 | ---- | M] (Google Inc.)
Personnaliser: d:\Progam Files\promtie4\options.htm File not found
Rechercher sur Internet: d:\Progam Files\promtie4\search.htm File not found
Traduire: d:\Progam Files\promtie4\translat.htm File not found
Traduire dans WebView: d:\Progam Files\promtie4\webview.htm File not found
Traduire la page: d:\Progam Files\promtie4\page.htm File not found
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\Windows\System32\GPhotos.scr [2009/01/05 23:33:03 | 03,751,995 | ---- | M] (Google Inc.)
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\Windows\System32\GPhotos.scr [2009/01/05 23:33:03 | 03,751,995 | ---- | M] (Google Inc.)
[HKEY_USERS\S-1-5-21-686098206-3516960793-3859295123-1001\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\Windows\System32\GPhotos.scr [2009/01/05 23:33:03 | 03,751,995 | ---- | M] (Google Inc.)
Personnaliser: d:\Progam Files\promtie4\options.htm File not found
Rechercher sur Internet: d:\Progam Files\promtie4\search.htm File not found
Traduire: d:\Progam Files\promtie4\translat.htm File not found
Traduire dans WebView: d:\Progam Files\promtie4\webview.htm File not found
Traduire la page: d:\Progam Files\promtie4\page.htm File not found
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Console Java (Sun) -- %SystemDrive%\Programmes\Java\jre1.6.0_01\bin\ssv.dll File not found
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Ajout Direct -- %SystemDrive%\Programmes\Windows Live\Writer\WriterBrowserExtension.dll File not found
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Ajout Direct dans Windows Live Writer -- %SystemDrive%\Programmes\Windows Live\Writer\WriterBrowserExtension.dll File not found
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{5D6F45B3-9043-443D-A792-115447494D24}: http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab -- UnoCtrl Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- Reg Error: Key does not exist or could not be opened.
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab -- MessengerStatsClient Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}: http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab -- Minesweeper Flags Class
========== (O17) DNS Name Servers ==========
{F8B2C618-D083-4DED-A028-CC9C85BC8AAF} (Servers: | Description: Connexion réseau Intel(R) PRO/100)
========== HKLM *SecurityProviders* ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2006/11/02 10:46:03 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll
========== LSA *Security Packages* ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2006/11/02 10:46:13 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/18 22:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]
autorun.inf [[autorun] | icon=.VolumeIcon.ico | ]
[2009/02/14 19:22:48 | 00,000,033 | -HS- | M] () -- K:\autorun.inf -- [ NTFS ]
========== MountPoints2 ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39f74b70-de10-11db-9d6b-0018f3e79de2}\Shell\AutoRun\command]
""=C:\Windows\System32\shell32.dll -- [2006/11/02 10:46:13 | 11,314,688 | ---- | M] (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[1 C:\Users\eric\Documents\*.tmp files]
[2009/03/11 21:38:49 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2009/03/11 17:33:04 | 00,001,876 | ---- | C] () -- C:\Users\eric\Desktop\HijackThis.lnk
[2009/03/11 17:33:04 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/10 18:38:36 | 00,000,000 | ---D | C] -- C:\Users\eric\Documents\LimeWire
[2009/03/08 15:06:05 | 00,000,152 | ---- | C] () -- C:\Users\eric\Desktop\ARIA 74.url
[2009/03/07 11:23:00 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/02/28 14:46:08 | 00,230,432 | ---- | C] () -- C:\PA207.DAT
[2009/02/27 10:51:03 | 00,136,192 | ---- | C] () -- C:\Users\eric\Documents\Vidéo you tube get.doc
[2009/02/26 18:22:45 | 00,001,901 | ---- | C] () -- C:\Users\eric\Desktop\Windows Live Messenger .lnk
[2009/02/25 20:54:39 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/02/25 20:54:26 | 00,055,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys
[2009/02/25 20:54:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/02/25 20:52:50 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2009/02/25 20:52:44 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/02/23 11:15:47 | 00,001,489 | ---- | C] () -- C:\Users\eric\Desktop\i j j i.lnk
[2009/02/22 21:55:10 | 00,021,248 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2009/02/22 21:55:09 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2009/02/22 21:55:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2009/02/22 21:55:07 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/02/22 21:24:21 | 00,000,000 | ---D | C] -- C:\Program Files\Ad-remover
[2009/02/22 17:10:31 | 00,000,000 | ---D | C] -- C:\Users\eric\AppData\Roaming\Malwarebytes
[2009/02/22 17:10:26 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/02/22 17:10:24 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/02/22 17:10:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/02/22 17:10:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/02/17 19:16:10 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/02/17 17:29:27 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2009/02/17 16:53:02 | 00,001,744 | ---- | C] () -- C:\Users\eric\Desktop\Mozilla Firefox.lnk
[2009/02/16 20:36:07 | 73,240,9856 | ---- | C] () -- C:\Users\eric\Desktop\Danse.Avec.Lui.FRENCH.DVDRiP.REPACK.1CD.XViD-ELiTE.avi
[2009/02/14 19:25:54 | 00,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2009/02/10 11:27:28 | 00,635,392 | ---- | C] () -- C:\Users\eric\Desktop\Conjugaison_Bescherelle.exe
========== Files - Modified Within 30 Days ==========
[1 C:\Users\eric\Documents\*.tmp files]
[2009/03/11 21:51:00 | 00,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B5A542B7-B5D2-4686-A6B7-2118BD633F89}.job
[2009/03/11 21:50:00 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FD82AE3B-CD6B-4457-A5BC-D1BBA55C78E2}.job
[2009/03/11 21:50:00 | 00,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{922170D3-9FC7-4D22-A8F4-D04A05F4C3E8}.job
[2009/03/11 21:45:47 | 00,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2009/03/11 21:44:59 | 00,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/03/11 21:44:59 | 00,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/03/11 21:44:57 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/03/11 21:44:52 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/03/11 21:41:58 | 04,234,988 | -H-- | M] () -- C:\Users\eric\AppData\Local\IconCache.db
[2009/03/11 17:33:04 | 00,001,876 | ---- | M] () -- C:\Users\eric\Desktop\HijackThis.lnk
[2009/03/10 18:26:06 | 00,000,217 | ---- | M] () -- C:\Users\eric\Desktop\Torrentz.URL
@Alternate Data Stream - 1406 bytes -> C:\Users\eric\Desktop\Torrentz.URL:favicon
[2009/03/10 17:31:18 | 00,167,936 | ---- | M] () -- C:\Users\eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/08 16:55:29 | 00,087,036 | ---- | M] () -- C:\Windows\System32\nvapps.xml
[2009/03/08 15:06:05 | 00,000,152 | ---- | M] () -- C:\Users\eric\Desktop\ARIA 74.url
[2009/03/07 21:17:11 | 01,538,854 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/03/07 21:17:11 | 00,699,984 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2009/03/07 21:17:11 | 00,618,272 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/03/07 21:17:11 | 00,121,814 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2009/03/07 21:17:11 | 00,107,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/03/07 21:16:28 | 00,145,815 | ---- | M] () -- C:\Windows\hpoins18.dat
[2009/03/07 21:15:09 | 00,000,549 | ---- | M] () -- C:\Windows\win.ini
[2009/02/28 14:46:08 | 00,230,432 | ---- | M] () -- C:\PA207.DAT
[2009/02/27 10:54:17 | 00,136,192 | ---- | M] () -- C:\Users\eric\Documents\Vidéo you tube get.doc
[2009/02/27 10:02:52 | 00,387,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/02/26 21:20:40 | 00,106,496 | ---- | M] () -- C:\Users\eric\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/02/26 18:22:45 | 00,001,901 | ---- | M] () -- C:\Users\eric\Desktop\Windows Live Messenger .lnk
[2009/02/23 15:35:20 | 00,001,489 | ---- | M] () -- C:\Users\eric\Desktop\i j j i.lnk
[2009/02/17 16:53:02 | 00,001,744 | ---- | M] () -- C:\Users\eric\Desktop\Mozilla Firefox.lnk
[2009/02/16 20:46:19 | 73,240,9856 | ---- | M] () -- C:\Users\eric\Desktop\Danse.Avec.Lui.FRENCH.DVDRiP.REPACK.1CD.XViD-ELiTE.avi
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
< End of report >
smugles
le 11 mars 2009 à 22h23
OTViewIt logfile created on: 11/03/2009 22:02:57 - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\eric\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16448)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
1021,87 Mb Total Physical Memory | 407,74 Mb Available Physical Memory | 39,90% Memory free
2,23 Gb Paging File | 1,39 Gb Available in Paging File | 62,29% Paging File free
Paging file location(s): ?:\pagefile.sys;
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 227,61 Gb Total Space | 175,32 Gb Free Space | 77,03% Space Free | Partition Type: NTFS
Drive D: | 5,28 Gb Total Space | 0,88 Gb Free Space | 16,71% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 298,09 Gb Total Space | 222,81 Gb Free Space | 74,74% Space Free | Partition Type: NTFS
Computer Name: PC-DE-ERIC
Current User Name: eric
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: Off
File Age = 30 Days
========== Processes ==========
[2006/11/02 10:45:57 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2006/11/02 10:45:21 | 00,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2006/11/02 10:45:45 | 02,592,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2008/10/15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2006/11/02 10:45:04 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2006/11/02 10:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006/11/03 10:01:16 | 00,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
[2008/02/19 13:10:32 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/06/12 13:28:40 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2006/11/02 13:35:15 | 01,196,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
[2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2008/10/15 13:29:28 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2006/09/03 10:32:28 | 00,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
[2006/09/29 12:38:50 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
[2006/10/19 13:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2007/01/02 20:40:10 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
[2009/01/14 17:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
[2003/01/15 15:43:14 | 00,065,536 | ---- | M] () -- C:\Windows\twain_32\ca561a\SnapDetect.exe
[2006/11/02 13:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2006/11/02 10:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006/11/02 13:35:15 | 01,196,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
[2006/12/10 20:51:08 | 00,271,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
[2008/02/19 13:10:24 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2009/03/11 21:32:16 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\eric\Downloads\OTViewIt.exe
[2006/11/02 13:34:36 | 00,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\notepad.exe
[2006/09/14 14:43:34 | 00,437,976 | ---- | M] (Orange International) -- C:\Program Files\Orange\GLOBAL\Mnu\IGOMNU.EXE
[2006/11/02 10:45:14 | 00,623,616 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/02/06 18:21:00 | 00,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
[2006/11/02 10:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006/11/02 10:45:49 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\servicing\TrustedInstaller.exe
========== (O23) Win32 Services ==========
File not found -- -- (AlertService [On_Demand | Stopped])
File not found -- -- (AntiVirScheduler [Auto | Running])
File not found -- -- (AntiVirService [Auto | Running])
File not found -- -- (Apple Mobile Device [Auto | Running])
File not found -- -- (aswUpdSv [Auto | Stopped])
File not found -- -- (avast! Antivirus [Auto | Stopped])
File not found -- -- (avast! Mail Scanner [On_Demand | Stopped])
File not found -- -- (avast! Web Scanner [On_Demand | Stopped])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2006/11/02 07:34:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
[2006/11/02 13:36:25 | 02,089,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2006/11/02 10:46:04 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
File not found -- -- (DQLWinService [Auto | Running])
[2006/11/02 13:35:28 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2006/11/02 13:36:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
File not found -- -- (fsssvc [On_Demand | Stopped])
[2006/11/02 10:46:05 | 00,569,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
File not found -- -- (gusvc [On_Demand | Stopped])
File not found -- -- (IAANTMON [Auto | Running])
File not found -- -- (IDriverT [On_Demand | Stopped])
File not found -- -- (IntelDHSvcConf [Auto | Stopped])
File not found -- -- (iPod Service [On_Demand | Running])
File not found -- -- (ISSM [On_Demand | Stopped])
File not found -- -- (LightScribeService [Auto | Running])
File not found -- -- (M1 Server [On_Demand | Stopped])
File not found -- -- (MCLServiceATL [On_Demand | Stopped])
File not found -- -- (MSCSPTISRV [On_Demand | Stopped])
[2006/11/02 14:04:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2006/11/02 13:36:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
File not found -- -- (PACSPTISVR [On_Demand | Stopped])
File not found -- -- (Remote UI Service [On_Demand | Stopped])
[2006/11/02 10:46:12 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
File not found -- -- (SeaPort [Auto | Running])
[2006/11/02 10:45:45 | 02,592,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 10:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
File not found -- -- (SPTISRV [On_Demand | Stopped])
File not found -- -- (stllssvr [On_Demand | Stopped])
[2006/11/02 10:45:50 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2006/11/02 10:45:50 | 00,392,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2006/11/02 13:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
========== Driver Services ==========
[2006/11/02 10:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 10:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 10:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006/11/02 10:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006/11/02 10:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006/11/02 10:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 09:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006/11/02 09:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2006/11/02 10:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 10:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
File not found -- -- (avgio [System | Running])
File not found -- -- (avgntflt [On_Demand | Running])
[2008/10/30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb [System | Running])
[2006/11/02 09:31:12 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/11/02 09:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2006/11/02 09:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2006/11/02 10:51:25 | 00,221,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2006/11/02 10:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006/11/02 10:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 09:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2006/11/02 09:31:04 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2006/11/02 09:51:04 | 00,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4.sys -- (Dot4 [On_Demand | Stopped])
[2006/11/02 09:51:02 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Stopped])
[2006/11/02 09:51:03 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4usb.sys -- (dot4usb [On_Demand | Stopped])
[2006/11/02 09:38:51 | 00,617,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006/11/02 08:30:54 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2006/11/02 08:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2006/11/02 13:34:35 | 00,132,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2006/11/02 10:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2006/11/02 10:49:58 | 00,056,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2006/11/02 09:32:55 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2009/02/06 18:08:52 | 00,055,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr [On_Demand | Stopped])
[2006/11/02 10:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2006/09/19 13:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2006/11/02 08:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2007/04/12 15:45:22 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 09:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 09:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 10:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/04/13 02:04:39 | 00,049,664 | ---- | M] (HP) -- C:\Windows\System32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2006/04/13 02:04:39 | 00,016,496 | ---- | M] (HP) -- C:\Windows\System32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2006/04/13 02:04:39 | 00,021,568 | ---- | M] (HP) -- C:\Windows\System32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2006/09/29 12:59:58 | 00,250,368 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2006/11/02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2006/11/02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2006/11/08 20:09:24 | 01,647,976 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
[2006/11/02 09:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2006/11/02 10:51:12 | 00,168,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2006/11/02 09:51:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [Disabled | Stopped])
[2006/11/02 09:56:49 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006/11/02 10:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 10:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 10:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2006/11/02 09:33:07 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006/11/02 10:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2006/11/02 09:54:05 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006/11/02 10:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2006/11/02 09:56:34 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2006/11/02 09:31:27 | 00,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2006/11/02 09:31:17 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006/11/02 10:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006/11/02 10:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2006/11/02 10:49:20 | 00,013,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2006/11/02 10:51:09 | 00,160,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2006/11/02 13:34:33 | 00,154,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Stopped])
[2006/11/02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2006/11/02 09:57:30 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2006/12/13 12:44:00 | 04,446,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2006/11/02 10:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2006/11/02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2006/11/02 10:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2006/12/05 10:34:42 | 00,507,136 | ---- | M] (PixArt Imaging Inc.) -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207 [On_Demand | Running])
[2006/11/02 10:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2005/12/12 17:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\PS2.sys -- (Ps2 [On_Demand | Running])
[2006/11/02 09:57:33 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2008/07/31 23:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2006/11/02 10:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2006/11/02 13:34:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2006/11/02 10:02:01 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2006/11/02 09:56:49 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2006/11/02 10:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2006/11/02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2006/11/02 09:51:11 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2005/04/04 11:43:22 | 00,048,640 | ---- | M] (Protection Technology) -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Stopped])
[2006/11/02 09:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2006/11/02 09:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006/11/02 09:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2005/02/23 16:59:54 | 00,006,656 | ---- | M] (Protection Technology) -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
[2005/04/14 13:12:32 | 00,019,968 | ---- | M] (Protection Technology) -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
[2006/11/02 10:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006/11/02 10:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 10:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2006/11/02 09:57:10 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2006/11/02 10:49:35 | 00,018,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2006/11/02 09:31:47 | 00,129,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2006/11/02 09:31:44 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2007/11/08 18:03:26 | 00,021,248 | ---- | M] (AVIRA GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2005/08/30 01:47:38 | 00,058,320 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus [On_Demand | Stopped])
[2006/11/02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2006/11/02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2006/11/02 09:57:47 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2006/11/02 09:57:35 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2006/11/02 10:02:07 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2006/11/02 09:57:24 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2006/11/02 09:57:29 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2006/11/02 10:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2006/11/02 10:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 10:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 10:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2006/11/02 09:55:24 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2008/02/18 11:16:24 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2006/11/02 09:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2006/11/02 09:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 09:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2006/11/02 10:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2006/11/02 10:50:24 | 00,050,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2006/11/02 10:51:30 | 00,290,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006/11/02 10:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 09:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006/11/02 10:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2006/11/02 10:51:41 | 00,492,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2006/11/02 09:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
[2006/11/02 09:58:26 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_page_url"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=desktop
"Default_search_url"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=desktop
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=C:\Windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
"StartPageCache"=
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
========== (O1) Hosts File ==========
HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Programmes\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
{5C255C8A-E604-49b4-9D64-90988571CECB} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{64F56FC1-1272-44CD-BA6E-39723696E350} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} (HKLM) -- C:\Programmes\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Programmes\Java\jre1.6.0_01\bin\ssv.dll File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Programmes\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll File not found
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} (HKLM) -- C:\Programmes\Windows Live\Toolbar\wltcore.dll File not found
========== (O3) Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" (HKLM) -- C:\Programmes\Windows Live\Toolbar\wltcore.dll File not found
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" (HKLM) -- C:\Programmes\Windows Live\Toolbar\wltcore.dll File not found
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" File not found
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min File not found
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" File not found
"Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime File not found
"Spyware-Secure"=C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe File not found
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun File not found
========== (O4) RunOnce Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=%WINDIR%\SMINST\launcher.exe (soft thinks)
========== (O4) RunOnce\Setup Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup]
"Registering TotalScan Components"=C:\Windows\system32\regsvr32.exe /s "C:\Program Files\Panda Security\TotalScan\ASCGuiIE.dll" (Microsoft Corporation)
"Registering TotalScan Components."=C:\Windows\system32\regsvr32.exe /s "C:\Program Files\Panda Security\TotalScan\npwrapper.dll" (Microsoft Corporation)
"Registering TotalScan Components.."=C:\Windows\system32\regsvr32.exe /s "C:\Program Files\Panda Security\TotalScan\libcomm.dll" (Microsoft Corporation)
========== (O6 & O7) Current Version Policies ==========
[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Restrictions]
"NoBrowserContextMenu"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\Windows\System32\GPhotos.scr [2009/01/05 23:33:03 | 03,751,995 | ---- | M] (Google Inc.)
Personnaliser: d:\Progam Files\promtie4\options.htm File not found
Rechercher sur Internet: d:\Progam Files\promtie4\search.htm File not found
Traduire: d:\Progam Files\promtie4\translat.htm File not found
Traduire dans WebView: d:\Progam Files\promtie4\webview.htm File not found
Traduire la page: d:\Progam Files\promtie4\page.htm File not found
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Console Java (Sun) -- %SystemDrive%\Programmes\Java\jre1.6.0_01\bin\ssv.dll File not found
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Ajout Direct -- %SystemDrive%\Programmes\Windows Live\Writer\WriterBrowserExtension.dll File not found
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Ajout Direct dans Windows Live Writer -- %SystemDrive%\Programmes\Windows Live\Writer\WriterBrowserExtension.dll File not found
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{5D6F45B3-9043-443D-A792-115447494D24}: http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab -- UnoCtrl Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- Reg Error: Key does not exist or could not be opened.
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab -- MessengerStatsClient Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}: http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab -- Minesweeper Flags Class
========== (O17) DNS Name Servers ==========
{F8B2C618-D083-4DED-A028-CC9C85BC8AAF} (Servers: | Description: Connexion réseau Intel(R) PRO/100)
========== HKLM *SecurityProviders* ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2006/11/02 10:46:03 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll
========== LSA *Security Packages* ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2006/11/02 10:46:13 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/18 22:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]
autorun.inf [[autorun] | icon=.VolumeIcon.ico | ]
[2009/02/14 19:22:48 | 00,000,033 | -HS- | M] () -- K:\autorun.inf -- [ NTFS ]
========== MountPoints2 ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39f74b70-de10-11db-9d6b-0018f3e79de2}\Shell\AutoRun\command]
""=C:\Windows\System32\shell32.dll -- [2006/11/02 10:46:13 | 11,314,688 | ---- | M] (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[1 C:\Users\eric\Documents\*.tmp files]
[2009/03/11 21:38:49 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2009/03/11 17:33:04 | 00,001,876 | ---- | C] () -- C:\Users\eric\Desktop\HijackThis.lnk
[2009/03/11 17:33:04 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/10 18:38:36 | 00,000,000 | ---D | C] -- C:\Users\eric\Documents\LimeWire
[2009/03/08 15:06:05 | 00,000,152 | ---- | C] () -- C:\Users\eric\Desktop\ARIA 74.url
[2009/03/07 11:23:00 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/02/28 14:46:08 | 00,230,432 | ---- | C] () -- C:\PA207.DAT
[2009/02/27 10:51:03 | 00,136,192 | ---- | C] () -- C:\Users\eric\Documents\Vidéo you tube get.doc
[2009/02/26 18:22:45 | 00,001,901 | ---- | C] () -- C:\Users\eric\Desktop\Windows Live Messenger .lnk
[2009/02/25 20:54:39 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/02/25 20:54:26 | 00,055,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys
[2009/02/25 20:54:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/02/25 20:52:50 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2009/02/25 20:52:44 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/02/23 11:15:47 | 00,001,489 | ---- | C] () -- C:\Users\eric\Desktop\i j j i.lnk
[2009/02/22 21:55:10 | 00,021,248 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2009/02/22 21:55:09 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2009/02/22 21:55:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2009/02/22 21:55:07 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/02/22 21:24:21 | 00,000,000 | ---D | C] -- C:\Program Files\Ad-remover
[2009/02/22 17:10:31 | 00,000,000 | ---D | C] -- C:\Users\eric\AppData\Roaming\Malwarebytes
[2009/02/22 17:10:26 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/02/22 17:10:24 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/02/22 17:10:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/02/22 17:10:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/02/17 19:16:10 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/02/17 17:29:27 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2009/02/17 16:53:02 | 00,001,744 | ---- | C] () -- C:\Users\eric\Desktop\Mozilla Firefox.lnk
[2009/02/16 20:36:07 | 73,240,9856 | ---- | C] () -- C:\Users\eric\Desktop\Danse.Avec.Lui.FRENCH.DVDRiP.REPACK.1CD.XViD-ELiTE.avi
[2009/02/14 19:25:54 | 00,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2009/02/10 11:27:28 | 00,635,392 | ---- | C] () -- C:\Users\eric\Desktop\Conjugaison_Bescherelle.exe
========== Files - Modified Within 30 Days ==========
[1 C:\Users\eric\Documents\*.tmp files]
[2009/03/11 22:01:00 | 00,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B5A542B7-B5D2-4686-A6B7-2118BD633F89}.job
[2009/03/11 22:00:00 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FD82AE3B-CD6B-4457-A5BC-D1BBA55C78E2}.job
[2009/03/11 22:00:00 | 00,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{922170D3-9FC7-4D22-A8F4-D04A05F4C3E8}.job
[2009/03/11 21:45:47 | 00,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2009/03/11 21:44:59 | 00,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/03/11 21:44:59 | 00,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/03/11 21:44:57 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/03/11 21:44:52 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/03/11 21:41:58 | 04,234,988 | -H-- | M] () -- C:\Users\eric\AppData\Local\IconCache.db
[2009/03/11 17:33:04 | 00,001,876 | ---- | M] () -- C:\Users\eric\Desktop\HijackThis.lnk
[2009/03/10 18:26:06 | 00,000,217 | ---- | M] () -- C:\Users\eric\Desktop\Torrentz.URL
@Alternate Data Stream - 1406 bytes -> C:\Users\eric\Desktop\Torrentz.URL:favicon
[2009/03/10 17:31:18 | 00,167,936 | ---- | M] () -- C:\Users\eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/08 16:55:29 | 00,087,036 | ---- | M] () -- C:\Windows\System32\nvapps.xml
[2009/03/08 15:06:05 | 00,000,152 | ---- | M] () -- C:\Users\eric\Desktop\ARIA 74.url
[2009/03/07 21:17:11 | 01,538,854 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/03/07 21:17:11 | 00,699,984 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2009/03/07 21:17:11 | 00,618,272 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/03/07 21:17:11 | 00,121,814 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2009/03/07 21:17:11 | 00,107,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/03/07 21:16:28 | 00,145,815 | ---- | M] () -- C:\Windows\hpoins18.dat
[2009/03/07 21:15:09 | 00,000,549 | ---- | M] () -- C:\Windows\win.ini
[2009/02/28 14:46:08 | 00,230,432 | ---- | M] () -- C:\PA207.DAT
[2009/02/27 10:54:17 | 00,136,192 | ---- | M] () -- C:\Users\eric\Documents\Vidéo you tube get.doc
[2009/02/27 10:02:52 | 00,387,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/02/26 21:20:40 | 00,106,496 | ---- | M] () -- C:\Users\eric\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/02/26 18:22:45 | 00,001,901 | ---- | M] () -- C:\Users\eric\Desktop\Windows Live Messenger .lnk
[2009/02/23 15:35:20 | 00,001,489 | ---- | M] () -- C:\Users\eric\Desktop\i j j i.lnk
[2009/02/17 16:53:02 | 00,001,744 | ---- | M] () -- C:\Users\eric\Desktop\Mozilla Firefox.lnk
[2009/02/16 20:46:19 | 73,240,9856 | ---- | M] () -- C:\Users\eric\Desktop\Danse.Avec.Lui.FRENCH.DVDRiP.REPACK.1CD.XViD-ELiTE.avi
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
< End of report >
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\eric\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16448)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
1021,87 Mb Total Physical Memory | 407,74 Mb Available Physical Memory | 39,90% Memory free
2,23 Gb Paging File | 1,39 Gb Available in Paging File | 62,29% Paging File free
Paging file location(s): ?:\pagefile.sys;
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 227,61 Gb Total Space | 175,32 Gb Free Space | 77,03% Space Free | Partition Type: NTFS
Drive D: | 5,28 Gb Total Space | 0,88 Gb Free Space | 16,71% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 298,09 Gb Total Space | 222,81 Gb Free Space | 74,74% Space Free | Partition Type: NTFS
Computer Name: PC-DE-ERIC
Current User Name: eric
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: Off
File Age = 30 Days
========== Processes ==========
[2006/11/02 10:45:57 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2006/11/02 10:45:21 | 00,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2006/11/02 10:45:45 | 02,592,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2008/10/15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2006/11/02 10:45:04 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2006/11/02 10:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006/11/03 10:01:16 | 00,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
[2008/02/19 13:10:32 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/06/12 13:28:40 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2006/11/02 13:35:15 | 01,196,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
[2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2008/10/15 13:29:28 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2006/09/03 10:32:28 | 00,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
[2006/09/29 12:38:50 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
[2006/10/19 13:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2007/01/02 20:40:10 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
[2009/01/14 17:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
[2003/01/15 15:43:14 | 00,065,536 | ---- | M] () -- C:\Windows\twain_32\ca561a\SnapDetect.exe
[2006/11/02 13:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2006/11/02 10:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006/11/02 13:35:15 | 01,196,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
[2006/12/10 20:51:08 | 00,271,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
[2008/02/19 13:10:24 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2009/03/11 21:32:16 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\eric\Downloads\OTViewIt.exe
[2006/11/02 13:34:36 | 00,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\notepad.exe
[2006/09/14 14:43:34 | 00,437,976 | ---- | M] (Orange International) -- C:\Program Files\Orange\GLOBAL\Mnu\IGOMNU.EXE
[2006/11/02 10:45:14 | 00,623,616 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/02/06 18:21:00 | 00,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
[2006/11/02 10:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006/11/02 10:45:49 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\servicing\TrustedInstaller.exe
========== (O23) Win32 Services ==========
File not found -- -- (AlertService [On_Demand | Stopped])
File not found -- -- (AntiVirScheduler [Auto | Running])
File not found -- -- (AntiVirService [Auto | Running])
File not found -- -- (Apple Mobile Device [Auto | Running])
File not found -- -- (aswUpdSv [Auto | Stopped])
File not found -- -- (avast! Antivirus [Auto | Stopped])
File not found -- -- (avast! Mail Scanner [On_Demand | Stopped])
File not found -- -- (avast! Web Scanner [On_Demand | Stopped])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2006/11/02 07:34:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
[2006/11/02 13:36:25 | 02,089,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2006/11/02 10:46:04 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
File not found -- -- (DQLWinService [Auto | Running])
[2006/11/02 13:35:28 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2006/11/02 13:36:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
File not found -- -- (fsssvc [On_Demand | Stopped])
[2006/11/02 10:46:05 | 00,569,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
File not found -- -- (gusvc [On_Demand | Stopped])
File not found -- -- (IAANTMON [Auto | Running])
File not found -- -- (IDriverT [On_Demand | Stopped])
File not found -- -- (IntelDHSvcConf [Auto | Stopped])
File not found -- -- (iPod Service [On_Demand | Running])
File not found -- -- (ISSM [On_Demand | Stopped])
File not found -- -- (LightScribeService [Auto | Running])
File not found -- -- (M1 Server [On_Demand | Stopped])
File not found -- -- (MCLServiceATL [On_Demand | Stopped])
File not found -- -- (MSCSPTISRV [On_Demand | Stopped])
[2006/11/02 14:04:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2006/11/02 13:36:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
File not found -- -- (PACSPTISVR [On_Demand | Stopped])
File not found -- -- (Remote UI Service [On_Demand | Stopped])
[2006/11/02 10:46:12 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
File not found -- -- (SeaPort [Auto | Running])
[2006/11/02 10:45:45 | 02,592,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 10:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
File not found -- -- (SPTISRV [On_Demand | Stopped])
File not found -- -- (stllssvr [On_Demand | Stopped])
[2006/11/02 10:45:50 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2006/11/02 10:45:50 | 00,392,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2006/11/02 13:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
========== Driver Services ==========
[2006/11/02 10:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 10:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 10:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006/11/02 10:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006/11/02 10:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006/11/02 10:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 09:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006/11/02 09:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2006/11/02 10:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 10:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
File not found -- -- (avgio [System | Running])
File not found -- -- (avgntflt [On_Demand | Running])
[2008/10/30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb [System | Running])
[2006/11/02 09:31:12 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/11/02 09:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2006/11/02 09:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2006/11/02 10:51:25 | 00,221,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2006/11/02 10:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006/11/02 10:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 09:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2006/11/02 09:31:04 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2006/11/02 09:51:04 | 00,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4.sys -- (Dot4 [On_Demand | Stopped])
[2006/11/02 09:51:02 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Stopped])
[2006/11/02 09:51:03 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4usb.sys -- (dot4usb [On_Demand | Stopped])
[2006/11/02 09:38:51 | 00,617,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006/11/02 08:30:54 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2006/11/02 08:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2006/11/02 13:34:35 | 00,132,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2006/11/02 10:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2006/11/02 10:49:58 | 00,056,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2006/11/02 09:32:55 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2009/02/06 18:08:52 | 00,055,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr [On_Demand | Stopped])
[2006/11/02 10:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2006/09/19 13:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2006/11/02 08:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2007/04/12 15:45:22 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 09:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 09:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 10:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/04/13 02:04:39 | 00,049,664 | ---- | M] (HP) -- C:\Windows\System32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2006/04/13 02:04:39 | 00,016,496 | ---- | M] (HP) -- C:\Windows\System32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2006/04/13 02:04:39 | 00,021,568 | ---- | M] (HP) -- C:\Windows\System32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2006/09/29 12:59:58 | 00,250,368 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2006/11/02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2006/11/02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2006/11/08 20:09:24 | 01,647,976 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
[2006/11/02 09:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2006/11/02 10:51:12 | 00,168,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2006/11/02 09:51:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [Disabled | Stopped])
[2006/11/02 09:56:49 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006/11/02 10:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 10:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 10:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2006/11/02 09:33:07 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006/11/02 10:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2006/11/02 09:54:05 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006/11/02 10:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2006/11/02 09:56:34 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2006/11/02 09:31:27 | 00,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2006/11/02 09:31:17 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006/11/02 10:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006/11/02 10:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2006/11/02 10:49:20 | 00,013,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2006/11/02 10:51:09 | 00,160,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2006/11/02 13:34:33 | 00,154,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Stopped])
[2006/11/02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2006/11/02 09:57:30 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2006/12/13 12:44:00 | 04,446,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2006/11/02 10:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2006/11/02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2006/11/02 10:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2006/12/05 10:34:42 | 00,507,136 | ---- | M] (PixArt Imaging Inc.) -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207 [On_Demand | Running])
[2006/11/02 10:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2005/12/12 17:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\PS2.sys -- (Ps2 [On_Demand | Running])
[2006/11/02 09:57:33 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2008/07/31 23:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2006/11/02 10:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2006/11/02 13:34:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2006/11/02 10:02:01 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2006/11/02 09:56:49 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2006/11/02 10:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2006/11/02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2006/11/02 09:51:11 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2005/04/04 11:43:22 | 00,048,640 | ---- | M] (Protection Technology) -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Stopped])
[2006/11/02 09:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2006/11/02 09:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006/11/02 09:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2005/02/23 16:59:54 | 00,006,656 | ---- | M] (Protection Technology) -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
[2005/04/14 13:12:32 | 00,019,968 | ---- | M] (Protection Technology) -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
[2006/11/02 10:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006/11/02 10:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 10:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2006/11/02 09:57:10 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2006/11/02 10:49:35 | 00,018,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2006/11/02 09:31:47 | 00,129,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2006/11/02 09:31:44 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2007/11/08 18:03:26 | 00,021,248 | ---- | M] (AVIRA GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2005/08/30 01:47:38 | 00,058,320 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus [On_Demand | Stopped])
[2006/11/02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2006/11/02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2006/11/02 09:57:47 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2006/11/02 09:57:35 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2006/11/02 10:02:07 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2006/11/02 09:57:24 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2006/11/02 09:57:29 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2006/11/02 10:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2006/11/02 10:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 10:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 10:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2006/11/02 09:55:24 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2008/02/18 11:16:24 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2006/11/02 09:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2006/11/02 09:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 09:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2006/11/02 10:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2006/11/02 10:50:24 | 00,050,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2006/11/02 10:51:30 | 00,290,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006/11/02 10:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 09:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006/11/02 10:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2006/11/02 10:51:41 | 00,492,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2006/11/02 09:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
[2006/11/02 09:58:26 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_page_url"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=desktop
"Default_search_url"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=desktop
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=C:\Windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
"StartPageCache"=
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
========== (O1) Hosts File ==========
HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Programmes\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
{5C255C8A-E604-49b4-9D64-90988571CECB} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{64F56FC1-1272-44CD-BA6E-39723696E350} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} (HKLM) -- C:\Programmes\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Programmes\Java\jre1.6.0_01\bin\ssv.dll File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Programmes\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll File not found
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} (HKLM) -- C:\Programmes\Windows Live\Toolbar\wltcore.dll File not found
========== (O3) Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" (HKLM) -- C:\Programmes\Windows Live\Toolbar\wltcore.dll File not found
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" (HKLM) -- C:\Programmes\Windows Live\Toolbar\wltcore.dll File not found
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" File not found
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min File not found
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" File not found
"Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime File not found
"Spyware-Secure"=C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe File not found
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun File not found
========== (O4) RunOnce Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=%WINDIR%\SMINST\launcher.exe (soft thinks)
========== (O4) RunOnce\Setup Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup]
"Registering TotalScan Components"=C:\Windows\system32\regsvr32.exe /s "C:\Program Files\Panda Security\TotalScan\ASCGuiIE.dll" (Microsoft Corporation)
"Registering TotalScan Components."=C:\Windows\system32\regsvr32.exe /s "C:\Program Files\Panda Security\TotalScan\npwrapper.dll" (Microsoft Corporation)
"Registering TotalScan Components.."=C:\Windows\system32\regsvr32.exe /s "C:\Program Files\Panda Security\TotalScan\libcomm.dll" (Microsoft Corporation)
========== (O6 & O7) Current Version Policies ==========
[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Restrictions]
"NoBrowserContextMenu"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\Windows\System32\GPhotos.scr [2009/01/05 23:33:03 | 03,751,995 | ---- | M] (Google Inc.)
Personnaliser: d:\Progam Files\promtie4\options.htm File not found
Rechercher sur Internet: d:\Progam Files\promtie4\search.htm File not found
Traduire: d:\Progam Files\promtie4\translat.htm File not found
Traduire dans WebView: d:\Progam Files\promtie4\webview.htm File not found
Traduire la page: d:\Progam Files\promtie4\page.htm File not found
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Console Java (Sun) -- %SystemDrive%\Programmes\Java\jre1.6.0_01\bin\ssv.dll File not found
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Ajout Direct -- %SystemDrive%\Programmes\Windows Live\Writer\WriterBrowserExtension.dll File not found
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Ajout Direct dans Windows Live Writer -- %SystemDrive%\Programmes\Windows Live\Writer\WriterBrowserExtension.dll File not found
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{5D6F45B3-9043-443D-A792-115447494D24}: http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab -- UnoCtrl Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- Reg Error: Key does not exist or could not be opened.
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab -- MessengerStatsClient Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}: http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab -- Minesweeper Flags Class
========== (O17) DNS Name Servers ==========
{F8B2C618-D083-4DED-A028-CC9C85BC8AAF} (Servers: | Description: Connexion réseau Intel(R) PRO/100)
========== HKLM *SecurityProviders* ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2006/11/02 10:46:03 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll
========== LSA *Security Packages* ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2006/11/02 10:46:13 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/18 22:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]
autorun.inf [[autorun] | icon=.VolumeIcon.ico | ]
[2009/02/14 19:22:48 | 00,000,033 | -HS- | M] () -- K:\autorun.inf -- [ NTFS ]
========== MountPoints2 ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39f74b70-de10-11db-9d6b-0018f3e79de2}\Shell\AutoRun\command]
""=C:\Windows\System32\shell32.dll -- [2006/11/02 10:46:13 | 11,314,688 | ---- | M] (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[1 C:\Users\eric\Documents\*.tmp files]
[2009/03/11 21:38:49 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2009/03/11 17:33:04 | 00,001,876 | ---- | C] () -- C:\Users\eric\Desktop\HijackThis.lnk
[2009/03/11 17:33:04 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/10 18:38:36 | 00,000,000 | ---D | C] -- C:\Users\eric\Documents\LimeWire
[2009/03/08 15:06:05 | 00,000,152 | ---- | C] () -- C:\Users\eric\Desktop\ARIA 74.url
[2009/03/07 11:23:00 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/02/28 14:46:08 | 00,230,432 | ---- | C] () -- C:\PA207.DAT
[2009/02/27 10:51:03 | 00,136,192 | ---- | C] () -- C:\Users\eric\Documents\Vidéo you tube get.doc
[2009/02/26 18:22:45 | 00,001,901 | ---- | C] () -- C:\Users\eric\Desktop\Windows Live Messenger .lnk
[2009/02/25 20:54:39 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/02/25 20:54:26 | 00,055,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys
[2009/02/25 20:54:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/02/25 20:52:50 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2009/02/25 20:52:44 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/02/23 11:15:47 | 00,001,489 | ---- | C] () -- C:\Users\eric\Desktop\i j j i.lnk
[2009/02/22 21:55:10 | 00,021,248 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2009/02/22 21:55:09 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2009/02/22 21:55:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2009/02/22 21:55:07 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/02/22 21:24:21 | 00,000,000 | ---D | C] -- C:\Program Files\Ad-remover
[2009/02/22 17:10:31 | 00,000,000 | ---D | C] -- C:\Users\eric\AppData\Roaming\Malwarebytes
[2009/02/22 17:10:26 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/02/22 17:10:24 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/02/22 17:10:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/02/22 17:10:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/02/17 19:16:10 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/02/17 17:29:27 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2009/02/17 16:53:02 | 00,001,744 | ---- | C] () -- C:\Users\eric\Desktop\Mozilla Firefox.lnk
[2009/02/16 20:36:07 | 73,240,9856 | ---- | C] () -- C:\Users\eric\Desktop\Danse.Avec.Lui.FRENCH.DVDRiP.REPACK.1CD.XViD-ELiTE.avi
[2009/02/14 19:25:54 | 00,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2009/02/10 11:27:28 | 00,635,392 | ---- | C] () -- C:\Users\eric\Desktop\Conjugaison_Bescherelle.exe
========== Files - Modified Within 30 Days ==========
[1 C:\Users\eric\Documents\*.tmp files]
[2009/03/11 22:01:00 | 00,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B5A542B7-B5D2-4686-A6B7-2118BD633F89}.job
[2009/03/11 22:00:00 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FD82AE3B-CD6B-4457-A5BC-D1BBA55C78E2}.job
[2009/03/11 22:00:00 | 00,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{922170D3-9FC7-4D22-A8F4-D04A05F4C3E8}.job
[2009/03/11 21:45:47 | 00,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2009/03/11 21:44:59 | 00,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/03/11 21:44:59 | 00,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/03/11 21:44:57 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/03/11 21:44:52 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/03/11 21:41:58 | 04,234,988 | -H-- | M] () -- C:\Users\eric\AppData\Local\IconCache.db
[2009/03/11 17:33:04 | 00,001,876 | ---- | M] () -- C:\Users\eric\Desktop\HijackThis.lnk
[2009/03/10 18:26:06 | 00,000,217 | ---- | M] () -- C:\Users\eric\Desktop\Torrentz.URL
@Alternate Data Stream - 1406 bytes -> C:\Users\eric\Desktop\Torrentz.URL:favicon
[2009/03/10 17:31:18 | 00,167,936 | ---- | M] () -- C:\Users\eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/08 16:55:29 | 00,087,036 | ---- | M] () -- C:\Windows\System32\nvapps.xml
[2009/03/08 15:06:05 | 00,000,152 | ---- | M] () -- C:\Users\eric\Desktop\ARIA 74.url
[2009/03/07 21:17:11 | 01,538,854 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/03/07 21:17:11 | 00,699,984 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2009/03/07 21:17:11 | 00,618,272 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/03/07 21:17:11 | 00,121,814 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2009/03/07 21:17:11 | 00,107,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/03/07 21:16:28 | 00,145,815 | ---- | M] () -- C:\Windows\hpoins18.dat
[2009/03/07 21:15:09 | 00,000,549 | ---- | M] () -- C:\Windows\win.ini
[2009/02/28 14:46:08 | 00,230,432 | ---- | M] () -- C:\PA207.DAT
[2009/02/27 10:54:17 | 00,136,192 | ---- | M] () -- C:\Users\eric\Documents\Vidéo you tube get.doc
[2009/02/27 10:02:52 | 00,387,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/02/26 21:20:40 | 00,106,496 | ---- | M] () -- C:\Users\eric\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/02/26 18:22:45 | 00,001,901 | ---- | M] () -- C:\Users\eric\Desktop\Windows Live Messenger .lnk
[2009/02/23 15:35:20 | 00,001,489 | ---- | M] () -- C:\Users\eric\Desktop\i j j i.lnk
[2009/02/17 16:53:02 | 00,001,744 | ---- | M] () -- C:\Users\eric\Desktop\Mozilla Firefox.lnk
[2009/02/16 20:46:19 | 73,240,9856 | ---- | M] () -- C:\Users\eric\Desktop\Danse.Avec.Lui.FRENCH.DVDRiP.REPACK.1CD.XViD-ELiTE.avi
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
< End of report >
Curson
le 12 mars 2009 à 02h14
Bonsoir,
Désactive tous tes logiciels de sécurité durant la procédure.
1) Désinstalle les programmes suivants (si présents) via "Programmes et fonctionnalités"
Spyware-Secure
Choice Guard
Search Enhancement Pack
2) Désinstalle totalement Avast avec l'utilitaire de désinstallation officiel.
3) Télécharge OTMoveIt3 de OldTimer :
- Enregistre-le sur ton bureau
- Double-clique sur OTMoveIt3.exe pour le lancer (l'extension peut ne pas apparaître)
- Assure toi que la case "Unregistrer DLL's and Ocx's" soit cochée.
- Copie-colle l'entièreté de ceci ci dessous dans la partie "Paste Instructions for Items to be Moved" (en-dessous de la barre jaune) :
- Ferme tous tes programmes et clique sur le bouton rouge Moveit! pour lancer le nettoyage
- Copie-colle dans ta prochaine réponse tout ce qui se trouve dans la fenêtre Results (en vert à droite)
--> Un rapport sera généré dans le dossier C:\ _OTMoveIt\MovedFiles avec la date et l'heure du passage de l'outil (mmddyyyy_hhmmss.log)
- Ferme OTMoveIt3 (en cliquant sur Exit)
Note : Si un fichier ou un dossier ne sait être supprimé directement, l'outil peut demander un redémarrage pour terminer le processus. Clique alors sur "Yes" pour accepter...
4) Analyse ton système avec le Kaspersky Online Scanner. Tutorial.
Poste le résultat de l'analyse ici.
Comment se comporte le système ?
Cordialement.
Désactive tous tes logiciels de sécurité durant la procédure.
1) Désinstalle les programmes suivants (si présents) via "Programmes et fonctionnalités"
Spyware-Secure
Choice Guard
Search Enhancement Pack
2) Désinstalle totalement Avast avec l'utilitaire de désinstallation officiel.
3) Télécharge OTMoveIt3 de OldTimer :
- Enregistre-le sur ton bureau
- Double-clique sur OTMoveIt3.exe pour le lancer (l'extension peut ne pas apparaître)
- Assure toi que la case "Unregistrer DLL's and Ocx's" soit cochée.
- Copie-colle l'entièreté de ceci ci dessous dans la partie "Paste Instructions for Items to be Moved" (en-dessous de la barre jaune) :
- Ferme tous tes programmes et clique sur le bouton rouge Moveit! pour lancer le nettoyage
- Copie-colle dans ta prochaine réponse tout ce qui se trouve dans la fenêtre Results (en vert à droite)
--> Un rapport sera généré dans le dossier C:\ _OTMoveIt\MovedFiles avec la date et l'heure du passage de l'outil (mmddyyyy_hhmmss.log)
- Ferme OTMoveIt3 (en cliquant sur Exit)
Note : Si un fichier ou un dossier ne sait être supprimé directement, l'outil peut demander un redémarrage pour terminer le processus. Clique alors sur "Yes" pour accepter...
4) Analyse ton système avec le Kaspersky Online Scanner. Tutorial.
Poste le résultat de l'analyse ici.
Comment se comporte le système ?
Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
Si votre sujet reste sans réponse, merci de le signaler ici.
smugles
le 12 mars 2009 à 17h46
re,
Spyware-Secure
Choice Guard
Search Enhancement Pack
ne sont pas présents : comment faire ?
Avast est désinstallé, mais à contrôler.
problème avec OTMollt3 : il s'ouvre, mais ne travail pas : j'ai appuyé sur le bouton Movelt! et avira coupé.
merci
Spyware-Secure
Choice Guard
Search Enhancement Pack
ne sont pas présents : comment faire ?
Avast est désinstallé, mais à contrôler.
problème avec OTMollt3 : il s'ouvre, mais ne travail pas : j'ai appuyé sur le bouton Movelt! et avira coupé.
merci
-->Message édité par smugles le 12/03/2009 17:47:15<--
Curson
le 12 mars 2009 à 18h25
Bonsoir,
Désactive tous tes logiciels de sécurité durant la procédure.
1) Télécharge ATF-Cleaner by Atribune et enregistre-le sur ton bureau.
Ferme tes navigateurs et exécute le programme.
- Coche l'onglet "Select All".
- Clique sur "Empty Selected".
- Procède de même avec les onglets "Firefox" et "Opera"
2) Télécharge Combofix de sUBs : combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
3) Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
- Une fenêtre bleue va apparaître. Tape 1 si nécessaire.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.
- Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
4) Analyse ton système avec le Kaspersky Online Scanner. Tutorial.
Poste le résultat de l'analyse ici.
5) Poste un nouveau rapport HijackThis.
Comment se comporte le système ?
Cordialement.
Désactive tous tes logiciels de sécurité durant la procédure.
1) Télécharge ATF-Cleaner by Atribune et enregistre-le sur ton bureau.
Ferme tes navigateurs et exécute le programme.
- Coche l'onglet "Select All".
- Clique sur "Empty Selected".
- Procède de même avec les onglets "Firefox" et "Opera"
2) Télécharge Combofix de sUBs : combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
3) Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
- Une fenêtre bleue va apparaître. Tape 1 si nécessaire.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.
- Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
4) Analyse ton système avec le Kaspersky Online Scanner. Tutorial.
Poste le résultat de l'analyse ici.
5) Poste un nouveau rapport HijackThis.
Comment se comporte le système ?
Cordialement.
-->Message édité par Curson le 12/03/2009 18:30:11<--
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
Si votre sujet reste sans réponse, merci de le signaler ici.
smugles
le 12 mars 2009 à 19h09
j'ai crée un doc texte mais j'ai pas compris où se trouvent les lignes à mettre pour combo ?
ATF-Cleaner by Atribune = OK c'est fait
rapport combo généré:
ComboFix 09-03-10.03 - eric 2009-03-12 18:48:20.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1022.531 [GMT 1:00]
Lancé depuis: c:\users\eric\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
K:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-12 au 2009-03-12 ))))))))))))))))))))))))))))))))))))
.
2009-03-12 17:36 . 2009-03-12 17:36 <REP> d-------- C:\_OTMoveIt
2009-03-11 21:38 . 2009-03-11 21:38 <REP> d-------- c:\users\All Users\NortonInstaller
2009-03-11 21:38 . 2009-03-11 21:38 <REP> d-------- c:\programdata\NortonInstaller
2009-03-11 17:33 . 2009-03-11 17:33 <REP> d-------- c:\program files\Trend Micro
2009-03-07 11:23 . 2009-03-07 11:23 <REP> d-------- c:\windows\Sun
2009-03-01 14:34 . 2009-03-12 12:21 <REP> d-------- c:\users\co\Tracing
2009-02-28 14:46 . 2009-02-28 14:46 230,432 --a------ C:\PA207.DAT
2009-02-25 20:54 . 2009-02-25 20:54 <REP> d----c--- c:\windows\System32\DRVSTORE
2009-02-25 20:54 . 2009-02-25 20:54 <REP> d-------- c:\program files\Microsoft Silverlight
2009-02-25 20:54 . 2009-02-06 18:08 55,280 --a------ c:\windows\System32\drivers\fssfltr.sys
2009-02-25 20:52 . 2009-02-25 20:52 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-25 20:52 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll
2009-02-22 21:55 . 2009-02-22 21:55 <REP> d-------- c:\users\All Users\Avira
2009-02-22 21:55 . 2009-02-22 21:55 <REP> d-------- c:\programdata\Avira
2009-02-22 21:55 . 2009-02-22 21:55 <REP> d-------- c:\program files\Avira
2009-02-22 21:24 . 2009-02-24 21:13 <REP> d-------- c:\program files\Ad-remover
2009-02-22 17:10 . 2009-02-22 17:10 <REP> d-------- c:\users\eric\AppData\Roaming\Malwarebytes
2009-02-22 17:10 . 2009-02-22 17:10 <REP> d-------- c:\users\All Users\Malwarebytes
2009-02-22 17:10 . 2009-02-22 17:10 <REP> d-------- c:\programdata\Malwarebytes
2009-02-22 17:10 . 2009-02-22 17:10 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-22 17:10 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-22 17:10 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-17 17:29 . 2009-02-17 17:30 <REP> d-------- c:\program files\Common Files\PX Storage Engine
2009-02-14 19:25 . 2009-02-14 19:25 <REP> d-------- c:\windows\System32\URTTEMP
2009-02-13 14:41 . 2009-03-09 17:13 <REP> d-------- c:\users\do\Tracing
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 16:30 --------- d-----w c:\program files\Alwil Software
2009-03-12 16:09 --------- d-----w c:\users\eric\AppData\Roaming\uTorrent
2009-03-11 20:40 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-10 17:38 --------- d-----w c:\users\eric\AppData\Roaming\LimeWire
2009-02-28 15:45 --------- d-----w c:\users\do\AppData\Roaming\LimeWire
2009-02-26 16:42 --------- d-----w c:\users\cam\AppData\Roaming\LimeWire
2009-02-25 19:54 --------- d-----w c:\program files\Windows Live
2009-02-24 11:03 --------- d--h--w c:\users\co\AppData\Roaming\ijjigame
2009-02-23 10:15 --------- d--h--w c:\users\eric\AppData\Roaming\ijjigame
2009-02-20 18:10 --------- d-----w c:\users\eric\AppData\Roaming\dvdcss
2009-02-17 16:29 --------- d-----w c:\program files\Google
2009-02-15 15:20 --------- d-----w c:\program files\uTorrent
2009-02-10 19:24 --------- d-----w c:\programdata\Roxio
2009-02-08 17:45 --------- d-----w c:\program files\RocketDock
2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 49,504 ----a-w c:\windows\System32\sirenacm.dll
2009-02-05 16:45 --------- d-----w c:\program files\Windows Live Toolbar
2009-02-05 16:44 --------- d-----w c:\program files\Microsoft Sync Framework
2009-02-05 16:43 --------- d-----w c:\program files\Microsoft
2009-02-05 16:42 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-05 16:35 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-13 17:35 116 ----a-w c:\users\eric\AppData\Roaming\wklnhst.dat
2009-01-05 22:33 3,751,995 ----a-w c:\windows\System32\GPhotos.scr
2008-05-18 10:26 1,394 ----a-w c:\users\co\AppData\Roaming\wklnhst.dat
2007-11-25 15:15 208 ----a-w c:\users\val\AppData\Roaming\wklnhst.dat
2007-10-07 11:22 780 ----a-w c:\users\do\AppData\Roaming\wklnhst.dat
2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2007-02-28 16:45 22 --sha-w c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136]
c:\users\eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Pense-bˆte.lnk - c:\windows\System32\StikyNot.exe [2006-11-02 289280]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Icatch(VI) SnapDetect.lnk - c:\windows\twain_32\ca561a\SnapDetect.exe [2007-07-01 65536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{476CB903-C18C-4B59-AF0D-2A8D5758B342}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{49F56069-E6A2-414E-AB90-6DC1F8057A3D}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{39E4179A-A3B1-4BBB-924C-06D296DA5D16}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{AE1F472A-81F8-41AE-9929-EA8AE3A17607}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{E230A820-65E3-429D-8EFE-EED0CAC2A01E}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{CA7AAC92-AB5D-4F04-B648-39EB36A62150}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{85AC98B0-DBA3-45AC-B301-F6F72B3A5B07}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{81D2422E-034E-4D88-8194-3C10B46E2E42}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{98F7C664-E88A-4E5F-852D-540355961A33}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{7E566B75-9875-4AD0-9678-6E9FBCC190C2}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{E9986936-5E75-4EE1-9280-DE030C557AEB}c:\\program files\\its label\\itstv\\itstv.exe"= UDP:c:\program files\its label\itstv\itstv.exe:Application MFC ITSWebTV
"UDP Query User{760D21A4-B236-42E2-82A6-37E43D5FE6AA}c:\\program files\\its label\\itstv\\itstv.exe"= TCP:c:\program files\its label\itstv\itstv.exe:Application MFC ITSWebTV
"TCP Query User{C241D183-851C-4FAD-940E-A32ABF6C22A8}c:\\program files\\citron\\vp-hotline\\cphone.exe"= UDP:c:\program files\citron\vp-hotline\cphone.exe:Cphone12
"UDP Query User{CDFD47B1-C466-4FE8-8DC8-E44909F503E0}c:\\program files\\citron\\vp-hotline\\cphone.exe"= TCP:c:\program files\citron\vp-hotline\cphone.exe:Cphone12
"{8B9C6BB5-AE83-4AAD-BA17-83B661A0DB43}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{CF7F7FFE-C759-41F2-B107-3A5C58D8FE18}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{D0D19FDC-3087-47CB-BAEE-2470ED302413}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{CDAC3F2D-BD57-451D-8B87-BBCC9A831B6D}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{5ECEC0F7-0D1F-4263-BB80-26AD9FC62EB1}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{DB2C2747-0EBB-415D-97D3-5F9F4CB17AE3}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{891CBDBE-867B-4CCF-9E59-AE12D9609FB5}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{D4C59263-D0F5-44C7-B22A-117555F5E95E}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"TCP Query User{D70709C2-1848-4665-9784-25D558063E7B}c:\\program files\\maxis\\simcity 3000 world edition\\apps\\updater\\updater.exe"= UDP:c:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe:SC3UpdaterMFC
"UDP Query User{18CDCC89-AA64-47B3-A3EC-5D768D6E6055}c:\\program files\\maxis\\simcity 3000 world edition\\apps\\updater\\updater.exe"= TCP:c:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe:SC3UpdaterMFC
"TCP Query User{CC3946BF-571D-4861-AD80-6760804CABE5}c:\\ijji\\english\\gunz\\gunz.exe"= UDP:c:\ijji\english\gunz\gunz.exe:Gunz
"UDP Query User{DD94328D-14AD-4F5C-AAFD-23B56DF372D2}c:\\ijji\\english\\gunz\\gunz.exe"= TCP:c:\ijji\english\gunz\gunz.exe:Gunz
"TCP Query User{ED4F2E63-9ECB-4EC1-8FA8-E764A8D41404}c:\\ijji\\english\\u_goonzu.exe"= UDP:c:\ijji\english\u_goonzu.exe:<ijji Downloader>
"UDP Query User{FE225D0F-1B4A-4439-86C2-29461E5D74E5}c:\\ijji\\english\\u_goonzu.exe"= TCP:c:\ijji\english\u_goonzu.exe:<ijji Downloader>
"TCP Query User{D124E0FA-1876-4675-9C80-E9B2D37D6BEB}c:\\ijji\\english\\u_sf\\soldierfront.exe"= UDP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront
"UDP Query User{9C3F51EE-CA8F-4ABA-A91E-03C35E6BB7BD}c:\\ijji\\english\\u_sf\\soldierfront.exe"= TCP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront
"{1DE105AD-788B-4672-A193-F75AC1A735CC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{FD9E7472-C6AC-47CD-A1C3-6ED17612E7FB}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{10CDA53F-DCCA-4D0B-9685-06A16897B10A}c:\\program files\\webmediaplayer\\webmediaplayer.exe"= UDP:c:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
"UDP Query User{83621791-EB46-473A-BE79-FE3D3F57AF75}c:\\program files\\webmediaplayer\\webmediaplayer.exe"= TCP:c:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
"TCP Query User{1D3A32D4-8E9B-4B78-A04A-7BBBD27B8D80}c:\\ijji\\english\\u_gunz.exe"= UDP:c:\ijji\english\u_gunz.exe:<ijji Downloader>
"UDP Query User{A3767868-83BA-4B1B-86A6-C10879FD8DAF}c:\\ijji\\english\\u_gunz.exe"= TCP:c:\ijji\english\u_gunz.exe:<ijji Downloader>
"TCP Query User{D1696716-2A1D-41F7-A73F-9C0FD128DA9B}c:\\ijji\\english\\u_skid.exe"= UDP:c:\ijji\english\u_skid.exe:<ijji Downloader>
"UDP Query User{3383C6D1-8F02-4618-86B1-44B4422CAFB7}c:\\ijji\\english\\u_skid.exe"= TCP:c:\ijji\english\u_skid.exe:<ijji Downloader>
"TCP Query User{67AF71EC-C5C3-4FFB-A758-DA0A40DA9168}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:Starcraft
"UDP Query User{F040F4AC-C464-469C-9AD0-29EE685D4F77}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:Starcraft
"TCP Query User{2BF5B8BB-A40D-4B35-8460-353355E8DB02}c:\\ijji\\english\\u_sf.exe"= UDP:c:\ijji\english\u_sf.exe:<ijji Downloader>
"UDP Query User{F36EB48C-5C6A-41C1-8E07-264F0D9D15FD}c:\\ijji\\english\\u_sf.exe"= TCP:c:\ijji\english\u_sf.exe:<ijji Downloader>
"TCP Query User{7A9794C7-A850-4E78-8B74-A422F808FF4B}c:\\program files\\ea games\\medal of honor batailles du pacifique(tm)\\mohpa.exe"= UDP:c:\program files\ea games\medal of honor batailles du pacifique(tm)\mohpa.exe:Medal of Honor Pacific Assault(tm)
"UDP Query User{D0BFF05F-A127-49DC-A060-C1AE9ED55361}c:\\program files\\ea games\\medal of honor batailles du pacifique(tm)\\mohpa.exe"= TCP:c:\program files\ea games\medal of honor batailles du pacifique(tm)\mohpa.exe:Medal of Honor Pacific Assault(tm)
"TCP Query User{A5DA290E-AC57-4D14-9BA3-B5ADDB6BB7AA}c:\\users\\co\\appdata\\local\\temp\\low\\plauncher.exe"= UDP:c:\users\co\appdata\local\temp\low\plauncher.exe:plauncher.exe
"UDP Query User{53D1D852-853D-436E-8038-0532D27B52F1}c:\\users\\co\\appdata\\local\\temp\\low\\plauncher.exe"= TCP:c:\users\co\appdata\local\temp\low\plauncher.exe:plauncher.exe
"{C17C305E-2455-4FB2-92EF-8DC9EB2DF895}"= UDP:c:\users\eric\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"{811E4352-D98A-414F-A948-E2EE1A0E5BD9}"= TCP:c:\users\eric\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"{1526391F-D793-441F-B231-CD1E8F560161}"= UDP:c:\users\val\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"{179761AF-8AB9-4BF9-80C8-C9D0879512A7}"= TCP:c:\users\val\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"{202CDF54-2C6C-46CB-ADB4-66939592E810}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{6152BB76-8249-42B9-B07A-F4491791AAD8}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{EF528087-8789-4D9D-9BB4-AA4A818FA85D}c:\\ijji\\english\\ijjipurpleoutbound.exe"= UDP:c:\ijji\english\ijjipurpleoutbound.exe:ijjiPurpleOutBound Application
"UDP Query User{5CFFF108-0048-4D13-BCC0-C3EF08008B25}c:\\ijji\\english\\ijjipurpleoutbound.exe"= TCP:c:\ijji\english\ijjipurpleoutbound.exe:ijjiPurpleOutBound Application
"{1799050F-71C1-43AF-9CFC-B39E9C038B7B}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{52FE34FC-0D41-4C6E-883E-81C81CCD7E76}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{522BAA26-E221-4E8A-BF7F-8507126A892B}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{8F26AE78-4258-4DB5-A5FC-351C0BFD25B3}"= UDP:c:\users\eric\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{1EB96DED-B06E-4713-842B-382B1AFC48FF}"= TCP:c:\users\eric\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 PAC207;SoC PC-Camera;c:\windows\System32\drivers\PFC027.SYS [2006-12-05 507136]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [2006-05-10 29696]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-02-25 55280]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39f74b70-de10-11db-9d6b-0018f3e79de2}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe winrun.vbs
.
Contenu du dossier 'Tâches planifiées'
2009-03-12 c:\windows\Tasks\User_Feed_Synchronization-{922170D3-9FC7-4D22-A8F4-D04A05F4C3E8}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]
2009-03-12 c:\windows\Tasks\User_Feed_Synchronization-{B5A542B7-B5D2-4686-A6B7-2118BD633F89}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]
2009-03-12 c:\windows\Tasks\User_Feed_Synchronization-{FD82AE3B-CD6B-4457-A5BC-D1BBA55C78E2}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]
.
.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c(...)
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Personnaliser - d:\progam files\promtie4\options.htm
IE: Rechercher sur Internet - d:\progam files\promtie4\search.htm
IE: Traduire - d:\progam files\promtie4\translat.htm
IE: Traduire dans WebView - d:\progam files\promtie4\webview.htm
IE: Traduire la page - d:\progam files\promtie4\page.htm
FF - ProfilePath - c:\users\eric\AppData\Roaming\Mozilla\Firefox\Profiles\zxn5jd1y.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-12 18:56:30
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\users\eric\AppData\Local\Temp\catchme.dll 53248 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
Heure de fin: 2009-03-12 18:58:56
ComboFix-quarantined-files.txt 2009-03-12 17:58:54
Avant-CF: 192 598 523 904 octets libres
Après-CF: 192,677,257,216 octets libres
219 --- E O F --- 2009-03-12 12:18:37
smugles
le 12 mars 2009 à 19h11
rapport HiJackThis généré avant le scan de Kapersky (j'ai brulé une étape...)
j'en referai un après le scan
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:01, on 12/03/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\twain_32\ca561a\SnapDetect.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Orange\GLOBAL\Mnu\IGOMNU.EXE
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c(...)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Pense-bête.lnk = C:\Windows\System32\StikyNot.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = C:\Windows\twain_32\ca561a\SnapDetect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Personnaliser - d:\Progam Files\promtie4\options.htm
O8 - Extra context menu item: Rechercher sur Internet - d:\Progam Files\promtie4\search.htm
O8 - Extra context menu item: Traduire - d:\Progam Files\promtie4\translat.htm
O8 - Extra context menu item: Traduire dans WebView - d:\Progam Files\promtie4\webview.htm
O8 - Extra context menu item: Traduire la page - d:\Progam Files\promtie4\page.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 8280 bytes
j'en referai un après le scan
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:01, on 12/03/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\twain_32\ca561a\SnapDetect.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Orange\GLOBAL\Mnu\IGOMNU.EXE
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c(...)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Pense-bête.lnk = C:\Windows\System32\StikyNot.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = C:\Windows\twain_32\ca561a\SnapDetect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Personnaliser - d:\Progam Files\promtie4\options.htm
O8 - Extra context menu item: Rechercher sur Internet - d:\Progam Files\promtie4\search.htm
O8 - Extra context menu item: Traduire - d:\Progam Files\promtie4\translat.htm
O8 - Extra context menu item: Traduire dans WebView - d:\Progam Files\promtie4\webview.htm
O8 - Extra context menu item: Traduire la page - d:\Progam Files\promtie4\page.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 8280 bytes
-->Message édité par smugles le 12/03/2009 19:32:51<--
Curson
le 12 mars 2009 à 20h05
Bonsoir,
Désactive tous tes logiciels de sécurité durant la procédure.
1) Télécharge CFScript et enregistre-le sur ton bureau.
- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
- Une fenêtre bleue va apparaître. Tape 1 si nécessaire.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.
- Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
2) Télécharge Flash_Disinfector (de sUBs) :
- Enregistre Flash_Disinfector.exe sur ton bureau.
- Double clique sur Flash_Disinfector.exe pour l'exécuter.
- Quand le message : [Plug in yours flash drive & clic Ok to begin disinfection] apparaitra, branche tous tes disques amovibles (HDD externes, clés USB, lecteurs MP3, etc.) sans les ouvrir.
- Puis clique sur OK.
- Les icônes sur le bureau vont disparaître jusqu'à l'apparition du message: [Done!!].
- Appuie ensuite sur OK, pour faire réapparaître le bureau.
3) Analyse ton système avec le Kaspersky Online Scanner. Tutorial.
Poste le résultat de l'analyse ici.
4) Poste un nouveau rapport HijackThis.
Comment se comporte le système ?
Cordialement.
Désactive tous tes logiciels de sécurité durant la procédure.
1) Télécharge CFScript et enregistre-le sur ton bureau.
- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
- Une fenêtre bleue va apparaître. Tape 1 si nécessaire.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.
- Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
2) Télécharge Flash_Disinfector (de sUBs) :
- Enregistre Flash_Disinfector.exe sur ton bureau.
- Double clique sur Flash_Disinfector.exe pour l'exécuter.
- Quand le message : [Plug in yours flash drive & clic Ok to begin disinfection] apparaitra, branche tous tes disques amovibles (HDD externes, clés USB, lecteurs MP3, etc.) sans les ouvrir.
- Puis clique sur OK.
- Les icônes sur le bureau vont disparaître jusqu'à l'apparition du message: [Done!!].
- Appuie ensuite sur OK, pour faire réapparaître le bureau.
3) Analyse ton système avec le Kaspersky Online Scanner. Tutorial.
Poste le résultat de l'analyse ici.
4) Poste un nouveau rapport HijackThis.
Comment se comporte le système ?
Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
Si votre sujet reste sans réponse, merci de le signaler ici.
smugles
le 13 mars 2009 à 13h02
re,rapport généré kapersky
J'AI UN DISQUE DUR EXTERNE que j'ai oublié de brancher... comment faire ?
MERCI.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, March 13, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, March 13, 2009 05:06:56
Records in database: 1894479
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
B:\
C:\
D:\
E:\
F:\
H:\
I:\
J:\
Scan statistics:
Files scanned: 170899
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 02:18:19
File name / Threat name / Threats count
C:\Windows\System32\MetaMu\3DCamer.dll Infected: Backdoor.Win32.PowerSpider.bt 1
C:\Windows\System32\Patch\3DCamer.dll Infected: Backdoor.Win32.PowerSpider.bt 1
The selected area was scanned.
smugles
le 13 mars 2009 à 13h04
rapport HiJackThis généré
acec disque dur externe (il là pris en compte ou pas ?
merci.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:02:07, on 13/03/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\twain_32\ca561a\SnapDetect.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c(...)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Pense-bête.lnk = C:\Windows\System32\StikyNot.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = C:\Windows\twain_32\ca561a\SnapDetect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Personnaliser - d:\Progam Files\promtie4\options.htm
O8 - Extra context menu item: Rechercher sur Internet - d:\Progam Files\promtie4\search.htm
O8 - Extra context menu item: Traduire - d:\Progam Files\promtie4\translat.htm
O8 - Extra context menu item: Traduire dans WebView - d:\Progam Files\promtie4\webview.htm
O8 - Extra context menu item: Traduire la page - d:\Progam Files\promtie4\page.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 8354 bytes
acec disque dur externe (il là pris en compte ou pas ?
merci.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:02:07, on 13/03/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\twain_32\ca561a\SnapDetect.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c(...)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Pense-bête.lnk = C:\Windows\System32\StikyNot.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = C:\Windows\twain_32\ca561a\SnapDetect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Personnaliser - d:\Progam Files\promtie4\options.htm
O8 - Extra context menu item: Rechercher sur Internet - d:\Progam Files\promtie4\search.htm
O8 - Extra context menu item: Traduire - d:\Progam Files\promtie4\translat.htm
O8 - Extra context menu item: Traduire dans WebView - d:\Progam Files\promtie4\webview.htm
O8 - Extra context menu item: Traduire la page - d:\Progam Files\promtie4\page.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 8354 bytes
Curson
le 13 mars 2009 à 13h37
Bonjour,
Désactive tous tes logiciels de sécurité durant la procédure.
1) Supprime les dossiers ci-dessous :
C:\Windows\System32\MetaMu
C:\Windows\System32\Patch
2) Télécharge CFScript et enregistre-le sur ton bureau.
- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
- Une fenêtre bleue va apparaître. Tape 1 si nécessaire.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.
- Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
3) Télécharge Flash_Disinfector (de sUBs) :
- Enregistre Flash_Disinfector.exe sur ton bureau.
- Double clique sur Flash_Disinfector.exe pour l'exécuter.
- Quand le message : [Plug in yours flash drive & clic Ok to begin disinfection] apparaitra, branche tous tes disques amovibles (HDD externes, clés USB, lecteurs MP3, etc.) sans les ouvrir.
- Puis clique sur OK.
- Les icônes sur le bureau vont disparaître jusqu'à l'apparition du message: [Done!!].
- Appuie ensuite sur OK, pour faire réapparaître le bureau.
4) Poste un nouveau rapport HijackThis.
Comment se comporte le système ?
Cordialement.
Désactive tous tes logiciels de sécurité durant la procédure.
1) Supprime les dossiers ci-dessous :
C:\Windows\System32\MetaMu
C:\Windows\System32\Patch
2) Télécharge CFScript et enregistre-le sur ton bureau.
- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
- Une fenêtre bleue va apparaître. Tape 1 si nécessaire.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.
- Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
3) Télécharge Flash_Disinfector (de sUBs) :
- Enregistre Flash_Disinfector.exe sur ton bureau.
- Double clique sur Flash_Disinfector.exe pour l'exécuter.
- Quand le message : [Plug in yours flash drive & clic Ok to begin disinfection] apparaitra, branche tous tes disques amovibles (HDD externes, clés USB, lecteurs MP3, etc.) sans les ouvrir.
- Puis clique sur OK.
- Les icônes sur le bureau vont disparaître jusqu'à l'apparition du message: [Done!!].
- Appuie ensuite sur OK, pour faire réapparaître le bureau.
4) Poste un nouveau rapport HijackThis.
Comment se comporte le système ?
Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
Si votre sujet reste sans réponse, merci de le signaler ici.
smugles
le 13 mars 2009 à 15h14
Flash_Disinfector (de sUBs) : ne se lance pas ...même en tant qu'exécuter en tant qu'administrateur.
puis 2 rapports suivent :
rapport généré:
ComboFix 09-03-10.03 - eric 2009-03-13 15:49:38.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1022.461 [GMT 1:00]
Lancé depuis: c:\users\eric\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\eric\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
FILE ::
C:\PA207.DAT
c:\users\do\AppData\Roaming\wklnhst.dat
c:\users\eric\AppData\Roaming\wklnhst.dat
c:\users\eric\Desktop\Torrentz.URL
c:\users\val\AppData\Roaming\wklnhst.dat
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-13 au 2009-03-13 ))))))))))))))))))))))))))))))))))))
.
2009-03-12 17:36 . 2009-03-12 17:36 <REP> d-------- C:\_OTMoveIt
2009-03-11 17:33 . 2009-03-11 17:33 <REP> d-------- c:\program files\Trend Micro
2009-03-07 11:23 . 2009-03-07 11:23 <REP> d-------- c:\windows\Sun
2009-03-01 14:34 . 2009-03-13 11:08 <REP> d-------- c:\users\co\Tracing
2009-02-25 20:54 . 2009-02-25 20:54 <REP> d----c--- c:\windows\System32\DRVSTORE
2009-02-25 20:54 . 2009-02-25 20:54 <REP> d-------- c:\program files\Microsoft Silverlight
2009-02-25 20:54 . 2009-02-06 18:08 55,280 --a------ c:\windows\System32\drivers\fssfltr.sys
2009-02-25 20:52 . 2009-02-25 20:52 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-25 20:52 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll
2009-02-22 21:55 . 2009-02-22 21:55 <REP> d-------- c:\users\All Users\Avira
2009-02-22 21:55 . 2009-02-22 21:55 <REP> d-------- c:\programdata\Avira
2009-02-22 21:55 . 2009-02-22 21:55 <REP> d-------- c:\program files\Avira
2009-02-22 21:24 . 2009-02-24 21:13 <REP> d-------- c:\program files\Ad-remover
2009-02-22 17:10 . 2009-02-22 17:10 <REP> d-------- c:\users\eric\AppData\Roaming\Malwarebytes
2009-02-22 17:10 . 2009-02-22 17:10 <REP> d-------- c:\users\All Users\Malwarebytes
2009-02-22 17:10 . 2009-02-22 17:10 <REP> d-------- c:\programdata\Malwarebytes
2009-02-22 17:10 . 2009-02-22 17:10 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-22 17:10 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-22 17:10 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-17 17:29 . 2009-02-17 17:30 <REP> d-------- c:\program files\Common Files\PX Storage Engine
2009-02-14 19:25 . 2009-02-14 19:25 <REP> d-------- c:\windows\System32\URTTEMP
2009-02-13 14:41 . 2009-03-09 17:13 <REP> d-------- c:\users\do\Tracing
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-13 13:39 --------- d-----w c:\program files\Microsoft
2009-03-12 16:09 --------- d-----w c:\users\eric\AppData\Roaming\uTorrent
2009-03-10 17:38 --------- d-----w c:\users\eric\AppData\Roaming\LimeWire
2009-02-28 15:45 --------- d-----w c:\users\do\AppData\Roaming\LimeWire
2009-02-26 16:42 --------- d-----w c:\users\cam\AppData\Roaming\LimeWire
2009-02-25 19:54 --------- d-----w c:\program files\Windows Live
2009-02-24 11:03 --------- d--h--w c:\users\co\AppData\Roaming\ijjigame
2009-02-23 10:15 --------- d--h--w c:\users\eric\AppData\Roaming\ijjigame
2009-02-20 18:10 --------- d-----w c:\users\eric\AppData\Roaming\dvdcss
2009-02-17 16:29 --------- d-----w c:\program files\Google
2009-02-15 15:20 --------- d-----w c:\program files\uTorrent
2009-02-10 19:24 --------- d-----w c:\programdata\Roxio
2009-02-08 17:45 --------- d-----w c:\program files\RocketDock
2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-05 16:45 --------- d-----w c:\program files\Windows Live Toolbar
2009-02-05 16:44 --------- d-----w c:\program files\Microsoft Sync Framework
2009-02-05 16:42 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-05 16:35 --------- d-----w c:\program files\Common Files\Windows Live
2008-05-18 10:26 1,394 ----a-w c:\users\co\AppData\Roaming\wklnhst.dat
2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2007-02-28 16:45 22 --sha-w c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-03-12_18.57.31,96 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-03-12 16:32:50 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-13 14:56:21 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-03-12 16:32:50 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-03-13 14:56:21 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-03-12 16:34:33 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-13 15:01:47 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-13 15:01:47 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-03-12 16:34:27 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-13 15:01:47 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-13 15:01:47 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-03-12 17:05:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-13 13:48:46 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-12 17:05:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-13 13:48:46 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-12 17:05:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-13 13:48:46 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-12 16:34:44 11,368 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-686098206-3516960793-3859295123-1001_UserData.bin
+ 2009-03-13 15:03:13 11,646 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-686098206-3516960793-3859295123-1001_UserData.bin
- 2009-03-12 16:34:44 67,606 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-13 15:03:05 67,724 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-03-12 16:34:42 49,188 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-03-13 15:03:00 49,458 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136]
c:\users\eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Pense-bˆte.lnk - c:\windows\System32\StikyNot.exe [2006-11-02 289280]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Icatch(VI) SnapDetect.lnk - c:\windows\twain_32\ca561a\SnapDetect.exe [2007-07-01 65536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{476CB903-C18C-4B59-AF0D-2A8D5758B342}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{49F56069-E6A2-414E-AB90-6DC1F8057A3D}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{39E4179A-A3B1-4BBB-924C-06D296DA5D16}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{AE1F472A-81F8-41AE-9929-EA8AE3A17607}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{E230A820-65E3-429D-8EFE-EED0CAC2A01E}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{CA7AAC92-AB5D-4F04-B648-39EB36A62150}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{85AC98B0-DBA3-45AC-B301-F6F72B3A5B07}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{81D2422E-034E-4D88-8194-3C10B46E2E42}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{98F7C664-E88A-4E5F-852D-540355961A33}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{7E566B75-9875-4AD0-9678-6E9FBCC190C2}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{E9986936-5E75-4EE1-9280-DE030C557AEB}c:\\program files\\its label\\itstv\\itstv.exe"= UDP:c:\program files\its label\itstv\itstv.exe:Application MFC ITSWebTV
"UDP Query User{760D21A4-B236-42E2-82A6-37E43D5FE6AA}c:\\program files\\its label\\itstv\\itstv.exe"= TCP:c:\program files\its label\itstv\itstv.exe:Application MFC ITSWebTV
"TCP Query User{C241D183-851C-4FAD-940E-A32ABF6C22A8}c:\\program files\\citron\\vp-hotline\\cphone.exe"= UDP:c:\program files\citron\vp-hotline\cphone.exe:Cphone12
"UDP Query User{CDFD47B1-C466-4FE8-8DC8-E44909F503E0}c:\\program files\\citron\\vp-hotline\\cphone.exe"= TCP:c:\program files\citron\vp-hotline\cphone.exe:Cphone12
"{8B9C6BB5-AE83-4AAD-BA17-83B661A0DB43}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{CF7F7FFE-C759-41F2-B107-3A5C58D8FE18}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{D0D19FDC-3087-47CB-BAEE-2470ED302413}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{CDAC3F2D-BD57-451D-8B87-BBCC9A831B6D}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{5ECEC0F7-0D1F-4263-BB80-26AD9FC62EB1}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{DB2C2747-0EBB-415D-97D3-5F9F4CB17AE3}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{891CBDBE-867B-4CCF-9E59-AE12D9609FB5}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{D4C59263-D0F5-44C7-B22A-117555F5E95E}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"TCP Query User{D70709C2-1848-4665-9784-25D558063E7B}c:\\program files\\maxis\\simcity 3000 world edition\\apps\\updater\\updater.exe"= UDP:c:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe:SC3UpdaterMFC
"UDP Query User{18CDCC89-AA64-47B3-A3EC-5D768D6E6055}c:\\program files\\maxis\\simcity 3000 world edition\\apps\\updater\\updater.exe"= TCP:c:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe:SC3UpdaterMFC
"TCP Query User{CC3946BF-571D-4861-AD80-6760804CABE5}c:\\ijji\\english\\gunz\\gunz.exe"= UDP:c:\ijji\english\gunz\gunz.exe:Gunz
"UDP Query User{DD94328D-14AD-4F5C-AAFD-23B56DF372D2}c:\\ijji\\english\\gunz\\gunz.exe"= TCP:c:\ijji\english\gunz\gunz.exe:Gunz
"TCP Query User{ED4F2E63-9ECB-4EC1-8FA8-E764A8D41404}c:\\ijji\\english\\u_goonzu.exe"= UDP:c:\ijji\english\u_goonzu.exe:<ijji Downloader>
"UDP Query User{FE225D0F-1B4A-4439-86C2-29461E5D74E5}c:\\ijji\\english\\u_goonzu.exe"= TCP:c:\ijji\english\u_goonzu.exe:<ijji Downloader>
"TCP Query User{D124E0FA-1876-4675-9C80-E9B2D37D6BEB}c:\\ijji\\english\\u_sf\\soldierfront.exe"= UDP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront
"UDP Query User{9C3F51EE-CA8F-4ABA-A91E-03C35E6BB7BD}c:\\ijji\\english\\u_sf\\soldierfront.exe"= TCP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront
"{1DE105AD-788B-4672-A193-F75AC1A735CC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{FD9E7472-C6AC-47CD-A1C3-6ED17612E7FB}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{10CDA53F-DCCA-4D0B-9685-06A16897B10A}c:\\program files\\webmediaplayer\\webmediaplayer.exe"= UDP:c:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
"UDP Query User{83621791-EB46-473A-BE79-FE3D3F57AF75}c:\\program files\\webmediaplayer\\webmediaplayer.exe"= TCP:c:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
"TCP Query User{1D3A32D4-8E9B-4B78-A04A-7BBBD27B8D80}c:\\ijji\\english\\u_gunz.exe"= UDP:c:\ijji\english\u_gunz.exe:<ijji Downloader>
"UDP Query User{A3767868-83BA-4B1B-86A6-C10879FD8DAF}c:\\ijji\\english\\u_gunz.exe"= TCP:c:\ijji\english\u_gunz.exe:<ijji Downloader>
"TCP Query User{D1696716-2A1D-41F7-A73F-9C0FD128DA9B}c:\\ijji\\english\\u_skid.exe"= UDP:c:\ijji\english\u_skid.exe:<ijji Downloader>
"UDP Query User{3383C6D1-8F02-4618-86B1-44B4422CAFB7}c:\\ijji\\english\\u_skid.exe"= TCP:c:\ijji\english\u_skid.exe:<ijji Downloader>
"TCP Query User{67AF71EC-C5C3-4FFB-A758-DA0A40DA9168}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:Starcraft
"UDP Query User{F040F4AC-C464-469C-9AD0-29EE685D4F77}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:Starcraft
"TCP Query User{2BF5B8BB-A40D-4B35-8460-353355E8DB02}c:\\ijji\\english\\u_sf.exe"= UDP:c:\ijji\english\u_sf.exe:<ijji Downloader>
"UDP Query User{F36EB48C-5C6A-41C1-8E07-264F0D9D15FD}c:\\ijji\\english\\u_sf.exe"= TCP:c:\ijji\english\u_sf.exe:<ijji Downloader>
"TCP Query User{7A9794C7-A850-4E78-8B74-A422F808FF4B}c:\\program files\\ea games\\medal of honor batailles du pacifique(tm)\\mohpa.exe"= UDP:c:\program files\ea games\medal of honor batailles du pacifique(tm)\mohpa.exe:Medal of Honor Pacific Assault(tm)
"UDP Query User{D0BFF05F-A127-49DC-A060-C1AE9ED55361}c:\\program files\\ea games\\medal of honor batailles du pacifique(tm)\\mohpa.exe"= TCP:c:\program files\ea games\medal of honor batailles du pacifique(tm)\mohpa.exe:Medal of Honor Pacific Assault(tm)
"TCP Query User{A5DA290E-AC57-4D14-9BA3-B5ADDB6BB7AA}c:\\users\\co\\appdata\\local\\temp\\low\\plauncher.exe"= UDP:c:\users\co\appdata\local\temp\low\plauncher.exe:plauncher.exe
"UDP Query User{53D1D852-853D-436E-8038-0532D27B52F1}c:\\users\\co\\appdata\\local\\temp\\low\\plauncher.exe"= TCP:c:\users\co\appdata\local\temp\low\plauncher.exe:plauncher.exe
"{C17C305E-2455-4FB2-92EF-8DC9EB2DF895}"= UDP:c:\users\eric\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"{811E4352-D98A-414F-A948-E2EE1A0E5BD9}"= TCP:c:\users\eric\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"{1526391F-D793-441F-B231-CD1E8F560161}"= UDP:c:\users\val\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"{179761AF-8AB9-4BF9-80C8-C9D0879512A7}"= TCP:c:\users\val\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"{202CDF54-2C6C-46CB-ADB4-66939592E810}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{6152BB76-8249-42B9-B07A-F4491791AAD8}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{EF528087-8789-4D9D-9BB4-AA4A818FA85D}c:\\ijji\\english\\ijjipurpleoutbound.exe"= UDP:c:\ijji\english\ijjipurpleoutbound.exe:ijjiPurpleOutBound Application
"UDP Query User{5CFFF108-0048-4D13-BCC0-C3EF08008B25}c:\\ijji\\english\\ijjipurpleoutbound.exe"= TCP:c:\ijji\english\ijjipurpleoutbound.exe:ijjiPurpleOutBound Application
"{1799050F-71C1-43AF-9CFC-B39E9C038B7B}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{52FE34FC-0D41-4C6E-883E-81C81CCD7E76}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{522BAA26-E221-4E8A-BF7F-8507126A892B}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{8F26AE78-4258-4DB5-A5FC-351C0BFD25B3}"= UDP:c:\users\eric\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{1EB96DED-B06E-4713-842B-382B1AFC48FF}"= TCP:c:\users\eric\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R3 PAC207;SoC PC-Camera;c:\windows\System32\drivers\PFC027.SYS [2006-12-05 507136]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [2006-05-10 29696]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-02-25 55280]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
2009-03-13 c:\windows\Tasks\User_Feed_Synchronization-{922170D3-9FC7-4D22-A8F4-D04A05F4C3E8}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]
2009-03-13 c:\windows\Tasks\User_Feed_Synchronization-{B5A542B7-B5D2-4686-A6B7-2118BD633F89}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]
2009-03-13 c:\windows\Tasks\User_Feed_Synchronization-{FD82AE3B-CD6B-4457-A5BC-D1BBA55C78E2}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]
.
.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c(...)
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Personnaliser - d:\progam files\promtie4\options.htm
IE: Rechercher sur Internet - d:\progam files\promtie4\search.htm
IE: Traduire - d:\progam files\promtie4\translat.htm
IE: Traduire dans WebView - d:\progam files\promtie4\webview.htm
IE: Traduire la page - d:\progam files\promtie4\page.htm
FF - ProfilePath - c:\users\eric\AppData\Roaming\Mozilla\Firefox\Profiles\zxn5jd1y.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-13 16:02:46
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\dllhost.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
.
**************************************************************************
.
Heure de fin: 2009-03-13 16:07:11 - La machine a redémarré [eric]
ComboFix-quarantined-files.txt 2009-03-13 15:07:04
ComboFix2.txt 2009-03-13 13:54:39
ComboFix3.txt 2009-03-12 17:58:57
Avant-CF: 190 224 584 704 octets libres
Après-CF: 190,399,275,008 octets libres
252 --- E O F --- 2009-03-12 12:18:37
________________________________________________________________________________
rapport HiJackyhis généré :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:59, on 13/03/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\twain_32\ca561a\SnapDetect.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c(...)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Pense-bête.lnk = C:\Windows\System32\StikyNot.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = C:\Windows\twain_32\ca561a\SnapDetect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Personnaliser - d:\Progam Files\promtie4\options.htm
O8 - Extra context menu item: Rechercher sur Internet - d:\Progam Files\promtie4\search.htm
O8 - Extra context menu item: Traduire - d:\Progam Files\promtie4\translat.htm
O8 - Extra context menu item: Traduire dans WebView - d:\Progam Files\promtie4\webview.htm
O8 - Extra context menu item: Traduire la page - d:\Progam Files\promtie4\page.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 8131 bytes
puis 2 rapports suivent :
rapport généré:
ComboFix 09-03-10.03 - eric 2009-03-13 15:49:38.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1022.461 [GMT 1:00]
Lancé depuis: c:\users\eric\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\eric\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
FILE ::
C:\PA207.DAT
c:\users\do\AppData\Roaming\wklnhst.dat
c:\users\eric\AppData\Roaming\wklnhst.dat
c:\users\eric\Desktop\Torrentz.URL
c:\users\val\AppData\Roaming\wklnhst.dat
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-13 au 2009-03-13 ))))))))))))))))))))))))))))))))))))
.
2009-03-12 17:36 . 2009-03-12 17:36 <REP> d-------- C:\_OTMoveIt
2009-03-11 17:33 . 2009-03-11 17:33 <REP> d-------- c:\program files\Trend Micro
2009-03-07 11:23 . 2009-03-07 11:23 <REP> d-------- c:\windows\Sun
2009-03-01 14:34 . 2009-03-13 11:08 <REP> d-------- c:\users\co\Tracing
2009-02-25 20:54 . 2009-02-25 20:54 <REP> d----c--- c:\windows\System32\DRVSTORE
2009-02-25 20:54 . 2009-02-25 20:54 <REP> d-------- c:\program files\Microsoft Silverlight
2009-02-25 20:54 . 2009-02-06 18:08 55,280 --a------ c:\windows\System32\drivers\fssfltr.sys
2009-02-25 20:52 . 2009-02-25 20:52 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-25 20:52 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll
2009-02-22 21:55 . 2009-02-22 21:55 <REP> d-------- c:\users\All Users\Avira
2009-02-22 21:55 . 2009-02-22 21:55 <REP> d-------- c:\programdata\Avira
2009-02-22 21:55 . 2009-02-22 21:55 <REP> d-------- c:\program files\Avira
2009-02-22 21:24 . 2009-02-24 21:13 <REP> d-------- c:\program files\Ad-remover
2009-02-22 17:10 . 2009-02-22 17:10 <REP> d-------- c:\users\eric\AppData\Roaming\Malwarebytes
2009-02-22 17:10 . 2009-02-22 17:10 <REP> d-------- c:\users\All Users\Malwarebytes
2009-02-22 17:10 . 2009-02-22 17:10 <REP> d-------- c:\programdata\Malwarebytes
2009-02-22 17:10 . 2009-02-22 17:10 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-22 17:10 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-22 17:10 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-17 17:29 . 2009-02-17 17:30 <REP> d-------- c:\program files\Common Files\PX Storage Engine
2009-02-14 19:25 . 2009-02-14 19:25 <REP> d-------- c:\windows\System32\URTTEMP
2009-02-13 14:41 . 2009-03-09 17:13 <REP> d-------- c:\users\do\Tracing
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-13 13:39 --------- d-----w c:\program files\Microsoft
2009-03-12 16:09 --------- d-----w c:\users\eric\AppData\Roaming\uTorrent
2009-03-10 17:38 --------- d-----w c:\users\eric\AppData\Roaming\LimeWire
2009-02-28 15:45 --------- d-----w c:\users\do\AppData\Roaming\LimeWire
2009-02-26 16:42 --------- d-----w c:\users\cam\AppData\Roaming\LimeWire
2009-02-25 19:54 --------- d-----w c:\program files\Windows Live
2009-02-24 11:03 --------- d--h--w c:\users\co\AppData\Roaming\ijjigame
2009-02-23 10:15 --------- d--h--w c:\users\eric\AppData\Roaming\ijjigame
2009-02-20 18:10 --------- d-----w c:\users\eric\AppData\Roaming\dvdcss
2009-02-17 16:29 --------- d-----w c:\program files\Google
2009-02-15 15:20 --------- d-----w c:\program files\uTorrent
2009-02-10 19:24 --------- d-----w c:\programdata\Roxio
2009-02-08 17:45 --------- d-----w c:\program files\RocketDock
2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-05 16:45 --------- d-----w c:\program files\Windows Live Toolbar
2009-02-05 16:44 --------- d-----w c:\program files\Microsoft Sync Framework
2009-02-05 16:42 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-05 16:35 --------- d-----w c:\program files\Common Files\Windows Live
2008-05-18 10:26 1,394 ----a-w c:\users\co\AppData\Roaming\wklnhst.dat
2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2007-02-28 16:45 22 --sha-w c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-03-12_18.57.31,96 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-03-12 16:32:50 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-13 14:56:21 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-03-12 16:32:50 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-03-13 14:56:21 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-03-12 16:34:33 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-13 15:01:47 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-13 15:01:47 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-03-12 16:34:27 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-13 15:01:47 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-13 15:01:47 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-03-12 17:05:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-13 13:48:46 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-12 17:05:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-13 13:48:46 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-12 17:05:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-13 13:48:46 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-12 16:34:44 11,368 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-686098206-3516960793-3859295123-1001_UserData.bin
+ 2009-03-13 15:03:13 11,646 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-686098206-3516960793-3859295123-1001_UserData.bin
- 2009-03-12 16:34:44 67,606 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-13 15:03:05 67,724 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-03-12 16:34:42 49,188 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-03-13 15:03:00 49,458 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136]
c:\users\eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Pense-bˆte.lnk - c:\windows\System32\StikyNot.exe [2006-11-02 289280]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Icatch(VI) SnapDetect.lnk - c:\windows\twain_32\ca561a\SnapDetect.exe [2007-07-01 65536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{476CB903-C18C-4B59-AF0D-2A8D5758B342}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{49F56069-E6A2-414E-AB90-6DC1F8057A3D}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{39E4179A-A3B1-4BBB-924C-06D296DA5D16}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{AE1F472A-81F8-41AE-9929-EA8AE3A17607}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{E230A820-65E3-429D-8EFE-EED0CAC2A01E}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{CA7AAC92-AB5D-4F04-B648-39EB36A62150}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{85AC98B0-DBA3-45AC-B301-F6F72B3A5B07}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{81D2422E-034E-4D88-8194-3C10B46E2E42}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{98F7C664-E88A-4E5F-852D-540355961A33}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{7E566B75-9875-4AD0-9678-6E9FBCC190C2}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{E9986936-5E75-4EE1-9280-DE030C557AEB}c:\\program files\\its label\\itstv\\itstv.exe"= UDP:c:\program files\its label\itstv\itstv.exe:Application MFC ITSWebTV
"UDP Query User{760D21A4-B236-42E2-82A6-37E43D5FE6AA}c:\\program files\\its label\\itstv\\itstv.exe"= TCP:c:\program files\its label\itstv\itstv.exe:Application MFC ITSWebTV
"TCP Query User{C241D183-851C-4FAD-940E-A32ABF6C22A8}c:\\program files\\citron\\vp-hotline\\cphone.exe"= UDP:c:\program files\citron\vp-hotline\cphone.exe:Cphone12
"UDP Query User{CDFD47B1-C466-4FE8-8DC8-E44909F503E0}c:\\program files\\citron\\vp-hotline\\cphone.exe"= TCP:c:\program files\citron\vp-hotline\cphone.exe:Cphone12
"{8B9C6BB5-AE83-4AAD-BA17-83B661A0DB43}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{CF7F7FFE-C759-41F2-B107-3A5C58D8FE18}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{D0D19FDC-3087-47CB-BAEE-2470ED302413}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{CDAC3F2D-BD57-451D-8B87-BBCC9A831B6D}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{5ECEC0F7-0D1F-4263-BB80-26AD9FC62EB1}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{DB2C2747-0EBB-415D-97D3-5F9F4CB17AE3}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{891CBDBE-867B-4CCF-9E59-AE12D9609FB5}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{D4C59263-D0F5-44C7-B22A-117555F5E95E}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"TCP Query User{D70709C2-1848-4665-9784-25D558063E7B}c:\\program files\\maxis\\simcity 3000 world edition\\apps\\updater\\updater.exe"= UDP:c:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe:SC3UpdaterMFC
"UDP Query User{18CDCC89-AA64-47B3-A3EC-5D768D6E6055}c:\\program files\\maxis\\simcity 3000 world edition\\apps\\updater\\updater.exe"= TCP:c:\program files\maxis\simcity 3000 world edition\apps\updater\updater.exe:SC3UpdaterMFC
"TCP Query User{CC3946BF-571D-4861-AD80-6760804CABE5}c:\\ijji\\english\\gunz\\gunz.exe"= UDP:c:\ijji\english\gunz\gunz.exe:Gunz
"UDP Query User{DD94328D-14AD-4F5C-AAFD-23B56DF372D2}c:\\ijji\\english\\gunz\\gunz.exe"= TCP:c:\ijji\english\gunz\gunz.exe:Gunz
"TCP Query User{ED4F2E63-9ECB-4EC1-8FA8-E764A8D41404}c:\\ijji\\english\\u_goonzu.exe"= UDP:c:\ijji\english\u_goonzu.exe:<ijji Downloader>
"UDP Query User{FE225D0F-1B4A-4439-86C2-29461E5D74E5}c:\\ijji\\english\\u_goonzu.exe"= TCP:c:\ijji\english\u_goonzu.exe:<ijji Downloader>
"TCP Query User{D124E0FA-1876-4675-9C80-E9B2D37D6BEB}c:\\ijji\\english\\u_sf\\soldierfront.exe"= UDP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront
"UDP Query User{9C3F51EE-CA8F-4ABA-A91E-03C35E6BB7BD}c:\\ijji\\english\\u_sf\\soldierfront.exe"= TCP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront
"{1DE105AD-788B-4672-A193-F75AC1A735CC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{FD9E7472-C6AC-47CD-A1C3-6ED17612E7FB}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{10CDA53F-DCCA-4D0B-9685-06A16897B10A}c:\\program files\\webmediaplayer\\webmediaplayer.exe"= UDP:c:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
"UDP Query User{83621791-EB46-473A-BE79-FE3D3F57AF75}c:\\program files\\webmediaplayer\\webmediaplayer.exe"= TCP:c:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
"TCP Query User{1D3A32D4-8E9B-4B78-A04A-7BBBD27B8D80}c:\\ijji\\english\\u_gunz.exe"= UDP:c:\ijji\english\u_gunz.exe:<ijji Downloader>
"UDP Query User{A3767868-83BA-4B1B-86A6-C10879FD8DAF}c:\\ijji\\english\\u_gunz.exe"= TCP:c:\ijji\english\u_gunz.exe:<ijji Downloader>
"TCP Query User{D1696716-2A1D-41F7-A73F-9C0FD128DA9B}c:\\ijji\\english\\u_skid.exe"= UDP:c:\ijji\english\u_skid.exe:<ijji Downloader>
"UDP Query User{3383C6D1-8F02-4618-86B1-44B4422CAFB7}c:\\ijji\\english\\u_skid.exe"= TCP:c:\ijji\english\u_skid.exe:<ijji Downloader>
"TCP Query User{67AF71EC-C5C3-4FFB-A758-DA0A40DA9168}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:Starcraft
"UDP Query User{F040F4AC-C464-469C-9AD0-29EE685D4F77}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:Starcraft
"TCP Query User{2BF5B8BB-A40D-4B35-8460-353355E8DB02}c:\\ijji\\english\\u_sf.exe"= UDP:c:\ijji\english\u_sf.exe:<ijji Downloader>
"UDP Query User{F36EB48C-5C6A-41C1-8E07-264F0D9D15FD}c:\\ijji\\english\\u_sf.exe"= TCP:c:\ijji\english\u_sf.exe:<ijji Downloader>
"TCP Query User{7A9794C7-A850-4E78-8B74-A422F808FF4B}c:\\program files\\ea games\\medal of honor batailles du pacifique(tm)\\mohpa.exe"= UDP:c:\program files\ea games\medal of honor batailles du pacifique(tm)\mohpa.exe:Medal of Honor Pacific Assault(tm)
"UDP Query User{D0BFF05F-A127-49DC-A060-C1AE9ED55361}c:\\program files\\ea games\\medal of honor batailles du pacifique(tm)\\mohpa.exe"= TCP:c:\program files\ea games\medal of honor batailles du pacifique(tm)\mohpa.exe:Medal of Honor Pacific Assault(tm)
"TCP Query User{A5DA290E-AC57-4D14-9BA3-B5ADDB6BB7AA}c:\\users\\co\\appdata\\local\\temp\\low\\plauncher.exe"= UDP:c:\users\co\appdata\local\temp\low\plauncher.exe:plauncher.exe
"UDP Query User{53D1D852-853D-436E-8038-0532D27B52F1}c:\\users\\co\\appdata\\local\\temp\\low\\plauncher.exe"= TCP:c:\users\co\appdata\local\temp\low\plauncher.exe:plauncher.exe
"{C17C305E-2455-4FB2-92EF-8DC9EB2DF895}"= UDP:c:\users\eric\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"{811E4352-D98A-414F-A948-E2EE1A0E5BD9}"= TCP:c:\users\eric\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"{1526391F-D793-441F-B231-CD1E8F560161}"= UDP:c:\users\val\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"{179761AF-8AB9-4BF9-80C8-C9D0879512A7}"= TCP:c:\users\val\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"{202CDF54-2C6C-46CB-ADB4-66939592E810}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{6152BB76-8249-42B9-B07A-F4491791AAD8}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{EF528087-8789-4D9D-9BB4-AA4A818FA85D}c:\\ijji\\english\\ijjipurpleoutbound.exe"= UDP:c:\ijji\english\ijjipurpleoutbound.exe:ijjiPurpleOutBound Application
"UDP Query User{5CFFF108-0048-4D13-BCC0-C3EF08008B25}c:\\ijji\\english\\ijjipurpleoutbound.exe"= TCP:c:\ijji\english\ijjipurpleoutbound.exe:ijjiPurpleOutBound Application
"{1799050F-71C1-43AF-9CFC-B39E9C038B7B}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{52FE34FC-0D41-4C6E-883E-81C81CCD7E76}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{522BAA26-E221-4E8A-BF7F-8507126A892B}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{8F26AE78-4258-4DB5-A5FC-351C0BFD25B3}"= UDP:c:\users\eric\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{1EB96DED-B06E-4713-842B-382B1AFC48FF}"= TCP:c:\users\eric\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R3 PAC207;SoC PC-Camera;c:\windows\System32\drivers\PFC027.SYS [2006-12-05 507136]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [2006-05-10 29696]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-02-25 55280]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
2009-03-13 c:\windows\Tasks\User_Feed_Synchronization-{922170D3-9FC7-4D22-A8F4-D04A05F4C3E8}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]
2009-03-13 c:\windows\Tasks\User_Feed_Synchronization-{B5A542B7-B5D2-4686-A6B7-2118BD633F89}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]
2009-03-13 c:\windows\Tasks\User_Feed_Synchronization-{FD82AE3B-CD6B-4457-A5BC-D1BBA55C78E2}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]
.
.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c(...)
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Personnaliser - d:\progam files\promtie4\options.htm
IE: Rechercher sur Internet - d:\progam files\promtie4\search.htm
IE: Traduire - d:\progam files\promtie4\translat.htm
IE: Traduire dans WebView - d:\progam files\promtie4\webview.htm
IE: Traduire la page - d:\progam files\promtie4\page.htm
FF - ProfilePath - c:\users\eric\AppData\Roaming\Mozilla\Firefox\Profiles\zxn5jd1y.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-13 16:02:46
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\dllhost.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
.
**************************************************************************
.
Heure de fin: 2009-03-13 16:07:11 - La machine a redémarré [eric]
ComboFix-quarantined-files.txt 2009-03-13 15:07:04
ComboFix2.txt 2009-03-13 13:54:39
ComboFix3.txt 2009-03-12 17:58:57
Avant-CF: 190 224 584 704 octets libres
Après-CF: 190,399,275,008 octets libres
252 --- E O F --- 2009-03-12 12:18:37
________________________________________________________________________________
rapport HiJackyhis généré :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:59, on 13/03/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\twain_32\ca561a\SnapDetect.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c(...)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Pense-bête.lnk = C:\Windows\System32\StikyNot.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = C:\Windows\twain_32\ca561a\SnapDetect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Personnaliser - d:\Progam Files\promtie4\options.htm
O8 - Extra context menu item: Rechercher sur Internet - d:\Progam Files\promtie4\search.htm
O8 - Extra context menu item: Traduire - d:\Progam Files\promtie4\translat.htm
O8 - Extra context menu item: Traduire dans WebView - d:\Progam Files\promtie4\webview.htm
O8 - Extra context menu item: Traduire la page - d:\Progam Files\promtie4\page.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 8131 bytes
-->Message édité par smugles le 13/03/2009 16:12:52<--
smugles
le 13 mars 2009 à 19h29
si le fiston joue en ligne avec son jeu, avec Avira activé, y'a des risques ou pas de revérolé la machine ??
Curson
le 13 mars 2009 à 20h24
Bonsoir,
Pour le jeu, il n'y a pas de risques s'il se connecte à des serveurs légaux.
Désactive tous tes logiciels de sécurité.
1) Relance HijackThis
- (Do a system Scan Only), cocher les lignes suivantes si présentes :
- Ferme tous les programmes et navigateur, et Clique sur Fix Checked.
2) Télécharge JavaRa et suis les instructions de ce tutorial.
Poste le rapport obtenu.
3) Ta version d'Adobe Reader n'est pas à jour. Des failles de sécurité peuvent permettre l'infection de ton ordinateur. Plus d'informations.
- Fais une mise à jour vers la version 9.1.
4) Je te conseille de télécharger et installer le Service Pack 1.
Outre toutes les mises à jour précédemment diffusées, le SP1 comprend des modifications visant à traiter des problèmes de fiabilité et de performances spécifiques, à prendre en charge de nouveaux types de matériels et à introduire la prise en charge de plusieurs nouvelles normes.
Comment se comporte le système ?
Cordialement.
Pour le jeu, il n'y a pas de risques s'il se connecte à des serveurs légaux.
Désactive tous tes logiciels de sécurité.
1) Relance HijackThis
- (Do a system Scan Only), cocher les lignes suivantes si présentes :
- Ferme tous les programmes et navigateur, et Clique sur Fix Checked.
2) Télécharge JavaRa et suis les instructions de ce tutorial.
Poste le rapport obtenu.
3) Ta version d'Adobe Reader n'est pas à jour. Des failles de sécurité peuvent permettre l'infection de ton ordinateur. Plus d'informations.
- Fais une mise à jour vers la version 9.1.
4) Je te conseille de télécharger et installer le Service Pack 1.
Outre toutes les mises à jour précédemment diffusées, le SP1 comprend des modifications visant à traiter des problèmes de fiabilité et de performances spécifiques, à prendre en charge de nouveaux types de matériels et à introduire la prise en charge de plusieurs nouvelles normes.
Comment se comporte le système ?
Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
Si votre sujet reste sans réponse, merci de le signaler ici.
smugles
le 13 mars 2009 à 21h26
rapport généré :
je fais la suite...
JavaRa 1.13 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Fri Mar 13 21:22:10 2009
Found and removed: C:\Program Files\Java\jre1.5.0_03
Found and removed: C:\Program Files\Java\jre1.6.0_01
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\JavaSoft\Java2D\1.5.0_03
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510003
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510003
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510003
Found and removed: SOFTWARE\Classes\JavaPlugin.150_03
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_03
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_03
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150030}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001
Found and removed: SOFTWARE\Classes\JavaPlugin.160_01
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_03
Found and removed: Software\Classes\JavaPlugin.160_01
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01
Found and removed: Software\JavaSoft\Java2D\1.6.0_01
Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_03\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip
------------------------------------
Finished reporting.
smugles
le 13 mars 2009 à 21h57
Rappele moi la procédure pour installer le SP1. c'est long et il y pleins de trucs à faire...
je devrais faire une défrag aussi...
Qu'ai-je chopé comme virus : un mauvais mauvais truc ?
le reste ce sont des chefs obsolètes ?
le système est super rapide...RAS - stable...
merci.
je devrais faire une défrag aussi...
Qu'ai-je chopé comme virus : un mauvais mauvais truc ?
le reste ce sont des chefs obsolètes ?
le système est super rapide...RAS - stable...
merci.
-->Message édité par smugles le 13/03/2009 22:05:08<--
Curson
le 13 mars 2009 à 22h10
Bonsoir.
Voici un tutorial : Bien installer le SP1.
Tu étais infecté par Trojan.FakeAlert/RogueAntiSpyware.SpywareSecure. Spyware Secure est un pseudo logiciel de sécurité diffusant de fausses alertes et pratiquant un harcèlement publicitaire pour inciter les internautes à installer une version gratuite puis acheter une version payante du logiciel.
Pour le reste, c'était surtout de l'optimisation (y compris la suppression de clés relatives à Adware.Dealio).
Tiens-moi au courant pour l'installation du SP1.
Cordialement.
Voici un tutorial : Bien installer le SP1.
Tu étais infecté par Trojan.FakeAlert/RogueAntiSpyware.SpywareSecure. Spyware Secure est un pseudo logiciel de sécurité diffusant de fausses alertes et pratiquant un harcèlement publicitaire pour inciter les internautes à installer une version gratuite puis acheter une version payante du logiciel.
Pour le reste, c'était surtout de l'optimisation (y compris la suppression de clés relatives à Adware.Dealio).
Tiens-moi au courant pour l'installation du SP1.
Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
Si votre sujet reste sans réponse, merci de le signaler ici.
smugles
le 14 mars 2009 à 17h50
salut,
des problemes :
-Flash Disinfector ne fonctionne pas (il s'ouvre pas)
-Le SP1 démarre, mais au bout de 15mn ERREUR... donc il se bloque.
J'ai assez de place sur le disque dur... je ne comprend pas... j'ai réessayer 3 fois, Avira est coupé, aucun prog ne tourne.l'UAC est désactivée en permanence
merci.
des problemes :
-Flash Disinfector ne fonctionne pas (il s'ouvre pas)
-Le SP1 démarre, mais au bout de 15mn ERREUR... donc il se bloque.
J'ai assez de place sur le disque dur... je ne comprend pas... j'ai réessayer 3 fois, Avira est coupé, aucun prog ne tourne.l'UAC est désactivée en permanence
merci.
-->Message édité par smugles le 14/03/2009 17:52:02<--
Curson
le 14 mars 2009 à 17h59
Bonsoir,
Obtiens-tu un message d'erreur à l'échec de l'installation du SP1 ?
Si Flash_Disinfector ne se lance pas, il faut supprimer manuellement les fichiers ci-dessous (si présents).
C:\Autorun.inf
C:\winrun.vbs
Vérifie la présence de ces fichiers sur tous tes supports amovibles.
Cordialement.
Obtiens-tu un message d'erreur à l'échec de l'installation du SP1 ?
Si Flash_Disinfector ne se lance pas, il faut supprimer manuellement les fichiers ci-dessous (si présents).
C:\Autorun.inf
C:\winrun.vbs
Vérifie la présence de ces fichiers sur tous tes supports amovibles.
Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
Si votre sujet reste sans réponse, merci de le signaler ici.
smugles
le 14 mars 2009 à 18h21
re,
Obtiens-tu un message d'erreur à l'échec de l'installation du SP1 ?
-OUI !!
j'ai fais une capture de la fenêtre avec le message d'erreur : je ne sais pas comment le mettre sur le forum (si c'est utile...)
les prog à virer sont dans C:\programmes\
Mais il n'y a rien...
il a été enregister dans téléchargement , et je n'ai que .exe
!!!!!!!
merci
Obtiens-tu un message d'erreur à l'échec de l'installation du SP1 ?
-OUI !!
j'ai fais une capture de la fenêtre avec le message d'erreur : je ne sais pas comment le mettre sur le forum (si c'est utile...)
les prog à virer sont dans C:\programmes\
Mais il n'y a rien...
il a été enregister dans téléchargement , et je n'ai que .exe
!!!!!!!
merci
-->Message édité par smugles le 14/03/2009 18:28:16<--
Curson
le 14 mars 2009 à 18h34
Bonsoir,
Tutorial : Comment insérer une image sur le forum
De quels programmes parles-tu ?
Cordialement.
Tutorial : Comment insérer une image sur le forum
De quels programmes parles-tu ?
Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
Si votre sujet reste sans réponse, merci de le signaler ici.
smugles
le 14 mars 2009 à 20h46
re,
en réponse à ta formulation virer :
C:\Autorun.inf
C:\winrun.vbs
: le chemin n'est pas complet, et est-ce sur l'application flash disinfector ? => comment faire ?
j'essaye de t'envoyer la capture écran sur l'echec de l'install SP1.
===>
du changement depuis 10mn :
le PC rame à mort de nouveau : 1mn pour ouvrir une page, donc je n'ai pas pu consulter le tuto pour inserer une image.
Aussi je t'écris ce message :
_____________________________________________________________________________
Une erreur s'est produite pendant l'installation du Service Pack.
Code d'erreur 0 x 800B0100. voir
http://go.microsoft.com/fwlink/?linkld= 101139 pour plus de détails.
_____________________________________________________________________________
Donc je souhaite que je ne reparte pas à zéro :
mon épouse à consulté ses mails et pièces jointes avec UAC désactivée, mais Avira actif. Le gamin joue en ligne, mais sur site légal.
quels sont donc tes priorités à me faire réaliser à présent ?
merci
en réponse à ta formulation virer :
C:\Autorun.inf
C:\winrun.vbs
: le chemin n'est pas complet, et est-ce sur l'application flash disinfector ? => comment faire ?
j'essaye de t'envoyer la capture écran sur l'echec de l'install SP1.
===>
du changement depuis 10mn :
le PC rame à mort de nouveau : 1mn pour ouvrir une page, donc je n'ai pas pu consulter le tuto pour inserer une image.
Aussi je t'écris ce message :
_____________________________________________________________________________
Une erreur s'est produite pendant l'installation du Service Pack.
Code d'erreur 0 x 800B0100. voir
http://go.microsoft.com/fwlink/?linkld= 101139 pour plus de détails.
_____________________________________________________________________________
Donc je souhaite que je ne reparte pas à zéro :
mon épouse à consulté ses mails et pièces jointes avec UAC désactivée, mais Avira actif. Le gamin joue en ligne, mais sur site légal.
quels sont donc tes priorités à me faire réaliser à présent ?
merci
-->Message édité par smugles le 14/03/2009 21:26:14<--
|
|
|
PRODUITS
- Portables |
- PC |
- Moniteurs |
- Photo / Vidéo |
- T.V. |
- Audio |
- GPS |
- Stockage |
- Téléphonie |
- autres catégories
TÉLÉCHARGER - LOGICIELS
- Windows & logiciels |
- Bureautique |
- Développement |
- Internet |
- Jeux |
- Loisirs |
- Multimédia |
- Personnaliser son pc |
- Sécurité |
- Utilitaires |
- Logiciels Linux |
- logiciels Mac
JEUX VIDÉOS
- jeux PC |
- Xbox |
- Playstation |
- Wii |
- PSP |
- DS |
- Action |
- Aventure |
- MMORPG |
- Sports |
- Simulation |
- Enfant |
- Soluces et astuces
LOISIRS
01NET PRO
- Réseaux et Internet |
- Programmation et développement |
- Logiciels d'entreprise |
- Systèmes d'exploitation en entreprise |
- Sécurité en entreprise |
- Entreprenariat |
- Emploi |
- Services PRO |
- Matériel PRO
AVIS ET COMMENTAIRES
- Les actualités de 01net. |
- Avis sur les jeux vidéos |
- Avis sur les produits |
- Avis sur les logiciels |
A PROPOS DE 01NET
publicité
Messages des modérateurs
A lire aussi
PRODUITS
- Quand pensez-vous? (Résolu)
- Que choisir résolu
- Restauration [résolu]
- ( Résolu)-Formatage
- resolu plus de son....
TÉLÉCHARGER - LOGICIELS
JEUX VIDÉOS
- recherche shoot'em up ? (résolu)
- où télécharger des avions pour flight simulator X [résolu]
- photo TF2 [RESOLU]
- photo TF2 [RESOLU]
- [ RESOLU] Recherche jeu vidéo
LOISIRS
- recherche info ==>Bernie Bonvoisin==>carrière solo [résolu]
- recherche un artiste RESOLU...
- Paypal (RESOLU)
- recherche musique country [Résolu]
- Qui sont les modérateurs résolu
01NET PRO
AVIS ET COMMENTAIRES
- Ad Muncher
- Ad-Aware Anniversary Edition
- Ad-Aware SE Language-Pack
- "La version 2008 de l'antispyware gratuit Ad-Aware disponible"
- "Ad-Aware 2009 proposé en test aux internautes"
A PROPOS DE 01NET
 |
 |
Shopping
Des chaussures pour un automne en ville.
|
 |
||
L'ORDINATEUR INDIVIDUEL
Le mensuel informatique qui vous informe et vous conseille.
Nous contacter
|
Charte de confiance
|
Voir notice légale
01net. - 01men - RMC - BFM Radio - BFM TV - TousLesPodcasts - 01informatique.fr - Association RMC-BFM
01net. - 01men - RMC - BFM Radio - BFM TV - TousLesPodcasts - 01informatique.fr - Association RMC-BFM
Tous droits réservés © 1999 - 2009 Internext - 01net.