376 utilisateurs connectés
problème pour envoyer des mails
jalawe
le 04 mars 2009 à 21h38
Salut,
Je ne peux plus envoyer de mails. Lorsque je fait envoyer, j'ai le message suivant qui apparaît :
554 5.7.1 Service unavailable. Client host 86.**.**.174 rejected for spamming issues. Adresse cliente 86.**.**.174 bloquee pour incident de spam; hxxp://www.spamhaus.org/query/bl?ip=86.**.**.174
Je ne comprend rien.
De l'aide SVP
Merci d'avance
Je ne peux plus envoyer de mails. Lorsque je fait envoyer, j'ai le message suivant qui apparaît :
554 5.7.1 Service unavailable. Client host 86.**.**.174 rejected for spamming issues. Adresse cliente 86.**.**.174 bloquee pour incident de spam; hxxp://www.spamhaus.org/query/bl?ip=86.**.**.174
Je ne comprend rien.
De l'aide SVP
Merci d'avance
-->Message édité par totoftotof le 05/03/2009 16:24:14<--
répondre
charly-13
le 04 mars 2009 à 22h03
Bonsoir,
As tu essayer de t'envoyer un mail à toi même pour voir si tu reçois le même message.
Charly-13
As tu essayer de t'envoyer un mail à toi même pour voir si tu reçois le même message.
Charly-13
-------
Ma devise, Lorsque ta machine fonctionne bien, n'essaies pas de faire mieux ça risque d'être pire.
Désolé pas d'aide en privé.
Ma devise, Lorsque ta machine fonctionne bien, n'essaies pas de faire mieux ça risque d'être pire.
Désolé pas d'aide en privé.
danoo
le 05 mars 2009 à 10h10
bonjour
quel est ton nom de domaine? @orange, @free, ... ?
tu utilises quel client de messagerie? hotmail, webmail, outlook, ...
quel est ton nom de domaine? @orange, @free, ... ?
tu utilises quel client de messagerie? hotmail, webmail, outlook, ...
-------
memtest : http://www.inforumatique.fr/logitheque.php?mode=cat&id=51
memtest : http://www.inforumatique.fr/logitheque.php?mode=cat&id=51
jalawe
le 05 mars 2009 à 16h19
j'utilise Mozilla Thunderbird et ça le fait également avec les autres client de messagerie.
jalawe
le 05 mars 2009 à 16h20
Et mon nom de domaine : @neuf.fr
Curson
le 05 mars 2009 à 17h24
Bonjour à tous,
jalawe,
Ton adresse IP a été blacklistée par deux organismes anti-spam (Policy Block List et Composite Blocking List).
Ton système est infecté et participe à l'envoi de spams, d'où la restriction posée sur l'IP.
Un modérateur va déplacer ton sujet dans le sous-forum Sécurité, virus et assimilés.
EDIT : C'est fait.
Télécharge HiJackThis de Merijn sur ton bureau.
- Double-clic sur HijackThis.
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note.
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
Aide : N'hésite pas à consulter l'aide HiJackThis.
Cordialement.
jalawe,
Ton adresse IP a été blacklistée par deux organismes anti-spam (Policy Block List et Composite Blocking List).
Ton système est infecté et participe à l'envoi de spams, d'où la restriction posée sur l'IP.
Un modérateur va déplacer ton sujet dans le sous-forum Sécurité, virus et assimilés.
EDIT : C'est fait.
Télécharge HiJackThis de Merijn sur ton bureau.
- Double-clic sur HijackThis.
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note.
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
Aide : N'hésite pas à consulter l'aide HiJackThis.
Cordialement.
-->Message édité par Curson le 05/03/2009 17:29:08<--
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
Si votre sujet reste sans réponse, merci de le signaler ici.
jalawe
le 05 mars 2009 à 21h41
Voici le rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:11, on 05/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tonochperso.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuw(...)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AA64611-7245-4495-97EA-EE7BF747E636}: NameServer = 192.168.30.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCDB0A75-39C3-4E17-99AD-5E9CA1A1372A}: NameServer = 192.168.30.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 6876 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:11, on 05/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tonochperso.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuw(...)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AA64611-7245-4495-97EA-EE7BF747E636}: NameServer = 192.168.30.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCDB0A75-39C3-4E17-99AD-5E9CA1A1372A}: NameServer = 192.168.30.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 6876 bytes
Curson
le 05 mars 2009 à 21h44
Bonsoir,
1) Désinstalle les applications suivantes (si présentes) via ajout/suppression de programmes :
Ad-Aware : il n'est plus efficace contre les infections actuelles.
2) Télécharge OTViewIt de OldTimer sur ton bureau.
- Ferme toutes les fenêtres et applications.
- Double clique sur OTViewIt.exe pour le lancer.
- Dans la liste déroulante "File Age" choisis : 30 days (ou selon votre choix)
- Clique sur le bouton "Run Scan".
- Patiente quelques minutes.
- le bloc note va s'ouvrir, poste les deux rapports obtenus dans ta prochaine réponse.
Cordialement.
1) Désinstalle les applications suivantes (si présentes) via ajout/suppression de programmes :
Ad-Aware : il n'est plus efficace contre les infections actuelles.
2) Télécharge OTViewIt de OldTimer sur ton bureau.
- Ferme toutes les fenêtres et applications.
- Double clique sur OTViewIt.exe pour le lancer.
- Dans la liste déroulante "File Age" choisis : 30 days (ou selon votre choix)
- Clique sur le bouton "Run Scan".
- Patiente quelques minutes.
- le bloc note va s'ouvrir, poste les deux rapports obtenus dans ta prochaine réponse.
Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
Si votre sujet reste sans réponse, merci de le signaler ici.
jalawe
le 05 mars 2009 à 22h57
Bonsoir,
voici les 2 rapports de OTviewit :
1er:
OTViewIt logfile created on: 05/03/2009 22:54:52 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Laurence et Anthony\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
510,48 Mb Total Physical Memory | 215,16 Mb Available Physical Memory | 42,15% Memory free
1,22 Gb Paging File | 0,86 Gb Available in Paging File | 70,51% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 50,91 Gb Free Space | 68,32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC302132836219
Current User Name: Laurence et Anthony
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2005/04/01 11:02:36 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/10/15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2008/10/15 13:29:28 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2007/09/04 18:04:36 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2005/02/22 15:32:14 | 00,038,912 | ---- | M] () -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
[2008/12/25 01:36:45 | 00,540,672 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
[2005/04/01 11:02:36 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2005/02/02 13:12:22 | 00,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[2005/02/02 13:11:12 | 00,692,316 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2008/12/25 01:36:44 | 02,267,136 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
[2008/12/25 01:58:23 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/04/14 03:34:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/06/12 13:28:40 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2008/04/14 03:34:20 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2009/02/07 21:52:48 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2009/03/05 22:53:47 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Laurence et Anthony\Bureau\OTViewIt.exe
========== (O23) Win32 Services ==========
[2008/10/15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/10/15 13:29:28 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2007/09/04 18:04:36 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2004/07/15 00:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/04/01 11:02:36 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2007/02/04 12:43:23 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])
[2005/03/04 11:16:18 | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\Shared\hpqwmi.exe -- (hpqwmi [Disabled | Stopped])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [Disabled | Stopped])
[2008/01/15 03:22:44 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
[2005/02/22 15:32:14 | 00,038,912 | ---- | M] () -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2006/11/10 18:18:02 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2008/12/25 01:36:45 | 00,540,672 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv [Auto | Running])
[2005/01/31 09:45:20 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Disabled | Stopped])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/11/03 09:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])
========== Driver Services ==========
[2004/08/05 13:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2004/08/11 15:30:00 | 00,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2005/04/01 11:02:36 | 01,034,752 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/02/27 14:24:55 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008/05/20 15:29:43 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2008/10/30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2005/03/10 10:41:52 | 00,371,712 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Stopped])
[2005/03/15 17:14:52 | 00,037,760 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD [On_Demand | Running])
[2005/03/15 17:14:52 | 00,346,496 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA [On_Demand | Running])
[2004/03/08 12:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv [System | Running])
[2004/04/14 06:36:50 | 00,007,432 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr [System | Running])
[2003/06/06 10:46:16 | 00,005,220 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb [On_Demand | Stopped])
[2006/09/19 15:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2005/03/22 15:39:44 | 00,200,192 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI [On_Demand | Running])
[2005/03/22 15:39:42 | 01,038,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2005/05/27 10:31:26 | 00,022,016 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Stopped])
[2004/09/24 17:12:04 | 00,015,781 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X [Auto | Running])
[2005/03/22 15:39:54 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2004/09/24 17:12:04 | 00,381,312 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\WlanUIG.sys -- (NBXG7031 [On_Demand | Stopped])
[2004/04/08 17:18:38 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])
[2005/11/19 02:13:18 | 00,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50 [On_Demand | Stopped])
[2004/08/05 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/05/13 02:53:12 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2005/05/27 10:32:51 | 01,317,152 | R--- | M] () -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced [On_Demand | Stopped])
[2004/06/28 11:35:24 | 00,069,760 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2008/04/13 19:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2006/11/10 17:23:42 | 00,061,600 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Ebus.sys -- (SE2Ebus [On_Demand | Stopped])
[2006/11/10 17:23:48 | 00,009,360 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Emdfl.sys -- (SE2Emdfl [On_Demand | Stopped])
[2006/11/10 17:23:50 | 00,097,184 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Emdm.sys -- (SE2Emdm [On_Demand | Stopped])
[2006/11/10 17:23:54 | 00,088,688 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Emgmt.sys -- (SE2Emgmt [On_Demand | Stopped])
[2006/11/10 17:23:56 | 00,018,704 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se2End5.sys -- (se2End5 [On_Demand | Stopped])
[2006/11/10 17:23:58 | 00,086,560 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Eobex.sys -- (SE2Eobex [On_Demand | Stopped])
[2006/11/10 17:24:06 | 00,090,800 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se2Eunic.sys -- (se2Eunic [On_Demand | Stopped])
[2007/11/13 09:47:45 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001/06/22 04:39:02 | 00,073,728 | ---- | M] (Rainbow Technologies, Inc.) -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel [Auto | Running])
[2005/07/13 16:37:46 | 00,260,608 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\drivers\WlanUZXP.sys -- (SG760_XP [On_Demand | Running])
[2001/08/23 16:21:42 | 00,036,937 | ---- | M] (SMC) -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA [On_Demand | Stopped])
[2002/10/15 22:41:06 | 00,102,220 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1 [On_Demand | Stopped])
[2008/12/25 01:36:45 | 00,142,592 | ---- | M] () -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2 [System | Running])
[2007/11/08 18:03:26 | 00,021,248 | ---- | M] (AVIRA GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2005/08/30 16:57:18 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus [On_Demand | Stopped])
[2005/08/30 16:58:56 | 00,008,304 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])
[2005/08/30 16:59:00 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped])
[2007/06/02 21:49:07 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
[2006/01/31 14:35:34 | 00,123,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped])
[2005/02/02 12:58:58 | 00,191,456 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2005/04/04 17:25:36 | 00,160,768 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
[2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2005/03/22 15:39:40 | 00,703,232 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/13 19:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])
[2004/08/05 13:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
========== (O1) Hosts File ==========
HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{5C255C8A-E604-49b4-9D64-90988571CECB} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
========== (O3) Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" (Crawler.com)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
========== (O4) Startup Folders ==========
[2008/06/11 01:58:50 | 01,320,464 | ---- | M] () -- C:\Documents and Settings\Laurence et Anthony\Menu Démarrer\Programmes\Démarrage\SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe
========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xporter vers Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)
Easy-WebPrint Ajouter à la liste d'impressions: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/04/05 11:01:28 | 00,204,800 | ---- | M] ()
Easy-WebPrint Impression rapide: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/04/05 11:01:28 | 00,204,800 | ---- | M] ()
Easy-WebPrint Imprimer: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/04/05 11:01:28 | 00,204,800 | ---- | M] ()
Easy-WebPrint Prévisualiser: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/04/05 11:01:28 | 00,204,800 | ---- | M] ()
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 03:34:13 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 03:34:13 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 03:34:13 | 01,695,232 | ---- | M] (Microsoft Corporation)
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
26 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{14B87622-7E19-4EA8-93B3-97215F77A6BC}: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab -- MessengerStatsClient Class
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://tonochperso.spaces.live.com//PhotoUpload/MsnPUpld.cab -- MSN Photo Upload Tool
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuw(...) -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab -- Java Plug-in 1.5.0_01
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab -- Java Plug-in 1.5.0_02
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab -- Java Plug-in 1.5.0_09
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab -- Java Plug-in 1.5.0_10
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object
========== (O17) DNS Name Servers ==========
{10AC8AF4-4BF7-410A-AA17-008B1985F125} (Servers: | Description: )
{26939795-229C-4E27-9FA5-EF3474681CC5} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)
{2A5B83BD-03BB-4424-A089-CC629A2AD632} (Servers: | Description: )
{3AA64611-7245-4495-97EA-EE7BF747E636} (Servers: 192.168.30.1 | Description: SAGEM Wi-Fi 11g USB adapter)
{71487989-FB9A-4051-BD16-CC1FF68A2004} (Servers: | Description: )
{7470D389-B547-43A2-B51D-3DD62DCD6BDB} (Servers: | Description: )
{D8671AFB-3477-46FE-B4A9-8CD607854188} (Servers: | Description: Broadcom 802.11b/g WLAN)
{DCDB0A75-39C3-4E17-99AD-5E9CA1A1372A} (Servers: 192.168.30.1 | Description: SAGEM Wi-Fi 11g USB adapter)
{DF54EEE3-F664-4129-8A2F-FA3413B9CBA4} (Servers: | Description: Carte réseau 1394)
{E8FE0812-5AF6-4CA5-B1FD-0576E4B42F2E} (Servers: | Description: )
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
AUTOEXEC.BAT []
[2008/12/24 02:53:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]
========== MountPoints2 ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1303ddf6-8f98-11dc-860d-0060b355a6b3}\Shell\AutoRun\command]
""=E:\AutoTransfer.exe -- File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/03/05 22:53:43 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Laurence et Anthony\Bureau\OTViewIt.exe
[2009/03/05 21:39:36 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Laurence et Anthony\Bureau\HijackThis.lnk
[2009/03/05 21:38:20 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Laurence et Anthony\Bureau\HJTInstall.exe
[2009/02/17 21:48:05 | 00,000,447 | ---- | C] () -- C:\Documents and Settings\Laurence et Anthony\Bureau\torrents.lnk
[2009/02/17 21:44:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Laurence et Anthony\Mes documents\torrents
[2009/02/13 16:55:44 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/02/05 21:41:34 | 00,000,813 | ---- | C] () -- C:\Documents and Settings\Laurence et Anthony\Bureau\Windows Messenger.lnk
[2009/02/05 21:36:52 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2009/02/05 21:36:39 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/02/05 21:34:44 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/02/05 21:34:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/02/05 21:34:16 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/02/05 21:08:24 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Windows Live
[2009/02/04 21:58:16 | 00,526,848 | ---- | C] () -- C:\Documents and Settings\Laurence et Anthony\Mes documents\Notre petite Famille.doc
========== Files - Modified Within 30 Days ==========
[9 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/03/05 22:53:47 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Laurence et Anthony\Bureau\OTViewIt.exe
[2009/03/05 22:00:02 | 00,000,338 | ---- | M] () -- C:\WINDOWS\tasks\zximadae.job
[2009/03/05 22:00:01 | 00,000,294 | -H-- | M] () -- C:\WINDOWS\tasks\A966FF5091857DCC.job
[2009/03/05 21:40:11 | 00,000,423 | ---- | M] () -- C:\WINDOWS\System32\BIN_STRSBW.SPT
[2009/03/05 21:39:36 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Laurence et Anthony\Bureau\HijackThis.lnk
[2009/03/05 21:38:22 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Laurence et Anthony\Bureau\HJTInstall.exe
[2009/03/05 21:24:20 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/05 21:23:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/05 21:22:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/05 21:22:42 | 53,535,1296 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/28 14:51:56 | 00,067,584 | ---- | M] () -- C:\Documents and Settings\Laurence et Anthony\Mes documents\suivi compte commmun.xls
[2009/02/17 21:48:05 | 00,000,447 | ---- | M] () -- C:\Documents and Settings\Laurence et Anthony\Bureau\torrents.lnk
[2009/02/13 16:55:44 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Laurence et Anthony\Bureau\µTorrent.lnk
[2009/02/12 20:25:23 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/12 05:56:17 | 21,244,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/07 19:44:45 | 00,000,688 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/02/06 13:43:20 | 00,368,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/05 21:41:34 | 00,000,813 | ---- | M] () -- C:\Documents and Settings\Laurence et Anthony\Bureau\Windows Messenger.lnk
[2009/02/05 21:39:13 | 00,108,672 | ---- | M] () -- C:\Documents and Settings\Laurence et Anthony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/02/05 21:35:50 | 00,000,945 | ---- | M] () -- C:\Documents and Settings\Laurence et Anthony\Mes documents\Mes dossiers de partage.lnk
[2009/02/05 18:42:28 | 00,068,608 | ---- | M] () -- C:\Documents and Settings\Laurence et Anthony\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/05 18:42:28 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/04 22:22:55 | 00,526,848 | ---- | M] () -- C:\Documents and Settings\Laurence et Anthony\Mes documents\Notre petite Famille.doc
< End of report >
2nd:
OTViewIt Extras logfile created on: 05/03/2009 22:54:52 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Laurence et Anthony\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
510,48 Mb Total Physical Memory | 215,16 Mb Available Physical Memory | 42,15% Memory free
1,22 Gb Paging File | 0,86 Gb Available in Paging File | 70,51% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 50,91 Gb Free Space | 68,32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC302132836219
Current User Name: Laurence et Anthony
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 03:34:21 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/12/02 21:44:52 | 00,582,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2008/12/02 21:53:08 | 01,170,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
[2008/12/02 22:41:56 | 03,882,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 03:34:21 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/08/02 14:52:12 | 05,484,544 | ---- | M] (http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe:*:Enabled:eMule
[2008/07/24 13:22:22 | 00,189,824 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail
[2008/07/24 13:22:28 | 00,243,072 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
[2008/07/24 13:22:24 | 00,112,000 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
[2009/02/07 21:52:48 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/11/16 18:04:32 | 00,663,552 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home
[2009/02/10 21:26:56 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Laurence et Anthony\Mes documents\Mes fichiers reçus\utorrent.exe:*:Enabled:µTorrent
[2007/10/17 15:28:09 | 33,574,912 | ---- | M] (Sports Interactive) -- C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008
[2008/01/15 03:22:48 | 19,926,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/04/23 16:45:34 | 22,058,792 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2008/12/02 21:44:52 | 00,582,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2008/12/02 21:53:08 | 01,170,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
[2008/12/02 22:41:56 | 03,882,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2008/04/14 03:34:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2009/02/13 16:55:44 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2004/01/29 15:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2008/12/02 22:37:44 | 00,062,280 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2004/01/29 15:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2004/01/29 15:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2001/06/20 02:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2008/12/02 22:37:44 | 00,062,280 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2008/01/24 15:22:56 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[2008/04/23 16:45:34 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])
[2008/12/02 22:38:50 | 00,791,368 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01523985-2098-43AF-9C97-12B07BE02A9B}"=Windows Live Call
"{02E22217-0E96-4C3F-B831-83AA942B7715}"=UserGuides
"{059C042E-796A-4ACC-A81A-ECC2010BB78C}"=Windows Live Messenger
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic Data Module
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{13F3917B56CD4C25848BDC69916971BB}"=DivX Converter
"{15D91706-6ADF-44CF-9D7D-FF2D8ACD2C6F}"=LS_HSI
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}"=HP Software Update
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}"=Picture Package
"{205C6BDD-7B73-42DE-8505-9A093F35A238}"=Outil de téléchargement Windows Live
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}"=MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java(TM) 6 Update 11
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150010}"=J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150020}"=J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}"=J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3CCB732A-E472-4CF9-B1EE-F18365341FE0}"=Installation Windows Live
"{3FC7CBBC4C1E11DCA1A752EA55D89593}"=DivX Version Checker
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}"=HP Wireless Assistant 1.01 A3
"{43563ACB-371B-4C58-8979-B192B390424C}"=Galerie de photos Windows Live
"{4908C75E-E5E2-43F7-B1DF-023CBA831036}"=Nero 7 Premium
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}"=Junk Mail filter update
"{544FB392-069D-4BA5-9DC7-FFD47230AEE5}"=Photohands 1.0F
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}"=Sony USB Driver
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{5EC786D5-C0CA-42E0-AF88-5379EF9D91EC}"=First Step Guide
"{63DC2DA0-2A6C-4C38-9249-B75395458657}"=Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Sonic Express Labeler
"{67D0313C-4F15-437D-9A2D-C1564088A26A}"=Windows Live Sync
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}"=QuickTime
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}"=VC80CRTRedist - 8.0.50727.762
"{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}"=Sentinel System Driver
"{7AC15160-A49B-4A89-B181-D4619C025FFF}"=Samsung Samples Installer
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}"=Connexion Facile à Internet
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8F7953DB-3529-4D69-A577-CC22D4F32C51}"=Utilitaire de gestion du LAN Wifi IEEE 802.11g
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}"=Choice Guard
"{9019040C-6000-11D3-8CFE-0050048383C9}"=Microsoft Publisher 2002
"{9028040C-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional avec FrontPage
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1}"=TIxx21
"{9A394342-4A68-4EBA-85A6-55B559F4E700}"=Microsoft .NET Framework 1.1 French Language Pack
"{9C650676-CDDB-42C0-8D11-3EEB7F791F99}"=Kit d'installation
"{A059DE09-1B49-4450-B340-7AE097EC3F04}"=Microsoft Works
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}"=Segoe UI
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}"=HP Help and Support
"{A96E97134CA649888820BCDE5E300BBD}"=H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}"=MKV Splitter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic Audio Module
"{AC76BA86-7AD7-1036-7B44-A70900000002}"=Adobe Reader 7.0.9 - Français
"{AC76BA86-7AD7-5464-3428-7050000000A7}"=Adobe Reader 7.0.5 Language Support
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}"=AAC Decoder
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic Copy Module
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}"=iTunes
"{C151CE54-E7EA-4804-854B-F515368B0798}"=Athlon 64 Processor Driver
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}"=Logiciel QuickCam de Logitech
"{C4A4722E-79F9-417C-BD72-8D359A090C97}"=Samsung PC Studio
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}"=Quick Launch Buttons 5.10 B3
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}"=Assistant de connexion Windows Live
"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}"=Apple Mobile Device Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}"=HpSdpAppCoreApp
"{E188D820-1218-4E28-8BCA-91134C3664C2}"=Ulead VideoStudio 10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Codeur Windows Media Série 9
"{E6514842-09F1-4497-8345-65BA98AD3479}"=Samsung PC Studio
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}"=Samsung PC Studio 3 USB Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1A2577D-2FDF-47D5-9055-ABE809D78D15}"=eMule Shell Extension
"{F69E83CF-B440-43F8-89E6-6EA80712109B}"=Windows Live Communications Platform
"{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}"=ImageMixer VCD2
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Ad-remover"=Ad-remover
"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus
"ATI Display Driver"=ATI Display Driver
"Canon Setup Utility 2.0"=Canon Setup Utility 2.0
"CANONBJ_Deinstall_CNMCP78.DLL"=Canon iP4200
"CCleaner"=CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3085103C"=Data Fax SoftModem with SmartCP
"Conexant PCI Audio"=Conexant AC-Link Audio
"DivX Plus DirectShow Filters"=DivX Plus DirectShow Filters
"Easy-PhotoPrint"=Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox"=Canon Utilities Easy-PrintToolBox
"Easy-WebPrint"=Easy-WebPrint
"eMule"=eMule
"FileZilla"=FileZilla (remove only)
"Football Manager 2008"=Football Manager 2008
"HijackThis"=HijackThis 2.0.2
"HP Pavillion zv6000 User Guides"=HP Pavillion zv6000 User Guides
"HUFFYUV"=Huffyuv AVI lossless video codec (Remove Only)
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"IncrediMail"=IncrediMail Xe
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}"=Connexion Facile à Internet
"InstallShield_{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1}"=Texas Instruments PCIxx21/x515 drivers.
"Logitech Print Service"=Logitech Print Service
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint"=CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.6)"=Mozilla Firefox (3.0.6)
"Mozilla Thunderbird (2.0.0.19)"=Mozilla Thunderbird (2.0.0.19)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MsgPlus! Plugin"=Messenger Plus! 3 & Sponsor
"MSNINST"=MSN
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"QcDrv"=Programme de gestion Camera de Logitech®
"SAMSUNG CDMA Modem"=SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem"=SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0"=SAMSUNG Mobile USB Modem 1.0 Software
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.4
"Spyware Terminator_is1"=Spyware Terminator
"SpywareBlaster_is1"=SpywareBlaster 4.1
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"VLC media player"=VideoLAN VLC media player 0.8.5
"Vodafone 804SS USB driver"=SAMSUNG Mobile USB Modem ^^
"Windows Media Encoder 9"=Codeur Windows Media Série 9
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Lecteur Windows Media 11
"Windows XP Service"=Windows XP Service Pack 3
"WinLiveSuite_Wave3"=Installation Windows Live
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 05/02/2009 14:08:54 | Computer Name = PC302132836219 | Source = LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.
Error - 05/02/2009 14:08:54 | Computer Name = PC302132836219 | Source = LoadPerf | ID = 3011
Description = Le déchargement des chaînes de compteurs de performances pour le service
ContentIndex (ContentIndex) a échoué. Le code d'erreur est le premier DWORD de la
section Data.
Error - 05/02/2009 14:08:54 | Computer Name = PC302132836219 | Source = LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.
Error - 05/02/2009 14:08:54 | Computer Name = PC302132836219 | Source = LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.
Error - 05/02/2009 14:08:54 | Computer Name = PC302132836219 | Source = LoadPerf | ID = 3011
Description = Le déchargement des chaînes de compteurs de performances pour le service
ContentFilter (ContentFilter) a échoué. Le code d'erreur est le premier DWORD de
la section Data.
Error - 05/02/2009 14:08:54 | Computer Name = PC302132836219 | Source = LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.
Error - 05/02/2009 14:08:54 | Computer Name = PC302132836219 | Source = LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.
Error - 05/02/2009 14:08:54 | Computer Name = PC302132836219 | Source = LoadPerf | ID = 3011
Description = Le déchargement des chaînes de compteurs de performances pour le service
ISAPISearch (ISAPISearch) a échoué. Le code d'erreur est le premier DWORD de la
section Data.
Error - 06/02/2009 09:02:24 | Computer Name = PC302132836219 | Source = MsiInstaller | ID = 11706
Description = Produit : Microsoft Office XP Professional avec FrontPage -- Erreur
1706. Le programme d'installation ne peut pas trouver les fichiers requis. Vérifiez
votre connexion au réseau ou votre lecteur de CD-ROM. Pour des solutions éventuelles
à ce problème, consultez C:\Program Files\Microsoft Office\Office10\1036\SETUP.HLP.
Error - 06/02/2009 09:02:28 | Computer Name = PC302132836219 | Source = MsiInstaller | ID = 1024
Description = Produit : Microsoft Office XP Professional avec FrontPage - La mise
à jour '{10864676-F019-4492-91BC-6A5F68C72840}' n'a pas pu être installée. Code
d'erreur 1603. Windows Installer peut créer des journaux pour faciliter la résolution
des éventuelles erreurs d'installation des packages logiciels. Utilisez le lien
suivant pour afficher des instructions concernant l'activation des journaux : http://go.microsoft.com/fwlink/?LinkId=23127
[ System Events ]
Error - 05/03/2009 17:53:32 | Computer Name = PC302132836219 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2
Error - 05/03/2009 17:53:32 | Computer Name = PC302132836219 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2
Error - 05/03/2009 17:53:32 | Computer Name = PC302132836219 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2
Error - 05/03/2009 17:53:32 | Computer Name = PC302132836219 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2
Error - 05/03/2009 17:53:32 | Computer Name = PC302132836219 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2
Error - 05/03/2009 17:53:32 | Computer Name = PC302132836219 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2
Error - 05/03/2009 17:53:32 | Computer Name = PC302132836219 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2
Error - 05/03/2009 17:53:33 | Computer Name = PC302132836219 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2
Error - 05/03/2009 17:53:33 | Computer Name = PC302132836219 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2
Error - 05/03/2009 17:53:33 | Computer Name = PC302132836219 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2
< End of report >
cordialement.
voici les 2 rapports de OTviewit :
1er:
OTViewIt logfile created on: 05/03/2009 22:54:52 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Laurence et Anthony\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
510,48 Mb Total Physical Memory | 215,16 Mb Available Physical Memory | 42,15% Memory free
1,22 Gb Paging File | 0,86 Gb Available in Paging File | 70,51% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 50,91 Gb Free Space | 68,32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC302132836219
Current User Name: Laurence et Anthony
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2005/04/01 11:02:36 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/10/15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2008/10/15 13:29:28 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2007/09/04 18:04:36 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2005/02/22 15:32:14 | 00,038,912 | ---- | M] () -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
[2008/12/25 01:36:45 | 00,540,672 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
[2005/04/01 11:02:36 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2005/02/02 13:12:22 | 00,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[2005/02/02 13:11:12 | 00,692,316 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2008/12/25 01:36:44 | 02,267,136 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
[2008/12/25 01:58:23 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/04/14 03:34:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/06/12 13:28:40 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2008/04/14 03:34:20 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2009/02/07 21:52:48 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2009/03/05 22:53:47 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Laurence et Anthony\Bureau\OTViewIt.exe
========== (O23) Win32 Services ==========
[2008/10/15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/10/15 13:29:28 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2007/09/04 18:04:36 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2004/07/15 00:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/04/01 11:02:36 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2007/02/04 12:43:23 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])
[2005/03/04 11:16:18 | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\Shared\hpqwmi.exe -- (hpqwmi [Disabled | Stopped])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [Disabled | Stopped])
[2008/01/15 03:22:44 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
[2005/02/22 15:32:14 | 00,038,912 | ---- | M] () -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2006/11/10 18:18:02 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2008/12/25 01:36:45 | 00,540,672 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv [Auto | Running])
[2005/01/31 09:45:20 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Disabled | Stopped])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/11/03 09:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])
========== Driver Services ==========
[2004/08/05 13:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2004/08/11 15:30:00 | 00,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2005/04/01 11:02:36 | 01,034,752 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/02/27 14:24:55 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008/05/20 15:29:43 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2008/10/30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2005/03/10 10:41:52 | 00,371,712 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Stopped])
[2005/03/15 17:14:52 | 00,037,760 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD [On_Demand | Running])
[2005/03/15 17:14:52 | 00,346,496 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA [On_Demand | Running])
[2004/03/08 12:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv [System | Running])
[2004/04/14 06:36:50 | 00,007,432 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr [System | Running])
[2003/06/06 10:46:16 | 00,005,220 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb [On_Demand | Stopped])
[2006/09/19 15:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2005/03/22 15:39:44 | 00,200,192 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI [On_Demand | Running])
[2005/03/22 15:39:42 | 01,038,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2005/05/27 10:31:26 | 00,022,016 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Stopped])
[2004/09/24 17:12:04 | 00,015,781 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X [Auto | Running])
[2005/03/22 15:39:54 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2004/09/24 17:12:04 | 00,381,312 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\WlanUIG.sys -- (NBXG7031 [On_Demand | Stopped])
[2004/04/08 17:18:38 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])
[2005/11/19 02:13:18 | 00,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50 [On_Demand | Stopped])
[2004/08/05 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/05/13 02:53:12 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2005/05/27 10:32:51 | 01,317,152 | R--- | M] () -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced [On_Demand | Stopped])
[2004/06/28 11:35:24 | 00,069,760 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2008/04/13 19:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2006/11/10 17:23:42 | 00,061,600 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Ebus.sys -- (SE2Ebus [On_Demand | Stopped])
[2006/11/10 17:23:48 | 00,009,360 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Emdfl.sys -- (SE2Emdfl [On_Demand | Stopped])
[2006/11/10 17:23:50 | 00,097,184 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Emdm.sys -- (SE2Emdm [On_Demand | Stopped])
[2006/11/10 17:23:54 | 00,088,688 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Emgmt.sys -- (SE2Emgmt [On_Demand | Stopped])
[2006/11/10 17:23:56 | 00,018,704 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se2End5.sys -- (se2End5 [On_Demand | Stopped])
[2006/11/10 17:23:58 | 00,086,560 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Eobex.sys -- (SE2Eobex [On_Demand | Stopped])
[2006/11/10 17:24:06 | 00,090,800 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se2Eunic.sys -- (se2Eunic [On_Demand | Stopped])
[2007/11/13 09:47:45 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001/06/22 04:39:02 | 00,073,728 | ---- | M] (Rainbow Technologies, Inc.) -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel [Auto | Running])
[2005/07/13 16:37:46 | 00,260,608 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\drivers\WlanUZXP.sys -- (SG760_XP [On_Demand | Running])
[2001/08/23 16:21:42 | 00,036,937 | ---- | M] (SMC) -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA [On_Demand | Stopped])
[2002/10/15 22:41:06 | 00,102,220 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1 [On_Demand | Stopped])
[2008/12/25 01:36:45 | 00,142,592 | ---- | M] () -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2 [System | Running])
[2007/11/08 18:03:26 | 00,021,248 | ---- | M] (AVIRA GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2005/08/30 16:57:18 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus [On_Demand | Stopped])
[2005/08/30 16:58:56 | 00,008,304 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])
[2005/08/30 16:59:00 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped])
[2007/06/02 21:49:07 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
[2006/01/31 14:35:34 | 00,123,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped])
[2005/02/02 12:58:58 | 00,191,456 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2005/04/04 17:25:36 | 00,160,768 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
[2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2005/03/22 15:39:40 | 00,703,232 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/13 19:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])
[2004/08/05 13:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
========== (O1) Hosts File ==========
HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{5C255C8A-E604-49b4-9D64-90988571CECB} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
========== (O3) Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" (Crawler.com)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
========== (O4) Startup Folders ==========
[2008/06/11 01:58:50 | 01,320,464 | ---- | M] () -- C:\Documents and Settings\Laurence et Anthony\Menu Démarrer\Programmes\Démarrage\SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe
========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xporter vers Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/10/28 16:07:58 | 09,362,248 | R--- | M] (Microsoft Corporation)
Easy-WebPrint Ajouter à la liste d'impressions: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/04/05 11:01:28 | 00,204,800 | ---- | M] ()
Easy-WebPrint Impression rapide: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/04/05 11:01:28 | 00,204,800 | ---- | M] ()
Easy-WebPrint Imprimer: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/04/05 11:01:28 | 00,204,800 | ---- | M] ()
Easy-WebPrint Prévisualiser: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/04/05 11:01:28 | 00,204,800 | ---- | M] ()
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 03:34:13 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 03:34:13 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 03:34:13 | 01,695,232 | ---- | M] (Microsoft Corporation)
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
26 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{14B87622-7E19-4EA8-93B3-97215F77A6BC}: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab -- MessengerStatsClient Class
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://tonochperso.spaces.live.com//PhotoUpload/MsnPUpld.cab -- MSN Photo Upload Tool
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuw(...) -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab -- Java Plug-in 1.5.0_01
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab -- Java Plug-in 1.5.0_02
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab -- Java Plug-in 1.5.0_09
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab -- Java Plug-in 1.5.0_10
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object
========== (O17) DNS Name Servers ==========
{10AC8AF4-4BF7-410A-AA17-008B1985F125} (Servers: | Description: )
{26939795-229C-4E27-9FA5-EF3474681CC5} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)
{2A5B83BD-03BB-4424-A089-CC629A2AD632} (Servers: | Description: )
{3AA64611-7245-4495-97EA-EE7BF747E636} (Servers: 192.168.30.1 | Description: SAGEM Wi-Fi 11g USB adapter)
{71487989-FB9A-4051-BD16-CC1FF68A2004} (Servers: | Description: )
{7470D389-B547-43A2-B51D-3DD62DCD6BDB} (Servers: | Description: )
{D8671AFB-3477-46FE-B4A9-8CD607854188} (Servers: | Description: Broadcom 802.11b/g WLAN)
{DCDB0A75-39C3-4E17-99AD-5E9CA1A1372A} (Servers: 192.168.30.1 | Description: SAGEM Wi-Fi 11g USB adapter)
{DF54EEE3-F664-4129-8A2F-FA3413B9CBA4} (Servers: | Description: Carte réseau 1394)
{E8FE0812-5AF6-4CA5-B1FD-0576E4B42F2E} (Servers: | Description: )
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
AUTOEXEC.BAT []
[2008/12/24 02:53:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]
========== MountPoints2 ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1303ddf6-8f98-11dc-860d-0060b355a6b3}\Shell\AutoRun\command]
""=E:\AutoTransfer.exe -- File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/03/05 22:53:43 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Laurence et Anthony\Bureau\OTViewIt.exe
[2009/03/05 21:39:36 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Laurence et Anthony\Bureau\HijackThis.lnk
[2009/03/05 21:38:20 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Laurence et Anthony\Bureau\HJTInstall.exe
[2009/02/17 21:48:05 | 00,000,447 | ---- | C] () -- C:\Documents and Settings\Laurence et Anthony\Bureau\torrents.lnk
[2009/02/17 21:44:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Laurence et Anthony\Mes documents\torrents
[2009/02/13 16:55:44 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/02/05 21:41:34 | 00,000,813 | ---- | C] () -- C:\Documents and Settings\Laurence et Anthony\Bureau\Windows Messenger.lnk
[2009/02/05 21:36:52 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2009/02/05 21:36:39 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/02/05 21:34:44 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/02/05 21:34:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/02/05 21:34:16 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/02/05 21:08:24 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Windows Live
[2009/02/04 21:58:16 | 00,526,848 | ---- | C] () -- C:\Documents and Settings\Laurence et Anthony\Mes documents\Notre petite Famille.doc
========== Files - Modified Within 30 Days ==========
[9 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/03/05 22:53:47 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Laurence et Anthony\Bureau\OTViewIt.exe
[2009/03/05 22:00:02 | 00,000,338 | ---- | M] () -- C:\WINDOWS\tasks\zximadae.job
[2009/03/05 22:00:01 | 00,000,294 | -H-- | M] () -- C:\WINDOWS\tasks\A966FF5091857DCC.job
[2009/03/05 21:40:11 | 00,000,423 | ---- | M] () -- C:\WINDOWS\System32\BIN_STRSBW.SPT
[2009/03/05 21:39:36 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Laurence et Anthony\Bureau\HijackThis.lnk
[2009/03/05 21:38:22 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Laurence et Anthony\Bureau\HJTInstall.exe
[2009/03/05 21:24:20 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/05 21:23:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/05 21:22:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/05 21:22:42 | 53,535,1296 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/28 14:51:56 | 00,067,584 | ---- | M] () -- C:\Documents and Settings\Laurence et Anthony\Mes documents\suivi compte commmun.xls
[2009/02/17 21:48:05 | 00,000,447 | ---- | M] () -- C:\Documents and Settings\Laurence et Anthony\Bureau\torrents.lnk
[2009/02/13 16:55:44 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Laurence et Anthony\Bureau\µTorrent.lnk
[2009/02/12 20:25:23 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/12 05:56:17 | 21,244,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/07 19:44:45 | 00,000,688 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/02/06 13:43:20 | 00,368,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/05 21:41:34 | 00,000,813 | ---- | M] () -- C:\Documents and Settings\Laurence et Anthony\Bureau\Windows Messenger.lnk
[2009/02/05 21:39:13 | 00,108,672 | ---- | M] () -- C:\Documents and Settings\Laurence et Anthony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/02/05 21:35:50 | 00,000,945 | ---- | M] () -- C:\Documents and Settings\Laurence et Anthony\Mes documents\Mes dossiers de partage.lnk
[2009/02/05 18:42:28 | 00,068,608 | ---- | M] () -- C:\Documents and Settings\Laurence et Anthony\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/05 18:42:28 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/04 22:22:55 | 00,526,848 | ---- | M] () -- C:\Documents and Settings\Laurence et Anthony\Mes documents\Notre petite Famille.doc
< End of report >
2nd:
OTViewIt Extras logfile created on: 05/03/2009 22:54:52 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Laurence et Anthony\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
510,48 Mb Total Physical Memory | 215,16 Mb Available Physical Memory | 42,15% Memory free
1,22 Gb Paging File | 0,86 Gb Available in Paging File | 70,51% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 50,91 Gb Free Space | 68,32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC302132836219
Current User Name: Laurence et Anthony
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 03:34:21 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/12/02 21:44:52 | 00,582,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2008/12/02 21:53:08 | 01,170,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
[2008/12/02 22:41:56 | 03,882,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 03:34:21 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/08/02 14:52:12 | 05,484,544 | ---- | M] (http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe:*:Enabled:eMule
[2008/07/24 13:22:22 | 00,189,824 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail
[2008/07/24 13:22:28 | 00,243,072 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
[2008/07/24 13:22:24 | 00,112,000 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
[2009/02/07 21:52:48 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/11/16 18:04:32 | 00,663,552 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home
[2009/02/10 21:26:56 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Laurence et Anthony\Mes documents\Mes fichiers reçus\utorrent.exe:*:Enabled:µTorrent
[2007/10/17 15:28:09 | 33,574,912 | ---- | M] (Sports Interactive) -- C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008
[2008/01/15 03:22:48 | 19,926,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/04/23 16:45:34 | 22,058,792 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2008/12/02 21:44:52 | 00,582,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2008/12/02 21:53:08 | 01,170,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
[2008/12/02 22:41:56 | 03,882,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2008/04/14 03:34:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2009/02/13 16:55:44 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2004/01/29 15:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2008/12/02 22:37:44 | 00,062,280 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2004/01/29 15:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2004/01/29 15:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2001/06/20 02:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2008/12/02 22:37:44 | 00,062,280 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2008/01/24 15:22:56 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[2008/04/23 16:45:34 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])
[2008/12/02 22:38:50 | 00,791,368 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01523985-2098-43AF-9C97-12B07BE02A9B}"=Windows Live Call
"{02E22217-0E96-4C3F-B831-83AA942B7715}"=UserGuides
"{059C042E-796A-4ACC-A81A-ECC2010BB78C}"=Windows Live Messenger
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic Data Module
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{13F3917B56CD4C25848BDC69916971BB}"=DivX Converter
"{15D91706-6ADF-44CF-9D7D-FF2D8ACD2C6F}"=LS_HSI
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}"=HP Software Update
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}"=Picture Package
"{205C6BDD-7B73-42DE-8505-9A093F35A238}"=Outil de téléchargement Windows Live
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}"=MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java(TM) 6 Update 11
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150010}"=J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150020}"=J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}"=J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3CCB732A-E472-4CF9-B1EE-F18365341FE0}"=Installation Windows Live
"{3FC7CBBC4C1E11DCA1A752EA55D89593}"=DivX Version Checker
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}"=HP Wireless Assistant 1.01 A3
"{43563ACB-371B-4C58-8979-B192B390424C}"=Galerie de photos Windows Live
"{4908C75E-E5E2-43F7-B1DF-023CBA831036}"=Nero 7 Premium
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}"=Junk Mail filter update
"{544FB392-069D-4BA5-9DC7-FFD47230AEE5}"=Photohands 1.0F
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}"=Sony USB Driver
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{5EC786D5-C0CA-42E0-AF88-5379EF9D91EC}"=First Step Guide
"{63DC2DA0-2A6C-4C38-9249-B75395458657}"=Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Sonic Express Labeler
"{67D0313C-4F15-437D-9A2D-C1564088A26A}"=Windows Live Sync
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}"=QuickTime
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}"=VC80CRTRedist - 8.0.50727.762
"{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}"=Sentinel System Driver
"{7AC15160-A49B-4A89-B181-D4619C025FFF}"=Samsung Samples Installer
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}"=Connexion Facile à Internet
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8F7953DB-3529-4D69-A577-CC22D4F32C51}"=Utilitaire de gestion du LAN Wifi IEEE 802.11g
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}"=Choice Guard
"{9019040C-6000-11D3-8CFE-0050048383C9}"=Microsoft Publisher 2002
"{9028040C-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional avec FrontPage
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1}"=TIxx21
"{9A394342-4A68-4EBA-85A6-55B559F4E700}"=Microsoft .NET Framework 1.1 French Language Pack
"{9C650676-CDDB-42C0-8D11-3EEB7F791F99}"=Kit d'installation
"{A059DE09-1B49-4450-B340-7AE097EC3F04}"=Microsoft Works
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}"=Segoe UI
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}"=HP Help and Support
"{A96E97134CA649888820BCDE5E300BBD}"=H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}"=MKV Splitter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic Audio Module
"{AC76BA86-7AD7-1036-7B44-A70900000002}"=Adobe Reader 7.0.9 - Français
"{AC76BA86-7AD7-5464-3428-7050000000A7}"=Adobe Reader 7.0.5 Language Support
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}"=AAC Decoder
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic Copy Module
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}"=iTunes
"{C151CE54-E7EA-4804-854B-F515368B0798}"=Athlon 64 Processor Driver
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}"=Logiciel QuickCam de Logitech
"{C4A4722E-79F9-417C-BD72-8D359A090C97}"=Samsung PC Studio
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}"=Quick Launch Buttons 5.10 B3
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}"=Assistant de connexion Windows Live
"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}"=Apple Mobile Device Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}"=HpSdpAppCoreApp
"{E188D820-1218-4E28-8BCA-91134C3664C2}"=Ulead VideoStudio 10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Codeur Windows Media Série 9
"{E6514842-09F1-4497-8345-65BA98AD3479}"=Samsung PC Studio
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}"=Samsung PC Studio 3 USB Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1A2577D-2FDF-47D5-9055-ABE809D78D15}"=eMule Shell Extension
"{F69E83CF-B440-43F8-89E6-6EA80712109B}"=Windows Live Communications Platform
"{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}"=ImageMixer VCD2
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Ad-remover"=Ad-remover
"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus
"ATI Display Driver"=ATI Display Driver
"Canon Setup Utility 2.0"=Canon Setup Utility 2.0
"CANONBJ_Deinstall_CNMCP78.DLL"=Canon iP4200
"CCleaner"=CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3085103C"=Data Fax SoftModem with SmartCP
"Conexant PCI Audio"=Conexant AC-Link Audio
"DivX Plus DirectShow Filters"=DivX Plus DirectShow Filters
"Easy-PhotoPrint"=Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox"=Canon Utilities Easy-PrintToolBox
"Easy-WebPrint"=Easy-WebPrint
"eMule"=eMule
"FileZilla"=FileZilla (remove only)
"Football Manager 2008"=Football Manager 2008
"HijackThis"=HijackThis 2.0.2
"HP Pavillion zv6000 User Guides"=HP Pavillion zv6000 User Guides
"HUFFYUV"=Huffyuv AVI lossless video codec (Remove Only)
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"IncrediMail"=IncrediMail Xe
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}"=Connexion Facile à Internet
"InstallShield_{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1}"=Texas Instruments PCIxx21/x515 drivers.
"Logitech Print Service"=Logitech Print Service
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint"=CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.6)"=Mozilla Firefox (3.0.6)
"Mozilla Thunderbird (2.0.0.19)"=Mozilla Thunderbird (2.0.0.19)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MsgPlus! Plugin"=Messenger Plus! 3 & Sponsor
"MSNINST"=MSN
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"QcDrv"=Programme de gestion Camera de Logitech®
"SAMSUNG CDMA Modem"=SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem"=SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0"=SAMSUNG Mobile USB Modem 1.0 Software
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.4
"Spyware Terminator_is1"=Spyware Terminator
"SpywareBlaster_is1"=SpywareBlaster 4.1
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"VLC media player"=VideoLAN VLC media player 0.8.5
"Vodafone 804SS USB driver"=SAMSUNG Mobile USB Modem ^^
"Windows Media Encoder 9"=Codeur Windows Media Série 9
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Lecteur Windows Media 11
"Windows XP Service"=Windows XP Service Pack 3
"WinLiveSuite_Wave3"=Installation Windows Live
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 05/02/2009 14:08:54 | Computer Name = PC302132836219 | Source = LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.
Error - 05/02/2009 14:08:54 | Computer Name = PC302132836219 | Source = LoadPerf | ID = 3011
Description = Le déchargement des chaînes de compteurs de performances pour le service
ContentIndex (ContentIndex) a échoué. Le code d'erreur est le premier DWORD de la
section Data.
Error - 05/02/2009 14:08:54 | Computer Name = PC302132836219 | Source = LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.
Error - 05/02/2009 14:08:54 | Computer Name = PC302132836219 | Source = LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.
Error - 05/02/2009 14:08:54 | Computer Name = PC302132836219 | Source = LoadPerf | ID = 3011
Description = Le déchargement des chaînes de compteurs de performances pour le service
ContentFilter (ContentFilter) a échoué. Le code d'erreur est le premier DWORD de
la section Data.
Error - 05/02/2009 14:08:54 | Computer Name = PC302132836219 | Source = LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.
Error - 05/02/2009 14:08:54 | Computer Name = PC302132836219 | Source = LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.
Error - 05/02/2009 14:08:54 | Computer Name = PC302132836219 | Source = LoadPerf | ID = 3011
Description = Le déchargement des chaînes de compteurs de performances pour le service
ISAPISearch (ISAPISearch) a échoué. Le code d'erreur est le premier DWORD de la
section Data.
Error - 06/02/2009 09:02:24 | Computer Name = PC302132836219 | Source = MsiInstaller | ID = 11706
Description = Produit : Microsoft Office XP Professional avec FrontPage -- Erreur
1706. Le programme d'installation ne peut pas trouver les fichiers requis. Vérifiez
votre connexion au réseau ou votre lecteur de CD-ROM. Pour des solutions éventuelles
à ce problème, consultez C:\Program Files\Microsoft Office\Office10\1036\SETUP.HLP.
Error - 06/02/2009 09:02:28 | Computer Name = PC302132836219 | Source = MsiInstaller | ID = 1024
Description = Produit : Microsoft Office XP Professional avec FrontPage - La mise
à jour '{10864676-F019-4492-91BC-6A5F68C72840}' n'a pas pu être installée. Code
d'erreur 1603. Windows Installer peut créer des journaux pour faciliter la résolution
des éventuelles erreurs d'installation des packages logiciels. Utilisez le lien
suivant pour afficher des instructions concernant l'activation des journaux : http://go.microsoft.com/fwlink/?LinkId=23127
[ System Events ]
Error - 05/03/2009 17:53:32 | Computer Name = PC302132836219 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2
Error - 05/03/2009 17:53:32 | Computer Name = PC302132836219 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2
Error - 05/03/2009 17:53:32 | Computer Name = PC302132836219 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2
Error - 05/03/2009 17:53:32 | Computer Name = PC302132836219 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2
Error - 05/03/2009 17:53:32 | Computer Name = PC302132836219 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2
Error - 05/03/2009 17:53:32 | Computer Name = PC302132836219 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2
Error - 05/03/2009 17:53:32 | Computer Name = PC302132836219 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2
Error - 05/03/2009 17:53:33 | Computer Name = PC302132836219 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2
Error - 05/03/2009 17:53:33 | Computer Name = PC302132836219 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2
Error - 05/03/2009 17:53:33 | Computer Name = PC302132836219 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2
< End of report >
cordialement.
Curson
le 05 mars 2009 à 23h09
Bonsoir,
1) Désactive les logiciels de protection.
2) Télécharge Combofix de sUBs : combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
3) Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Cordialement.
1) Désactive les logiciels de protection.
2) Télécharge Combofix de sUBs : combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
3) Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
Si votre sujet reste sans réponse, merci de le signaler ici.
jalawe
le 07 mars 2009 à 22h14
Bonsoir,
Voici le rapport de combofix :
ComboFix 09-03-06.02 - Laurence et Anthony 2009-03-07 22:03:49.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.510.116 [GMT 1:00]
Lancé depuis: c:\documents and settings\Laurence et Anthony\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-07 au 2009-03-07 ))))))))))))))))))))))))))))))))))))
.
2009-03-07 22:01 . 2009-03-07 22:01 <REP> d-------- C:\32788R22FWJFW
2009-02-13 16:55 . 2009-02-13 16:55 <REP> d-------- c:\program files\uTorrent
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 20:56 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-05 20:39 --------- d-----w c:\program files\Trend Micro
2009-03-05 20:33 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-05 15:08 --------- d-----w c:\documents and settings\Laurence et Anthony\Application Data\Spyware Terminator
2009-03-03 18:01 --------- d-----w c:\program files\Spyware Terminator
2009-03-02 19:36 --------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-03-01 09:25 --------- d-----w c:\documents and settings\Laurence et Anthony\Application Data\uTorrent
2009-02-26 18:51 --------- d-----w c:\program files\eMule
2009-02-26 17:58 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-05 20:37 --------- d-----w c:\program files\Windows Live
2009-02-05 20:36 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-02-05 20:34 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-05 20:34 --------- d-----w c:\program files\Microsoft
2009-02-05 20:08 --------- d-----w c:\program files\Fichiers communs\Windows Live
2009-02-03 18:43 --------- d-----w c:\program files\DivX
2009-01-20 20:48 --------- d-----w c:\documents and settings\Laurence et Anthony\Application Data\Thunderbird
2009-01-19 21:09 --------- d-----w c:\program files\Microsoft Works
2009-01-07 20:00 108,088 ----a-w c:\documents and settings\Laurence et Anthony\Application Data\GDIPFONTCACHEV1.DAT
2008-12-25 00:58 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2007-01-28 11:48 560 ----a-w c:\documents and settings\Laurence et Anthony\Application Data\ViewerApp.dat
2001-03-28 10:02 122,880 ----a-w c:\windows\inf\Agfa\message.exe
2006-05-06 16:42 7,260,160 ----a-w c:\program files\mozilla firefox\plugins\libvlc.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-12-25 2267136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-25 136600]
c:\documents and settings\Laurence et Anthony\Menu D‚marrer\Programmes\D‚marrage\
SpywareBlaster.lnk - c:\program files\SpywareBlaster\spywareblaster.exe [2008-12-25 1320464]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"SENTINEL"= snti386.dll
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Supervision de Photo Loader.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Laurence et Anthony^Menu Démarrer^Programmes^Démarrage^CD-MENU.LNK]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-03-22 20:05 339968 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 18:04 139264 c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2005-02-17 13:01 233534 c:\program files\HPQ\Default Settings\Cpqset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2004-12-03 12:24 290816 c:\program files\HPQ\Quick Launch Buttons\eabservr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 02:10 409600 c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 22:11 49152 c:\program files\Hp\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2005-04-11 14:21 794624 c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2008-07-24 13:22 243072 c:\program files\IncrediMail\bin\IncMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 c:\program files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 c:\program files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2004-10-14 12:54 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-05-27 09:18 221184 c:\windows\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-05-08 19:06 190024 c:\program files\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 c:\program files\Java\jre1.5.0_10\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-30 21:19 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-02-02 13:11 692316 c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2005-02-02 13:12 102492 c:\program files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
--a------ 2006-03-07 00:52 36864 c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"hpqwmi"=3 (0x3)
"gusvc"=3 (0x3)
"FreezeScreenSaver"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Documents and Settings\\Laurence et Anthony\\Mes documents\\Mes fichiers reçus\\utorrent.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-12-25 142592]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-03-22 200192]
R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [2005-07-13 260608]
S3 NBXG7031;NB 802.11g XG703 SP1 Driver;c:\windows\system32\drivers\WlanUIG.sys [2005-10-21 381312]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1303ddf6-8f98-11dc-860d-0060b355a6b3}]
\Shell\AutoRun\command - E:\AutoTransfer.exe
.
Contenu du dossier 'Tâches planifiées'
2009-03-07 c:\windows\Tasks\A966FF5091857DCC.job
- c:\docume~1\lauren~1\applic~1\oncedo~1\LongDoesMove.exe []
2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
2009-03-07 c:\windows\Tasks\zximadae.job
- c:\windows\system32\xxyxuVoO.dll []
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
TCP: {3AA64611-7245-4495-97EA-EE7BF747E636} = 192.168.30.1
TCP: {DCDB0A75-39C3-4E17-99AD-5E9CA1A1372A} = 192.168.30.1
FF - ProfilePath - c:\documents and settings\Laurence et Anthony\Application Data\Mozilla\Firefox\Profiles\durybrv7.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Rechercher
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-07 22:06:51
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software]
@DACL=(02 0000)
@SACL=
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\Block Senders]
@DACL=(02 0000)
"Version"=dword:00050000
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\Columns]
@DACL=(02 0000)
"Local Store Column Info"=hex:10,00,00,00,03,00,00,00,06,00,00,00,03,00,00,00,
ff,ff,ff,ff,08,00,00,00,01,00,00,00,ff,ff,ff,ff,07,00,00,00,01,00,00,00,ff,\
"Mail Column Info (In)"=hex:10,00,00,00,07,00,00,00,0f,00,00,00,09,00,00,00,13,
00,00,00,10,00,00,00,09,00,00,00,16,00,00,00,14,00,00,00,09,00,00,00,19,00,\
"Mail Column Info (Out)"=hex:10,00,00,00,06,00,00,00,0f,00,00,00,09,00,00,00,
ff,ff,ff,ff,10,00,00,00,09,00,00,00,ff,ff,ff,ff,00,00,00,00,01,00,00,00,ee,\
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\Mail]
@DACL=(02 0000)
"Welcome Message"=dword:00000000
"Accounts Checked"=dword:00000001
"Safe Attachments"=dword:00000001
"Secure Safe Attachments"=dword:00000001
"Check Mail on Startup"=dword:00000001
"No Check Default"=dword:00000001
"Saved Toolbar Settings"=hex:11,9e,00,00,f0,9c,00,00,f1,9c,00,00,f4,9c,00,00,
ff,ff,ff,ff,b4,9c,00,00,f2,9d,00,00,ff,ff,ff,ff,01,9d,00,00,ff,ff,ff,ff,07,\
"Saved Toolbar Settings Version"=dword:00000011
"ShowHybridView"=dword:00000000
"Show Header Info"=dword:00000001
"SplitDir"=dword:00000000
"SplitHorzPct"=dword:00000032
"SplitVertPct"=dword:00000032
"Default_CodePage"=dword:00006faf
"NotePosEx"=hex:2c,00,00,00,02,00,00,00,03,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,ff,ff,ff,ff,b8,01,00,00,b0,00,00,00,48,03,00,00,51,02,00,00
"ThreadArticles"=dword:00000000
"Wide Stationery Name"=""
"Stationery Name Converted"=dword:00000001
"Compose Use Stationery"=dword:00000000
"Font Size"=dword:00000009
"Font Name"="Arial"
"PlaySoundOnNewMail"=dword:00000001
"Poll For Mail"=dword:000493e0
"Attach VCard"=dword:00000000
"VCard Display Name"=""
"Log POP3 (0/1)"=dword:00000000
"Log IMAP4 (0/1)"=dword:00000000
"Log HTTPMail (0/1)"=dword:00000000
"Delete Wastebasket On Exit"=dword:00000001
"MarkPreviewAsRead"=dword:00000005
"Message Read HTML"=dword:00000001
"SaveInSentItems"=dword:00000001
"Auto Add Replies To WAB"=dword:00000001
"Include Reply Msg"=dword:00000001
"Send Mail Immediately"=dword:00000001
"Message Send HTML"=dword:00000001
"Digitally Sign Messages"=dword:00000000
"Encrypt Messages"=dword:00000000
"Block External Content"=dword:00000001
"Warn on Mapi Send"=dword:00000001
"Security Label"=dword:00000000
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\MailNote]
@DACL=(02 0000)
"Read Mail Toolbar Settings"=hex:f0,9c,00,00,f1,9c,00,00,f4,9c,00,00,ff,ff,ff,
ff,b4,9c,00,00,22,9e,00,00,ff,ff,ff,ff,d1,9c,00,00,d2,9c,00,00,ff,ff,ff,ff,\
"Saved Toolbar Settings Version"=dword:0000000f
"Send Mail Toolbar Settings"=hex:db,9d,00,00,ff,ff,ff,ff,26,9d,00,00,24,9e,00,
00,27,9d,00,00,25,9d,00,00,ff,ff,ff,ff,48,9d,00,00,47,9d,00,00,ff,ff,ff,ff,\
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\News]
@DACL=(02 0000)
"Accounts Checked"=dword:00000000
"No Check Default"=dword:00000000
"ShowHybridView"=dword:00000001
"Show Header Info"=dword:00000001
"SplitDir"=dword:00000000
"SplitHorzPct"=dword:00000032
"SplitVertPct"=dword:00000032
"Wide Stationery Name"=""
"Stationery Name Converted"=dword:00000001
"Compose Use Stationery"=dword:00000000
"Font Size"=dword:00000009
"Font Name"="Arial"
"New group notification"=dword:00000001
"Attach VCard"=dword:00000000
"VCard Display Name"=""
"Cache Delete Message Days"=dword:00000005
"Cache Compact Percent"=dword:00000014
"Cache Read Messages"=dword:00000000
"Log"=dword:00000000
"Download at a time"=dword:0000012c
"Auto Expand Threads"=dword:00000000
"Auto Fill Preview"=dword:00000001
"Mark Read on Exit"=dword:00000000
"Message Send HTML"=dword:00000000
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\Recent Stationery Wide List]
@DACL=(02 0000)
"File0"="Belle journée.htm"
"File1"="Nature.htm"
"File2"="Céramique.htm"
"File3"="Tournesol.htm"
"File4"="Punch aux agrumes.htm"
"File5"="Vierge.htm"
"File6"="Feuilles.htm"
"File7"=""
"File8"=""
"File9"=""
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\Rules]
@DACL=(02 0000)
"Messenger Auto logon"=dword:00000000
"MessengerWuzHere"=dword:00000000
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\signatures]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\Trident]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\WAB]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\AcroAccess.AcroAccess\CLSID]
@DACL=(02 0000)
@SACL=
@="{C523F39F-9C83-11D3-9094-00104BD0D535}"
[HKEY_LOCAL_MACHINE\software\Classes\AcroAccess.AcroAccess\CurVer]
@DACL=(02 0000)
@SACL=
@="AcroAccess.AcroAccess.1"
[HKEY_LOCAL_MACHINE\software\Classes\AcroAccess.AcroAccess.1\CLSID]
@DACL=(02 0000)
@SACL=
@="{C523F39F-9C83-11D3-9094-00104BD0D535}"
[HKEY_LOCAL_MACHINE\software\Classes\DSP.DSP\CLSID]
@DACL=(02 0000)
@SACL=
@="{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}"
[HKEY_LOCAL_MACHINE\software\Classes\DSP.DSP\CurVer]
@DACL=(02 0000)
@SACL=
@="DSP.DSP.1"
[HKEY_LOCAL_MACHINE\software\Classes\DSP.DSPDMOProp_Chorus.1\CLSID]
@DACL=(02 0000)
@SACL=
@="{6F63B172-5543-4593-91CE-EDBA65B9FACDB}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{C523F390-9C83-11D3-9094-00104BD0D535}\2.0]
@DACL=(02 0000)
@SACL=
@="Acrobat Access 2.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\10.0]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services]
@DACL=(02 0000)
@SACL=
"NoServices"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-03-07 22:08:38
ComboFix-quarantined-files.txt 2009-03-07 21:08:26
Avant-CF: 54 639 640 576 octets libres
Après-CF: 54,727,675,904 octets libres
397 --- E O F --- 2009-03-05 15:17:09
Cordialement.
Voici le rapport de combofix :
ComboFix 09-03-06.02 - Laurence et Anthony 2009-03-07 22:03:49.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.510.116 [GMT 1:00]
Lancé depuis: c:\documents and settings\Laurence et Anthony\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-07 au 2009-03-07 ))))))))))))))))))))))))))))))))))))
.
2009-03-07 22:01 . 2009-03-07 22:01 <REP> d-------- C:\32788R22FWJFW
2009-02-13 16:55 . 2009-02-13 16:55 <REP> d-------- c:\program files\uTorrent
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 20:56 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-05 20:39 --------- d-----w c:\program files\Trend Micro
2009-03-05 20:33 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-05 15:08 --------- d-----w c:\documents and settings\Laurence et Anthony\Application Data\Spyware Terminator
2009-03-03 18:01 --------- d-----w c:\program files\Spyware Terminator
2009-03-02 19:36 --------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-03-01 09:25 --------- d-----w c:\documents and settings\Laurence et Anthony\Application Data\uTorrent
2009-02-26 18:51 --------- d-----w c:\program files\eMule
2009-02-26 17:58 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-05 20:37 --------- d-----w c:\program files\Windows Live
2009-02-05 20:36 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-02-05 20:34 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-05 20:34 --------- d-----w c:\program files\Microsoft
2009-02-05 20:08 --------- d-----w c:\program files\Fichiers communs\Windows Live
2009-02-03 18:43 --------- d-----w c:\program files\DivX
2009-01-20 20:48 --------- d-----w c:\documents and settings\Laurence et Anthony\Application Data\Thunderbird
2009-01-19 21:09 --------- d-----w c:\program files\Microsoft Works
2009-01-07 20:00 108,088 ----a-w c:\documents and settings\Laurence et Anthony\Application Data\GDIPFONTCACHEV1.DAT
2008-12-25 00:58 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2007-01-28 11:48 560 ----a-w c:\documents and settings\Laurence et Anthony\Application Data\ViewerApp.dat
2001-03-28 10:02 122,880 ----a-w c:\windows\inf\Agfa\message.exe
2006-05-06 16:42 7,260,160 ----a-w c:\program files\mozilla firefox\plugins\libvlc.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-12-25 2267136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-25 136600]
c:\documents and settings\Laurence et Anthony\Menu D‚marrer\Programmes\D‚marrage\
SpywareBlaster.lnk - c:\program files\SpywareBlaster\spywareblaster.exe [2008-12-25 1320464]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"SENTINEL"= snti386.dll
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Supervision de Photo Loader.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Laurence et Anthony^Menu Démarrer^Programmes^Démarrage^CD-MENU.LNK]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-03-22 20:05 339968 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 18:04 139264 c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2005-02-17 13:01 233534 c:\program files\HPQ\Default Settings\Cpqset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2004-12-03 12:24 290816 c:\program files\HPQ\Quick Launch Buttons\eabservr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 02:10 409600 c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 22:11 49152 c:\program files\Hp\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2005-04-11 14:21 794624 c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2008-07-24 13:22 243072 c:\program files\IncrediMail\bin\IncMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 c:\program files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 c:\program files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2004-10-14 12:54 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-05-27 09:18 221184 c:\windows\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-05-08 19:06 190024 c:\program files\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 c:\program files\Java\jre1.5.0_10\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-30 21:19 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-02-02 13:11 692316 c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2005-02-02 13:12 102492 c:\program files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
--a------ 2006-03-07 00:52 36864 c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"hpqwmi"=3 (0x3)
"gusvc"=3 (0x3)
"FreezeScreenSaver"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Documents and Settings\\Laurence et Anthony\\Mes documents\\Mes fichiers reçus\\utorrent.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-12-25 142592]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-03-22 200192]
R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [2005-07-13 260608]
S3 NBXG7031;NB 802.11g XG703 SP1 Driver;c:\windows\system32\drivers\WlanUIG.sys [2005-10-21 381312]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1303ddf6-8f98-11dc-860d-0060b355a6b3}]
\Shell\AutoRun\command - E:\AutoTransfer.exe
.
Contenu du dossier 'Tâches planifiées'
2009-03-07 c:\windows\Tasks\A966FF5091857DCC.job
- c:\docume~1\lauren~1\applic~1\oncedo~1\LongDoesMove.exe []
2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
2009-03-07 c:\windows\Tasks\zximadae.job
- c:\windows\system32\xxyxuVoO.dll []
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
TCP: {3AA64611-7245-4495-97EA-EE7BF747E636} = 192.168.30.1
TCP: {DCDB0A75-39C3-4E17-99AD-5E9CA1A1372A} = 192.168.30.1
FF - ProfilePath - c:\documents and settings\Laurence et Anthony\Application Data\Mozilla\Firefox\Profiles\durybrv7.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Rechercher
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-07 22:06:51
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software]
@DACL=(02 0000)
@SACL=
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\Block Senders]
@DACL=(02 0000)
"Version"=dword:00050000
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\Columns]
@DACL=(02 0000)
"Local Store Column Info"=hex:10,00,00,00,03,00,00,00,06,00,00,00,03,00,00,00,
ff,ff,ff,ff,08,00,00,00,01,00,00,00,ff,ff,ff,ff,07,00,00,00,01,00,00,00,ff,\
"Mail Column Info (In)"=hex:10,00,00,00,07,00,00,00,0f,00,00,00,09,00,00,00,13,
00,00,00,10,00,00,00,09,00,00,00,16,00,00,00,14,00,00,00,09,00,00,00,19,00,\
"Mail Column Info (Out)"=hex:10,00,00,00,06,00,00,00,0f,00,00,00,09,00,00,00,
ff,ff,ff,ff,10,00,00,00,09,00,00,00,ff,ff,ff,ff,00,00,00,00,01,00,00,00,ee,\
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\Mail]
@DACL=(02 0000)
"Welcome Message"=dword:00000000
"Accounts Checked"=dword:00000001
"Safe Attachments"=dword:00000001
"Secure Safe Attachments"=dword:00000001
"Check Mail on Startup"=dword:00000001
"No Check Default"=dword:00000001
"Saved Toolbar Settings"=hex:11,9e,00,00,f0,9c,00,00,f1,9c,00,00,f4,9c,00,00,
ff,ff,ff,ff,b4,9c,00,00,f2,9d,00,00,ff,ff,ff,ff,01,9d,00,00,ff,ff,ff,ff,07,\
"Saved Toolbar Settings Version"=dword:00000011
"ShowHybridView"=dword:00000000
"Show Header Info"=dword:00000001
"SplitDir"=dword:00000000
"SplitHorzPct"=dword:00000032
"SplitVertPct"=dword:00000032
"Default_CodePage"=dword:00006faf
"NotePosEx"=hex:2c,00,00,00,02,00,00,00,03,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,ff,ff,ff,ff,b8,01,00,00,b0,00,00,00,48,03,00,00,51,02,00,00
"ThreadArticles"=dword:00000000
"Wide Stationery Name"=""
"Stationery Name Converted"=dword:00000001
"Compose Use Stationery"=dword:00000000
"Font Size"=dword:00000009
"Font Name"="Arial"
"PlaySoundOnNewMail"=dword:00000001
"Poll For Mail"=dword:000493e0
"Attach VCard"=dword:00000000
"VCard Display Name"=""
"Log POP3 (0/1)"=dword:00000000
"Log IMAP4 (0/1)"=dword:00000000
"Log HTTPMail (0/1)"=dword:00000000
"Delete Wastebasket On Exit"=dword:00000001
"MarkPreviewAsRead"=dword:00000005
"Message Read HTML"=dword:00000001
"SaveInSentItems"=dword:00000001
"Auto Add Replies To WAB"=dword:00000001
"Include Reply Msg"=dword:00000001
"Send Mail Immediately"=dword:00000001
"Message Send HTML"=dword:00000001
"Digitally Sign Messages"=dword:00000000
"Encrypt Messages"=dword:00000000
"Block External Content"=dword:00000001
"Warn on Mapi Send"=dword:00000001
"Security Label"=dword:00000000
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\MailNote]
@DACL=(02 0000)
"Read Mail Toolbar Settings"=hex:f0,9c,00,00,f1,9c,00,00,f4,9c,00,00,ff,ff,ff,
ff,b4,9c,00,00,22,9e,00,00,ff,ff,ff,ff,d1,9c,00,00,d2,9c,00,00,ff,ff,ff,ff,\
"Saved Toolbar Settings Version"=dword:0000000f
"Send Mail Toolbar Settings"=hex:db,9d,00,00,ff,ff,ff,ff,26,9d,00,00,24,9e,00,
00,27,9d,00,00,25,9d,00,00,ff,ff,ff,ff,48,9d,00,00,47,9d,00,00,ff,ff,ff,ff,\
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\News]
@DACL=(02 0000)
"Accounts Checked"=dword:00000000
"No Check Default"=dword:00000000
"ShowHybridView"=dword:00000001
"Show Header Info"=dword:00000001
"SplitDir"=dword:00000000
"SplitHorzPct"=dword:00000032
"SplitVertPct"=dword:00000032
"Wide Stationery Name"=""
"Stationery Name Converted"=dword:00000001
"Compose Use Stationery"=dword:00000000
"Font Size"=dword:00000009
"Font Name"="Arial"
"New group notification"=dword:00000001
"Attach VCard"=dword:00000000
"VCard Display Name"=""
"Cache Delete Message Days"=dword:00000005
"Cache Compact Percent"=dword:00000014
"Cache Read Messages"=dword:00000000
"Log"=dword:00000000
"Download at a time"=dword:0000012c
"Auto Expand Threads"=dword:00000000
"Auto Fill Preview"=dword:00000001
"Mark Read on Exit"=dword:00000000
"Message Send HTML"=dword:00000000
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\Recent Stationery Wide List]
@DACL=(02 0000)
"File0"="Belle journée.htm"
"File1"="Nature.htm"
"File2"="Céramique.htm"
"File3"="Tournesol.htm"
"File4"="Punch aux agrumes.htm"
"File5"="Vierge.htm"
"File6"="Feuilles.htm"
"File7"=""
"File8"=""
"File9"=""
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\Rules]
@DACL=(02 0000)
"Messenger Auto logon"=dword:00000000
"MessengerWuzHere"=dword:00000000
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\signatures]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\Trident]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\WAB]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\AcroAccess.AcroAccess\CLSID]
@DACL=(02 0000)
@SACL=
@="{C523F39F-9C83-11D3-9094-00104BD0D535}"
[HKEY_LOCAL_MACHINE\software\Classes\AcroAccess.AcroAccess\CurVer]
@DACL=(02 0000)
@SACL=
@="AcroAccess.AcroAccess.1"
[HKEY_LOCAL_MACHINE\software\Classes\AcroAccess.AcroAccess.1\CLSID]
@DACL=(02 0000)
@SACL=
@="{C523F39F-9C83-11D3-9094-00104BD0D535}"
[HKEY_LOCAL_MACHINE\software\Classes\DSP.DSP\CLSID]
@DACL=(02 0000)
@SACL=
@="{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}"
[HKEY_LOCAL_MACHINE\software\Classes\DSP.DSP\CurVer]
@DACL=(02 0000)
@SACL=
@="DSP.DSP.1"
[HKEY_LOCAL_MACHINE\software\Classes\DSP.DSPDMOProp_Chorus.1\CLSID]
@DACL=(02 0000)
@SACL=
@="{6F63B172-5543-4593-91CE-EDBA65B9FACDB}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{C523F390-9C83-11D3-9094-00104BD0D535}\2.0]
@DACL=(02 0000)
@SACL=
@="Acrobat Access 2.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\10.0]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services]
@DACL=(02 0000)
@SACL=
"NoServices"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-03-07 22:08:38
ComboFix-quarantined-files.txt 2009-03-07 21:08:26
Avant-CF: 54 639 640 576 octets libres
Après-CF: 54,727,675,904 octets libres
397 --- E O F --- 2009-03-05 15:17:09
Cordialement.
Curson
le 07 mars 2009 à 23h47
Bonsoir,
1) Désactive les logiciels de protection (Antivirus, Antispywares) puis :
2) Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
- Une fenêtre bleue va apparaître. Tape 1 si nécessaire.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.
- Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
3) Télécharge Lop S&D sur ton bureau
- Double-clique dessus pour lancer l'installation
- Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
- Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
- Patiente jusqu'à la fin du scan
- Poste le rapport généré (C:\lopR.txt)
4) Analyse ton système avec le Kaspersky Online Scanner. Tutorial.
Poste le résultat de l'analyse ici.
Cordialement.
1) Désactive les logiciels de protection (Antivirus, Antispywares) puis :
2) Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
- Une fenêtre bleue va apparaître. Tape 1 si nécessaire.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.
- Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
3) Télécharge Lop S&D sur ton bureau
- Double-clique dessus pour lancer l'installation
- Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
- Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
- Patiente jusqu'à la fin du scan
- Poste le rapport généré (C:\lopR.txt)
4) Analyse ton système avec le Kaspersky Online Scanner. Tutorial.
Poste le résultat de l'analyse ici.
Cordialement.
-->Message édité par Curson le 08/03/2009 00:20:04<--
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
Si votre sujet reste sans réponse, merci de le signaler ici.
jalawe
le 08 mars 2009 à 14h32
Bonjour, voici le 1er rapport:
ComboFix 09-03-06.02 - Laurence et Anthony 2009-03-08 14:19:14.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.510.138 [GMT 1:00]
Lancé depuis: c:\documents and settings\Laurence et Anthony\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Laurence et Anthony\Bureau\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
FILE ::
c:\windows\dummy.exe
c:\windows\system32\FreezeScreenSaver.exe
c:\windows\system32\xxyxuVoO.dll
c:\windows\tasks\A966FF5091857DCC.job
c:\windows\tasks\zximadae.job
c:\windows\YourScreen Saver.scr
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\lauren~1\applic~1\oncedo~1
c:\docume~1\lauren~1\applic~1\oncedo~1\152E8C31
c:\windows\tasks\A966FF5091857DCC.job
c:\windows\tasks\zximadae.job
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-08 au 2009-03-08 ))))))))))))))))))))))))))))))))))))
.
2009-02-13 16:55 . 2009-02-13 16:55 <REP> d-------- c:\program files\uTorrent
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 13:25 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-08 13:11 --------- d-----w c:\program files\Spyware Terminator
2009-03-08 13:11 --------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-03-08 13:01 --------- d-----w c:\documents and settings\Laurence et Anthony\Application Data\Spyware Terminator
2009-03-07 21:50 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-07 21:21 --------- d-----w c:\program files\Google
2009-03-05 20:39 --------- d-----w c:\program files\Trend Micro
2009-03-01 09:25 --------- d-----w c:\documents and settings\Laurence et Anthony\Application Data\uTorrent
2009-02-26 18:51 --------- d-----w c:\program files\eMule
2009-02-26 17:58 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-05 20:37 --------- d-----w c:\program files\Windows Live
2009-02-05 20:36 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-02-05 20:34 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-05 20:34 --------- d-----w c:\program files\Microsoft
2009-02-05 20:08 --------- d-----w c:\program files\Fichiers communs\Windows Live
2009-02-03 18:43 --------- d-----w c:\program files\DivX
2009-01-20 20:48 --------- d-----w c:\documents and settings\Laurence et Anthony\Application Data\Thunderbird
2009-01-19 21:09 --------- d-----w c:\program files\Microsoft Works
2009-01-07 20:00 108,088 ----a-w c:\documents and settings\Laurence et Anthony\Application Data\GDIPFONTCACHEV1.DAT
2008-12-25 00:58 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2007-01-28 11:48 560 ----a-w c:\documents and settings\Laurence et Anthony\Application Data\ViewerApp.dat
2001-03-28 10:02 122,880 ----a-w c:\windows\inf\Agfa\message.exe
2006-05-06 16:42 7,260,160 ----a-w c:\program files\mozilla firefox\plugins\libvlc.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\System32\BIN_STRSBW.SPT -- Not a PE file.
MD5: 150577287a452266b66c4963d16e4ffd
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-12-25 2267136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-25 136600]
c:\documents and settings\Laurence et Anthony\Menu D‚marrer\Programmes\D‚marrage\
SpywareBlaster.lnk - c:\program files\SpywareBlaster\spywareblaster.exe [2008-12-25 1320464]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"SENTINEL"= snti386.dll
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Supervision de Photo Loader.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Laurence et Anthony^Menu Démarrer^Programmes^Démarrage^CD-MENU.LNK]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-03-22 20:05 339968 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 18:04 139264 c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2005-02-17 13:01 233534 c:\program files\HPQ\Default Settings\Cpqset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2004-12-03 12:24 290816 c:\program files\HPQ\Quick Launch Buttons\eabservr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 02:10 409600 c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 22:11 49152 c:\program files\Hp\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2005-04-11 14:21 794624 c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2008-07-24 13:22 243072 c:\program files\IncrediMail\bin\IncMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 c:\program files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 c:\program files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2004-10-14 12:54 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-05-27 09:18 221184 c:\windows\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-05-08 19:06 190024 c:\program files\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 c:\program files\Java\jre1.5.0_10\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-30 21:19 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-02-02 13:11 692316 c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2005-02-02 13:12 102492 c:\program files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
--a------ 2006-03-07 00:52 36864 c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"hpqwmi"=3 (0x3)
"gusvc"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Documents and Settings\\Laurence et Anthony\\Mes documents\\Mes fichiers reçus\\utorrent.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-12-25 142592]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-03-22 200192]
R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [2005-07-13 260608]
S3 NBXG7031;NB 802.11g XG703 SP1 Driver;c:\windows\system32\drivers\WlanUIG.sys [2005-10-21 381312]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1303ddf6-8f98-11dc-860d-0060b355a6b3}]
\Shell\AutoRun\command - E:\AutoTransfer.exe
.
Contenu du dossier 'Tâches planifiées'
2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
TCP: {3AA64611-7245-4495-97EA-EE7BF747E636} = 192.168.30.1
TCP: {DCDB0A75-39C3-4E17-99AD-5E9CA1A1372A} = 192.168.30.1
FF - ProfilePath - c:\documents and settings\Laurence et Anthony\Application Data\Mozilla\Firefox\Profiles\durybrv7.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Rechercher
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 14:23:56
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software]
@DACL=(02 0000)
@SACL=
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\Block Senders]
@DACL=(02 0000)
"Version"=dword:00050000
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\Columns]
@DACL=(02 0000)
"Local Store Column Info"=hex:10,00,00,00,03,00,00,00,06,00,00,00,03,00,00,00,
ff,ff,ff,ff,08,00,00,00,01,00,00,00,ff,ff,ff,ff,07,00,00,00,01,00,00,00,ff,\
"Mail Column Info (In)"=hex:10,00,00,00,07,00,00,00,0f,00,00,00,09,00,00,00,13,
00,00,00,10,00,00,00,09,00,00,00,16,00,00,00,14,00,00,00,09,00,00,00,19,00,\
"Mail Column Info (Out)"=hex:10,00,00,00,06,00,00,00,0f,00,00,00,09,00,00,00,
ff,ff,ff,ff,10,00,00,00,09,00,00,00,ff,ff,ff,ff,00,00,00,00,01,00,00,00,ee,\
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\Mail]
@DACL=(02 0000)
"Welcome Message"=dword:00000000
"Accounts Checked"=dword:00000001
"Safe Attachments"=dword:00000001
"Secure Safe Attachments"=dword:00000001
"Check Mail on Startup"=dword:00000001
"No Check Default"=dword:00000001
"Saved Toolbar Settings"=hex:11,9e,00,00,f0,9c,00,00,f1,9c,00,00,f4,9c,00,00,
ff,ff,ff,ff,b4,9c,00,00,f2,9d,00,00,ff,ff,ff,ff,01,9d,00,00,ff,ff,ff,ff,07,\
"Saved Toolbar Settings Version"=dword:00000011
"ShowHybridView"=dword:00000000
"Show Header Info"=dword:00000001
"SplitDir"=dword:00000000
"SplitHorzPct"=dword:00000032
"SplitVertPct"=dword:00000032
"Default_CodePage"=dword:00006faf
"NotePosEx"=hex:2c,00,00,00,02,00,00,00,03,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,ff,ff,ff,ff,b8,01,00,00,b0,00,00,00,48,03,00,00,51,02,00,00
"ThreadArticles"=dword:00000000
"Wide Stationery Name"=""
"Stationery Name Converted"=dword:00000001
"Compose Use Stationery"=dword:00000000
"Font Size"=dword:00000009
"Font Name"="Arial"
"PlaySoundOnNewMail"=dword:00000001
"Poll For Mail"=dword:000493e0
"Attach VCard"=dword:00000000
"VCard Display Name"=""
"Log POP3 (0/1)"=dword:00000000
"Log IMAP4 (0/1)"=dword:00000000
"Log HTTPMail (0/1)"=dword:00000000
"Delete Wastebasket On Exit"=dword:00000001
"MarkPreviewAsRead"=dword:00000005
"Message Read HTML"=dword:00000001
"SaveInSentItems"=dword:00000001
"Auto Add Replies To WAB"=dword:00000001
"Include Reply Msg"=dword:00000001
"Send Mail Immediately"=dword:00000001
"Message Send HTML"=dword:00000001
"Digitally Sign Messages"=dword:00000000
"Encrypt Messages"=dword:00000000
"Block External Content"=dword:00000001
"Warn on Mapi Send"=dword:00000001
"Security Label"=dword:00000000
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\MailNote]
@DACL=(02 0000)
"Read Mail Toolbar Settings"=hex:f0,9c,00,00,f1,9c,00,00,f4,9c,00,00,ff,ff,ff,
ff,b4,9c,00,00,22,9e,00,00,ff,ff,ff,ff,d1,9c,00,00,d2,9c,00,00,ff,ff,ff,ff,\
"Saved Toolbar Settings Version"=dword:0000000f
"Send Mail Toolbar Settings"=hex:db,9d,00,00,ff,ff,ff,ff,26,9d,00,00,24,9e,00,
00,27,9d,00,00,25,9d,00,00,ff,ff,ff,ff,48,9d,00,00,47,9d,00,00,ff,ff,ff,ff,\
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\News]
@DACL=(02 0000)
"Accounts Checked"=dword:00000000
"No Check Default"=dword:00000000
"ShowHybridView"=dword:00000001
"Show Header Info"=dword:00000001
"SplitDir"=dword:00000000
"SplitHorzPct"=dword:00000032
"SplitVertPct"=dword:00000032
"Wide Stationery Name"=""
"Stationery Name Converted"=dword:00000001
"Compose Use Stationery"=dword:00000000
"Font Size"=dword:00000009
"Font Name"="Arial"
"New group notification"=dword:00000001
"Attach VCard"=dword:00000000
"VCard Display Name"=""
"Cache Delete Message Days"=dword:00000005
"Cache Compact Percent"=dword:00000014
"Cache Read Messages"=dword:00000000
"Log"=dword:00000000
"Download at a time"=dword:0000012c
"Auto Expand Threads"=dword:00000000
"Auto Fill Preview"=dword:00000001
"Mark Read on Exit"=dword:00000000
"Message Send HTML"=dword:00000000
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\Recent Stationery Wide List]
@DACL=(02 0000)
"File0"="Belle journée.htm"
"File1"="Nature.htm"
"File2"="Céramique.htm"
"File3"="Tournesol.htm"
"File4"="Punch aux agrumes.htm"
"File5"="Vierge.htm"
"File6"="Feuilles.htm"
"File7"=""
"File8"=""
"File9"=""
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\Rules]
@DACL=(02 0000)
"Messenger Auto logon"=dword:00000000
"MessengerWuzHere"=dword:00000000
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\signatures]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\Trident]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\WAB]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\AcroAccess.AcroAccess\CLSID]
@DACL=(02 0000)
@SACL=
@="{C523F39F-9C83-11D3-9094-00104BD0D535}"
[HKEY_LOCAL_MACHINE\software\Classes\AcroAccess.AcroAccess\CurVer]
@DACL=(02 0000)
@SACL=
@="AcroAccess.AcroAccess.1"
[HKEY_LOCAL_MACHINE\software\Classes\AcroAccess.AcroAccess.1\CLSID]
@DACL=(02 0000)
@SACL=
@="{C523F39F-9C83-11D3-9094-00104BD0D535}"
[HKEY_LOCAL_MACHINE\software\Classes\DSP.DSP\CLSID]
@DACL=(02 0000)
@SACL=
@="{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}"
[HKEY_LOCAL_MACHINE\software\Classes\DSP.DSP\CurVer]
@DACL=(02 0000)
@SACL=
@="DSP.DSP.1"
[HKEY_LOCAL_MACHINE\software\Classes\DSP.DSPDMOProp_Chorus.1\CLSID]
@DACL=(02 0000)
@SACL=
@="{6F63B172-5543-4593-91CE-EDBA65B9FACDB}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{C523F390-9C83-11D3-9094-00104BD0D535}\2.0]
@DACL=(02 0000)
@SACL=
@="Acrobat Access 2.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\10.0]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services]
@DACL=(02 0000)
@SACL=
"NoServices"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-03-08 14:28:58 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-08 13:28:55
ComboFix2.txt 2009-03-07 21:08:42
Avant-CF: 54 727 000 064 octets libres
Après-CF: 54,717,001,728 octets libres
424 --- E O F --- 2009-03-05 15:17:09
ComboFix 09-03-06.02 - Laurence et Anthony 2009-03-08 14:19:14.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.510.138 [GMT 1:00]
Lancé depuis: c:\documents and settings\Laurence et Anthony\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Laurence et Anthony\Bureau\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
FILE ::
c:\windows\dummy.exe
c:\windows\system32\FreezeScreenSaver.exe
c:\windows\system32\xxyxuVoO.dll
c:\windows\tasks\A966FF5091857DCC.job
c:\windows\tasks\zximadae.job
c:\windows\YourScreen Saver.scr
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\lauren~1\applic~1\oncedo~1
c:\docume~1\lauren~1\applic~1\oncedo~1\152E8C31
c:\windows\tasks\A966FF5091857DCC.job
c:\windows\tasks\zximadae.job
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-08 au 2009-03-08 ))))))))))))))))))))))))))))))))))))
.
2009-02-13 16:55 . 2009-02-13 16:55 <REP> d-------- c:\program files\uTorrent
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 13:25 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-08 13:11 --------- d-----w c:\program files\Spyware Terminator
2009-03-08 13:11 --------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-03-08 13:01 --------- d-----w c:\documents and settings\Laurence et Anthony\Application Data\Spyware Terminator
2009-03-07 21:50 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-07 21:21 --------- d-----w c:\program files\Google
2009-03-05 20:39 --------- d-----w c:\program files\Trend Micro
2009-03-01 09:25 --------- d-----w c:\documents and settings\Laurence et Anthony\Application Data\uTorrent
2009-02-26 18:51 --------- d-----w c:\program files\eMule
2009-02-26 17:58 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-05 20:37 --------- d-----w c:\program files\Windows Live
2009-02-05 20:36 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-02-05 20:34 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-05 20:34 --------- d-----w c:\program files\Microsoft
2009-02-05 20:08 --------- d-----w c:\program files\Fichiers communs\Windows Live
2009-02-03 18:43 --------- d-----w c:\program files\DivX
2009-01-20 20:48 --------- d-----w c:\documents and settings\Laurence et Anthony\Application Data\Thunderbird
2009-01-19 21:09 --------- d-----w c:\program files\Microsoft Works
2009-01-07 20:00 108,088 ----a-w c:\documents and settings\Laurence et Anthony\Application Data\GDIPFONTCACHEV1.DAT
2008-12-25 00:58 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2007-01-28 11:48 560 ----a-w c:\documents and settings\Laurence et Anthony\Application Data\ViewerApp.dat
2001-03-28 10:02 122,880 ----a-w c:\windows\inf\Agfa\message.exe
2006-05-06 16:42 7,260,160 ----a-w c:\program files\mozilla firefox\plugins\libvlc.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\System32\BIN_STRSBW.SPT -- Not a PE file.
MD5: 150577287a452266b66c4963d16e4ffd
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-12-25 2267136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-25 136600]
c:\documents and settings\Laurence et Anthony\Menu D‚marrer\Programmes\D‚marrage\
SpywareBlaster.lnk - c:\program files\SpywareBlaster\spywareblaster.exe [2008-12-25 1320464]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"SENTINEL"= snti386.dll
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Supervision de Photo Loader.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Laurence et Anthony^Menu Démarrer^Programmes^Démarrage^CD-MENU.LNK]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-03-22 20:05 339968 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 18:04 139264 c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2005-02-17 13:01 233534 c:\program files\HPQ\Default Settings\Cpqset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2004-12-03 12:24 290816 c:\program files\HPQ\Quick Launch Buttons\eabservr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 02:10 409600 c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 22:11 49152 c:\program files\Hp\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2005-04-11 14:21 794624 c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2008-07-24 13:22 243072 c:\program files\IncrediMail\bin\IncMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 c:\program files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 c:\program files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2004-10-14 12:54 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-05-27 09:18 221184 c:\windows\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-05-08 19:06 190024 c:\program files\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 c:\program files\Java\jre1.5.0_10\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-30 21:19 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-02-02 13:11 692316 c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2005-02-02 13:12 102492 c:\program files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
--a------ 2006-03-07 00:52 36864 c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"hpqwmi"=3 (0x3)
"gusvc"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Documents and Settings\\Laurence et Anthony\\Mes documents\\Mes fichiers reçus\\utorrent.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-12-25 142592]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-03-22 200192]
R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [2005-07-13 260608]
S3 NBXG7031;NB 802.11g XG703 SP1 Driver;c:\windows\system32\drivers\WlanUIG.sys [2005-10-21 381312]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1303ddf6-8f98-11dc-860d-0060b355a6b3}]
\Shell\AutoRun\command - E:\AutoTransfer.exe
.
Contenu du dossier 'Tâches planifiées'
2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
TCP: {3AA64611-7245-4495-97EA-EE7BF747E636} = 192.168.30.1
TCP: {DCDB0A75-39C3-4E17-99AD-5E9CA1A1372A} = 192.168.30.1
FF - ProfilePath - c:\documents and settings\Laurence et Anthony\Application Data\Mozilla\Firefox\Profiles\durybrv7.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Rechercher
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 14:23:56
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software]
@DACL=(02 0000)
@SACL=
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\Block Senders]
@DACL=(02 0000)
"Version"=dword:00050000
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\Columns]
@DACL=(02 0000)
"Local Store Column Info"=hex:10,00,00,00,03,00,00,00,06,00,00,00,03,00,00,00,
ff,ff,ff,ff,08,00,00,00,01,00,00,00,ff,ff,ff,ff,07,00,00,00,01,00,00,00,ff,\
"Mail Column Info (In)"=hex:10,00,00,00,07,00,00,00,0f,00,00,00,09,00,00,00,13,
00,00,00,10,00,00,00,09,00,00,00,16,00,00,00,14,00,00,00,09,00,00,00,19,00,\
"Mail Column Info (Out)"=hex:10,00,00,00,06,00,00,00,0f,00,00,00,09,00,00,00,
ff,ff,ff,ff,10,00,00,00,09,00,00,00,ff,ff,ff,ff,00,00,00,00,01,00,00,00,ee,\
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\Mail]
@DACL=(02 0000)
"Welcome Message"=dword:00000000
"Accounts Checked"=dword:00000001
"Safe Attachments"=dword:00000001
"Secure Safe Attachments"=dword:00000001
"Check Mail on Startup"=dword:00000001
"No Check Default"=dword:00000001
"Saved Toolbar Settings"=hex:11,9e,00,00,f0,9c,00,00,f1,9c,00,00,f4,9c,00,00,
ff,ff,ff,ff,b4,9c,00,00,f2,9d,00,00,ff,ff,ff,ff,01,9d,00,00,ff,ff,ff,ff,07,\
"Saved Toolbar Settings Version"=dword:00000011
"ShowHybridView"=dword:00000000
"Show Header Info"=dword:00000001
"SplitDir"=dword:00000000
"SplitHorzPct"=dword:00000032
"SplitVertPct"=dword:00000032
"Default_CodePage"=dword:00006faf
"NotePosEx"=hex:2c,00,00,00,02,00,00,00,03,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,ff,ff,ff,ff,b8,01,00,00,b0,00,00,00,48,03,00,00,51,02,00,00
"ThreadArticles"=dword:00000000
"Wide Stationery Name"=""
"Stationery Name Converted"=dword:00000001
"Compose Use Stationery"=dword:00000000
"Font Size"=dword:00000009
"Font Name"="Arial"
"PlaySoundOnNewMail"=dword:00000001
"Poll For Mail"=dword:000493e0
"Attach VCard"=dword:00000000
"VCard Display Name"=""
"Log POP3 (0/1)"=dword:00000000
"Log IMAP4 (0/1)"=dword:00000000
"Log HTTPMail (0/1)"=dword:00000000
"Delete Wastebasket On Exit"=dword:00000001
"MarkPreviewAsRead"=dword:00000005
"Message Read HTML"=dword:00000001
"SaveInSentItems"=dword:00000001
"Auto Add Replies To WAB"=dword:00000001
"Include Reply Msg"=dword:00000001
"Send Mail Immediately"=dword:00000001
"Message Send HTML"=dword:00000001
"Digitally Sign Messages"=dword:00000000
"Encrypt Messages"=dword:00000000
"Block External Content"=dword:00000001
"Warn on Mapi Send"=dword:00000001
"Security Label"=dword:00000000
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\MailNote]
@DACL=(02 0000)
"Read Mail Toolbar Settings"=hex:f0,9c,00,00,f1,9c,00,00,f4,9c,00,00,ff,ff,ff,
ff,b4,9c,00,00,22,9e,00,00,ff,ff,ff,ff,d1,9c,00,00,d2,9c,00,00,ff,ff,ff,ff,\
"Saved Toolbar Settings Version"=dword:0000000f
"Send Mail Toolbar Settings"=hex:db,9d,00,00,ff,ff,ff,ff,26,9d,00,00,24,9e,00,
00,27,9d,00,00,25,9d,00,00,ff,ff,ff,ff,48,9d,00,00,47,9d,00,00,ff,ff,ff,ff,\
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\News]
@DACL=(02 0000)
"Accounts Checked"=dword:00000000
"No Check Default"=dword:00000000
"ShowHybridView"=dword:00000001
"Show Header Info"=dword:00000001
"SplitDir"=dword:00000000
"SplitHorzPct"=dword:00000032
"SplitVertPct"=dword:00000032
"Wide Stationery Name"=""
"Stationery Name Converted"=dword:00000001
"Compose Use Stationery"=dword:00000000
"Font Size"=dword:00000009
"Font Name"="Arial"
"New group notification"=dword:00000001
"Attach VCard"=dword:00000000
"VCard Display Name"=""
"Cache Delete Message Days"=dword:00000005
"Cache Compact Percent"=dword:00000014
"Cache Read Messages"=dword:00000000
"Log"=dword:00000000
"Download at a time"=dword:0000012c
"Auto Expand Threads"=dword:00000000
"Auto Fill Preview"=dword:00000001
"Mark Read on Exit"=dword:00000000
"Message Send HTML"=dword:00000000
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\Recent Stationery Wide List]
@DACL=(02 0000)
"File0"="Belle journée.htm"
"File1"="Nature.htm"
"File2"="Céramique.htm"
"File3"="Tournesol.htm"
"File4"="Punch aux agrumes.htm"
"File5"="Vierge.htm"
"File6"="Feuilles.htm"
"File7"=""
"File8"=""
"File9"=""
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\Rules]
@DACL=(02 0000)
"Messenger Auto logon"=dword:00000000
"MessengerWuzHere"=dword:00000000
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\signatures]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express\5.0\Trident]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\WAB]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\AcroAccess.AcroAccess\CLSID]
@DACL=(02 0000)
@SACL=
@="{C523F39F-9C83-11D3-9094-00104BD0D535}"
[HKEY_LOCAL_MACHINE\software\Classes\AcroAccess.AcroAccess\CurVer]
@DACL=(02 0000)
@SACL=
@="AcroAccess.AcroAccess.1"
[HKEY_LOCAL_MACHINE\software\Classes\AcroAccess.AcroAccess.1\CLSID]
@DACL=(02 0000)
@SACL=
@="{C523F39F-9C83-11D3-9094-00104BD0D535}"
[HKEY_LOCAL_MACHINE\software\Classes\DSP.DSP\CLSID]
@DACL=(02 0000)
@SACL=
@="{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}"
[HKEY_LOCAL_MACHINE\software\Classes\DSP.DSP\CurVer]
@DACL=(02 0000)
@SACL=
@="DSP.DSP.1"
[HKEY_LOCAL_MACHINE\software\Classes\DSP.DSPDMOProp_Chorus.1\CLSID]
@DACL=(02 0000)
@SACL=
@="{6F63B172-5543-4593-91CE-EDBA65B9FACDB}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{C523F390-9C83-11D3-9094-00104BD0D535}\2.0]
@DACL=(02 0000)
@SACL=
@="Acrobat Access 2.0 Type Library"
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\10.0]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services]
@DACL=(02 0000)
@SACL=
"NoServices"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-03-08 14:28:58 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-08 13:28:55
ComboFix2.txt 2009-03-07 21:08:42
Avant-CF: 54 727 000 064 octets libres
Après-CF: 54,717,001,728 octets libres
424 --- E O F --- 2009-03-05 15:17:09
jalawe
le 08 mars 2009 à 14h37
voici le 2nd rapport :
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : Ver 1.00PARTTBL
USER : Laurence et Anthony ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Not Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:50 Go)
D:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 08/03/2009|14:34 )
--------------------\\ Listing des dossiers dans APPLIC~1
[17/05/2005|04:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[17/05/2005|11:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[17/05/2005|04:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[17/05/2005|04:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
[31/10/2006|22:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\1 proc 2 creative
[30/04/2007|19:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[07/09/2007|14:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[30/09/2006|14:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[25/12/2008|01:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[26/12/2005|21:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[07/03/2009|22:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[17/05/2005|04:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpqwmi
[27/08/2008|20:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
[27/08/2008|20:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
[17/05/2005|04:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[22/11/2008|13:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[24/12/2008|12:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[08/05/2006|19:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[06/02/2009|14:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[06/05/2007|09:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[17/05/2005|04:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[17/05/2005|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[06/06/2007|17:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[24/02/2007|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
[29/02/2008|23:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[08/03/2009|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
[25/05/2006|18:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[08/03/2009|14:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[15/11/2006|20:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[15/03/2008|14:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[21/07/2006|19:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[05/03/2008|20:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[17/05/2005|04:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[17/05/2005|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[17/05/2005|04:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[17/05/2005|04:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[25/05/2006|19:22] C:\DOCUME~1\LAUREN~1\APPLIC~1\01JOY
[11/12/2007|20:26] C:\DOCUME~1\LAUREN~1\APPLIC~1\Adobe
[11/05/2008|08:16] C:\DOCUME~1\LAUREN~1\APPLIC~1\AdobeUM
[08/05/2007|13:17] C:\DOCUME~1\LAUREN~1\APPLIC~1\Ahead
[01/11/2005|00:58] C:\DOCUME~1\LAUREN~1\APPLIC~1\Apple Computer
[10/11/2007|15:20] C:\DOCUME~1\LAUREN~1\APPLIC~1\AutoTransfer
[02/06/2007|21:50] C:\DOCUME~1\LAUREN~1\APPLIC~1\ConvertTemp
[05/11/2005|19:15] C:\DOCUME~1\LAUREN~1\APPLIC~1\CoreCodec
[26/05/2008|19:08] C:\DOCUME~1\LAUREN~1\APPLIC~1\DivX
[12/11/2005|19:40] C:\DOCUME~1\LAUREN~1\APPLIC~1\FotoWire
[29/09/2006|17:29] C:\DOCUME~1\LAUREN~1\APPLIC~1\Google
[04/03/2006|19:44] C:\DOCUME~1\LAUREN~1\APPLIC~1\Help
[16/09/2005|17:15] C:\DOCUME~1\LAUREN~1\APPLIC~1\InterVideo
[16/09/2005|18:10] C:\DOCUME~1\LAUREN~1\APPLIC~1\Leadertech
[19/10/2005|18:22] C:\DOCUME~1\LAUREN~1\APPLIC~1\Macromedia
[24/12/2008|12:54] C:\DOCUME~1\LAUREN~1\APPLIC~1\Malwarebytes
[05/02/2009|21:42] C:\DOCUME~1\LAUREN~1\APPLIC~1\Microsoft
[23/09/2008|20:35] C:\DOCUME~1\LAUREN~1\APPLIC~1\Mozilla
[22/07/2008|20:37] C:\DOCUME~1\LAUREN~1\APPLIC~1\Real
[02/06/2007|21:50] C:\DOCUME~1\LAUREN~1\APPLIC~1\Samsung
[03/11/2007|09:48] C:\DOCUME~1\LAUREN~1\APPLIC~1\SecuROM
[15/07/2008|19:53] C:\DOCUME~1\LAUREN~1\APPLIC~1\Skype
[15/07/2008|19:03] C:\DOCUME~1\LAUREN~1\APPLIC~1\skypePM
[16/09/2005|18:10] C:\DOCUME~1\LAUREN~1\APPLIC~1\Sonic
[03/06/2007|09:18] C:\DOCUME~1\LAUREN~1\APPLIC~1\Sony Ericsson
[03/11/2007|10:08] C:\DOCUME~1\LAUREN~1\APPLIC~1\Sports Interactive
[08/03/2009|14:30] C:\DOCUME~1\LAUREN~1\APPLIC~1\Spyware Terminator
[20/10/2005|19:50] C:\DOCUME~1\LAUREN~1\APPLIC~1\Sun
[17/09/2005|15:52] C:\DOCUME~1\LAUREN~1\APPLIC~1\Symantec
[03/06/2007|09:21] C:\DOCUME~1\LAUREN~1\APPLIC~1\Teleca
[02/06/2007|23:01] C:\DOCUME~1\LAUREN~1\APPLIC~1\Temporary
[20/01/2009|21:48] C:\DOCUME~1\LAUREN~1\APPLIC~1\Thunderbird
[02/06/2007|21:50] C:\DOCUME~1\LAUREN~1\APPLIC~1\TransRender
[24/02/2007|15:32] C:\DOCUME~1\LAUREN~1\APPLIC~1\Ulead Systems
[08/05/2006|11:18] C:\DOCUME~1\LAUREN~1\APPLIC~1\Unigraphics Solutions
[01/03/2009|10:25] C:\DOCUME~1\LAUREN~1\APPLIC~1\uTorrent
[08/09/2006|13:46] C:\DOCUME~1\LAUREN~1\APPLIC~1\vlc
[13/05/2007|11:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Ahead
[17/05/2005|03:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[17/05/2005|03:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[18/12/2005|18:24] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec
[18/12/2005|17:30] C:\DOCUME~1\PROPRI~1\APPLIC~1\Symantec
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[05/12/2008 09:16][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/03/2009 14:23][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 09:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ MsgPlus SPONSOR INSTALLED !
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]
"DisplayName"="Messenger Plus! 3 & Sponsor"
"SponsorInstalled"=dword:00000001
--------------------\\ Listing des dossiers dans C:\Program Files
[09/06/2006|15:39] C:\Program Files\Adobe
[25/12/2008|10:52] C:\Program Files\Ad-remover
[31/10/2006|22:04] C:\Program Files\Adverts
[27/03/2006|17:58] C:\Program Files\Agfa
[06/05/2007|09:29] C:\Program Files\Ahead
[31/12/2005|17:25] C:\Program Files\Alcohol Soft
[17/05/2005|04:13] C:\Program Files\AMD
[21/09/2007|10:01] C:\Program Files\Apple Software Update
[17/05/2005|04:03] C:\Program Files\ATI Technologies
[25/12/2008|01:22] C:\Program Files\Avira
[26/12/2005|21:50] C:\Program Files\Canon
[26/12/2005|22:54] C:\Program Files\CASIO
[29/02/2008|23:55] C:\Program Files\CCleaner
[17/09/2005|10:42] C:\Program Files\Company Ericsson
[17/05/2005|11:51] C:\Program Files\ComPlus Applications
[17/05/2005|02:54] C:\Program Files\CONEXANT
[01/03/2008|00:09] C:\Program Files\CoreCodec
[28/12/2006|16:18] C:\Program Files\directx
[03/02/2009|19:43] C:\Program Files\DivX
[18/02/2006|23:11] C:\Program Files\Easy Internet signup
[03/06/2007|07:31] C:\Program Files\Elaborate Bytes
[26/02/2009|19:51] C:\Program Files\eMule
[03/11/2007|22:19] C:\Program Files\ffdshow
[08/03/2009|14:21] C:\Program Files\Fichiers communs
[07/09/2006|18:01] C:\Program Files\FileZilla
[03/11/2007|22:19] C:\Program Files\Gabest
[03/11/2007|10:03] C:\Program Files\GameShadow
[07/03/2009|22:21] C:\Program Files\Google
[28/12/2005|18:24] C:\Program Files\GordianKnot
[17/05/2005|04:14] C:\Program Files\Hewlett-Packard
[17/05/2005|04:14] C:\Program Files\Hp
[16/09/2005|16:10] C:\Program Files\HPQ
[05/09/2008|11:16] C:\Program Files\IncrediMail
[25/12/2008|02:05] C:\Program Files\InstallShield Installation Information
[12/02/2009|20:24] C:\Program Files\Internet Explorer
[17/05/2005|04:28] C:\Program Files\InterVideo
[01/02/2008|10:55] C:\Program Files\iPod
[01/02/2008|10:56] C:\Program Files\iTunes
[25/12/2008|01:57] C:\Program Files\Java
[26/07/2008|18:11] C:\Program Files\Kit ADSL
[18/02/2006|14:57] C:\Program Files\KODAK
[03/11/2007|10:04] C:\Program Files\L'Entraîneur 2007
[25/12/2008|02:05] C:\Program Files\Logitech
[24/12/2008|12:54] C:\Program Files\Malwarebytes' Anti-Malware
[25/12/2008|03:02] C:\Program Files\Messenger
[08/05/2006|19:06] C:\Program Files\MessengerPlus! 3
[05/02/2009|21:34] C:\Program Files\Microsoft
[07/03/2008|11:55] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[17/05/2005|11:51] C:\Program Files\microsoft frontpage
[17/02/2006|15:12] C:\Program Files\Microsoft Office
[26/02/2009|18:58] C:\Program Files\Microsoft Silverlight
[05/02/2009|21:36] C:\Program Files\Microsoft SQL Server Compact Edition
[19/01/2009|22:09] C:\Program Files\Microsoft Works
[25/12/2008|02:59] C:\Program Files\Movie Maker
[08/03/2009|14:30] C:\Program Files\Mozilla Firefox
[07/03/2009|22:50] C:\Program Files\Mozilla Thunderbird
[06/10/2005|17:48] C:\Program Files\MSN
[26/10/2005|18:29] C:\Program Files\MSN Apps
[17/05/2005|11:51] C:\Program Files\MSN Gaming Zone
[15/11/2006|22:55] C:\Program Files\MSXML 4.0
[06/05/2007|09:49] C:\Program Files\Nero
[25/12/2008|02:55] C:\Program Files\NetMeeting
[25/05/2006|18:54] C:\Program Files\Norton AntiVirus
[20/05/2006|17:42] C:\Program Files\Once Dog Ace
[17/05/2005|11:51] C:\Program Files\Online Services
[19/01/2009|22:27] C:\Program Files\Outlook Express
[17/12/2006|18:54] C:\Program Files\PIXELA
[01/02/2008|10:52] C:\Program Files\QuickTime
[08/05/2006|11:13] C:\Program Files\Rainbow Technologies
[22/07/2008|20:37] C:\Program Files\Real
[02/06/2007|21:28] C:\Program Files\Samsung
[17/05/2005|04:31] C:\Program Files\Services en ligne
[09/05/2008|12:41] C:\Program Files\Skype
[24/02/2007|14:14] C:\Program Files\SmartSound Software
[08/05/2006|11:10] C:\Program Files\Solid Edge V14
[17/05/2005|04:26] C:\Program Files\Sonic
[15/03/2008|14:13] C:\Program Files\Sony Corporation
[03/11/2007|10:31] C:\Program Files\Sports Interactive
[14/10/2007|19:29] C:\Program Files\Spybot - Search & Destroy
[08/03/2009|14:30] C:\Program Files\Spyware Terminator
[25/12/2008|01:47] C:\Program Files\SpywareBlaster
[25/05/2006|18:56] C:\Program Files\Symantec
[17/05/2005|04:28] C:\Program Files\Synaptics
[05/03/2009|21:39] C:\Program Files\Trend Micro
[15/03/2008|14:23] C:\Program Files\Ulead Systems
[17/05/2005|11:51] C:\Program Files\Uninstall Information
[21/10/2005|16:34] C:\Program Files\Utilitaire de gestion du LAN Wifi IEEE 802.11g
[13/02/2009|16:55] C:\Program Files\uTorrent
[28/12/2005|18:17] C:\Program Files\VideoLAN
[05/02/2009|21:37] C:\Program Files\Windows Live
[05/02/2009|21:34] C:\Program Files\Windows Live SkyDrive
[24/02/2007|14:13] C:\Program Files\Windows Media Components
[16/02/2007|20:57] C:\Program Files\Windows Media Connect 2
[13/01/2009|20:47] C:\Program Files\Windows Media Player
[25/12/2008|02:55] C:\Program Files\Windows NT
[17/05/2005|11:51] C:\Program Files\WindowsUpdate
[21/11/2008|15:42] C:\Program Files\WinRAR
[17/05/2005|11:51] C:\Program Files\xerox
[22/11/2008|15:27] C:\Program Files\Yahoo!
[03/11/2007|09:45] C:\Program Files\Zero G Registry
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[02/05/2007|17:10] C:\Program Files\Fichiers communs\Adobe
[27/03/2006|17:58] C:\Program Files\Fichiers communs\Agfa
[06/05/2007|09:53] C:\Program Files\Fichiers communs\Ahead
[07/09/2007|14:50] C:\Program Files\Fichiers communs\Apple
[17/09/2005|15:58] C:\Program Files\Fichiers communs\Designer
[07/02/2007|19:26] C:\Program Files\Fichiers communs\FotoWire
[16/06/2007|12:51] C:\Program Files\Fichiers communs\InstallShield
[17/05/2005|04:06] C:\Program Files\Fichiers communs\Java
[17/05/2005|04:33] C:\Program Files\Fichiers communs\LightScribe
[12/11/2005|19:38] C:\Program Files\Fichiers communs\Logitech
[05/03/2009|16:16] C:\Program Files\Fichiers communs\Microsoft Shared
[17/05/2005|11:51] C:\Program Files\Fichiers communs\MSSoap
[15/03/2008|14:13] C:\Program Files\Fichiers communs\muvee Technologies
[22/09/2007|11:05] C:\Program Files\Fichiers communs\Nullsoft
[17/05/2005|11:51] C:\Program Files\Fichiers communs\ODBC
[22/07/2008|20:37] C:\Program Files\Fichiers communs\Real
[17/05/2005|11:51] C:\Program Files\Fichiers communs\Services
[09/05/2008|12:41] C:\Program Files\Fichiers communs\Skype
[17/05/2005|04:24] C:\Program Files\Fichiers communs\Sonic Shared
[17/05/2005|11:51] C:\Program Files\Fichiers communs\SpeechEngines
[17/05/2005|04:26] C:\Program Files\Fichiers communs\SureThing Shared
[25/05/2006|18:56] C:\Program Files\Fichiers communs\Symantec Shared
[19/01/2009|22:24] C:\Program Files\Fichiers communs\System
[17/05/2005|04:25] C:\Program Files\Fichiers communs\TiVo Shared
[15/03/2008|14:23] C:\Program Files\Fichiers communs\Ulead Systems
[05/02/2009|21:08] C:\Program Files\Fichiers communs\Windows Live
[05/03/2008|20:48] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 35 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\Program Files\Adverts
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 14:35:32
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 41
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\NOD32.Antivirus.v2.51.30.FR.(Version.Windows_XP_2000_2003_NT_32-bit_64-bit).Incl-Crack
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\NOD32.Antivirus.v2.51.30.FR.(Version.Windows_XP_2000_2003_NT_32-bit_64-bit).Incl-Crack.rar
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack.zip
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\Kompass clé\Crack Kompass v27 final Mars 2004 by Arsene.exe
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\NOD32.Antivirus.v2.51.30.FR.(Version.Windows_XP_2000_2003_NT_32-bit_64-bit).Incl-Crack\Crack
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\NOD32.Antivirus.v2.51.30.FR.(Version.Windows_XP_2000_2003_NT_32-bit_64-bit).Incl-Crack\http--www.emule-paradise.com-.url
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\NOD32.Antivirus.v2.51.30.FR.(Version.Windows_XP_2000_2003_NT_32-bit_64-bit).Incl-Crack\nentfrst.exe
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack\CORE.NFO
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack\CORE10k.EXE
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack\cr-wr320.exe
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack\FILE_ID.DIZ
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack\twh.nfo
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack\wrar320.exe
[F:3][D:1]-> C:\DOCUME~1\LAUREN~1\LOCALS~1\Temp
[F:31][D:0]-> C:\DOCUME~1\LAUREN~1\Cookies
[F:15][D:4]-> C:\DOCUME~1\LAUREN~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 08/03/2009|14:36 - Option : [1]
--------------------\\ Fin du rapport a 14:36:39
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : Ver 1.00PARTTBL
USER : Laurence et Anthony ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Not Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:50 Go)
D:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 08/03/2009|14:34 )
--------------------\\ Listing des dossiers dans APPLIC~1
[17/05/2005|04:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[17/05/2005|11:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[17/05/2005|04:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[17/05/2005|04:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
[31/10/2006|22:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\1 proc 2 creative
[30/04/2007|19:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[07/09/2007|14:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[30/09/2006|14:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[25/12/2008|01:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[26/12/2005|21:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[07/03/2009|22:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[17/05/2005|04:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpqwmi
[27/08/2008|20:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
[27/08/2008|20:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
[17/05/2005|04:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[22/11/2008|13:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[24/12/2008|12:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[08/05/2006|19:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[06/02/2009|14:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[06/05/2007|09:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[17/05/2005|04:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[17/05/2005|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[06/06/2007|17:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[24/02/2007|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
[29/02/2008|23:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[08/03/2009|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
[25/05/2006|18:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[08/03/2009|14:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[15/11/2006|20:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[15/03/2008|14:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[21/07/2006|19:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[05/03/2008|20:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[17/05/2005|04:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[17/05/2005|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[17/05/2005|04:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[17/05/2005|04:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[25/05/2006|19:22] C:\DOCUME~1\LAUREN~1\APPLIC~1\01JOY
[11/12/2007|20:26] C:\DOCUME~1\LAUREN~1\APPLIC~1\Adobe
[11/05/2008|08:16] C:\DOCUME~1\LAUREN~1\APPLIC~1\AdobeUM
[08/05/2007|13:17] C:\DOCUME~1\LAUREN~1\APPLIC~1\Ahead
[01/11/2005|00:58] C:\DOCUME~1\LAUREN~1\APPLIC~1\Apple Computer
[10/11/2007|15:20] C:\DOCUME~1\LAUREN~1\APPLIC~1\AutoTransfer
[02/06/2007|21:50] C:\DOCUME~1\LAUREN~1\APPLIC~1\ConvertTemp
[05/11/2005|19:15] C:\DOCUME~1\LAUREN~1\APPLIC~1\CoreCodec
[26/05/2008|19:08] C:\DOCUME~1\LAUREN~1\APPLIC~1\DivX
[12/11/2005|19:40] C:\DOCUME~1\LAUREN~1\APPLIC~1\FotoWire
[29/09/2006|17:29] C:\DOCUME~1\LAUREN~1\APPLIC~1\Google
[04/03/2006|19:44] C:\DOCUME~1\LAUREN~1\APPLIC~1\Help
[16/09/2005|17:15] C:\DOCUME~1\LAUREN~1\APPLIC~1\InterVideo
[16/09/2005|18:10] C:\DOCUME~1\LAUREN~1\APPLIC~1\Leadertech
[19/10/2005|18:22] C:\DOCUME~1\LAUREN~1\APPLIC~1\Macromedia
[24/12/2008|12:54] C:\DOCUME~1\LAUREN~1\APPLIC~1\Malwarebytes
[05/02/2009|21:42] C:\DOCUME~1\LAUREN~1\APPLIC~1\Microsoft
[23/09/2008|20:35] C:\DOCUME~1\LAUREN~1\APPLIC~1\Mozilla
[22/07/2008|20:37] C:\DOCUME~1\LAUREN~1\APPLIC~1\Real
[02/06/2007|21:50] C:\DOCUME~1\LAUREN~1\APPLIC~1\Samsung
[03/11/2007|09:48] C:\DOCUME~1\LAUREN~1\APPLIC~1\SecuROM
[15/07/2008|19:53] C:\DOCUME~1\LAUREN~1\APPLIC~1\Skype
[15/07/2008|19:03] C:\DOCUME~1\LAUREN~1\APPLIC~1\skypePM
[16/09/2005|18:10] C:\DOCUME~1\LAUREN~1\APPLIC~1\Sonic
[03/06/2007|09:18] C:\DOCUME~1\LAUREN~1\APPLIC~1\Sony Ericsson
[03/11/2007|10:08] C:\DOCUME~1\LAUREN~1\APPLIC~1\Sports Interactive
[08/03/2009|14:30] C:\DOCUME~1\LAUREN~1\APPLIC~1\Spyware Terminator
[20/10/2005|19:50] C:\DOCUME~1\LAUREN~1\APPLIC~1\Sun
[17/09/2005|15:52] C:\DOCUME~1\LAUREN~1\APPLIC~1\Symantec
[03/06/2007|09:21] C:\DOCUME~1\LAUREN~1\APPLIC~1\Teleca
[02/06/2007|23:01] C:\DOCUME~1\LAUREN~1\APPLIC~1\Temporary
[20/01/2009|21:48] C:\DOCUME~1\LAUREN~1\APPLIC~1\Thunderbird
[02/06/2007|21:50] C:\DOCUME~1\LAUREN~1\APPLIC~1\TransRender
[24/02/2007|15:32] C:\DOCUME~1\LAUREN~1\APPLIC~1\Ulead Systems
[08/05/2006|11:18] C:\DOCUME~1\LAUREN~1\APPLIC~1\Unigraphics Solutions
[01/03/2009|10:25] C:\DOCUME~1\LAUREN~1\APPLIC~1\uTorrent
[08/09/2006|13:46] C:\DOCUME~1\LAUREN~1\APPLIC~1\vlc
[13/05/2007|11:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Ahead
[17/05/2005|03:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[17/05/2005|03:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[18/12/2005|18:24] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec
[18/12/2005|17:30] C:\DOCUME~1\PROPRI~1\APPLIC~1\Symantec
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[05/12/2008 09:16][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/03/2009 14:23][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 09:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ MsgPlus SPONSOR INSTALLED !
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]
"DisplayName"="Messenger Plus! 3 & Sponsor"
"SponsorInstalled"=dword:00000001
--------------------\\ Listing des dossiers dans C:\Program Files
[09/06/2006|15:39] C:\Program Files\Adobe
[25/12/2008|10:52] C:\Program Files\Ad-remover
[31/10/2006|22:04] C:\Program Files\Adverts
[27/03/2006|17:58] C:\Program Files\Agfa
[06/05/2007|09:29] C:\Program Files\Ahead
[31/12/2005|17:25] C:\Program Files\Alcohol Soft
[17/05/2005|04:13] C:\Program Files\AMD
[21/09/2007|10:01] C:\Program Files\Apple Software Update
[17/05/2005|04:03] C:\Program Files\ATI Technologies
[25/12/2008|01:22] C:\Program Files\Avira
[26/12/2005|21:50] C:\Program Files\Canon
[26/12/2005|22:54] C:\Program Files\CASIO
[29/02/2008|23:55] C:\Program Files\CCleaner
[17/09/2005|10:42] C:\Program Files\Company Ericsson
[17/05/2005|11:51] C:\Program Files\ComPlus Applications
[17/05/2005|02:54] C:\Program Files\CONEXANT
[01/03/2008|00:09] C:\Program Files\CoreCodec
[28/12/2006|16:18] C:\Program Files\directx
[03/02/2009|19:43] C:\Program Files\DivX
[18/02/2006|23:11] C:\Program Files\Easy Internet signup
[03/06/2007|07:31] C:\Program Files\Elaborate Bytes
[26/02/2009|19:51] C:\Program Files\eMule
[03/11/2007|22:19] C:\Program Files\ffdshow
[08/03/2009|14:21] C:\Program Files\Fichiers communs
[07/09/2006|18:01] C:\Program Files\FileZilla
[03/11/2007|22:19] C:\Program Files\Gabest
[03/11/2007|10:03] C:\Program Files\GameShadow
[07/03/2009|22:21] C:\Program Files\Google
[28/12/2005|18:24] C:\Program Files\GordianKnot
[17/05/2005|04:14] C:\Program Files\Hewlett-Packard
[17/05/2005|04:14] C:\Program Files\Hp
[16/09/2005|16:10] C:\Program Files\HPQ
[05/09/2008|11:16] C:\Program Files\IncrediMail
[25/12/2008|02:05] C:\Program Files\InstallShield Installation Information
[12/02/2009|20:24] C:\Program Files\Internet Explorer
[17/05/2005|04:28] C:\Program Files\InterVideo
[01/02/2008|10:55] C:\Program Files\iPod
[01/02/2008|10:56] C:\Program Files\iTunes
[25/12/2008|01:57] C:\Program Files\Java
[26/07/2008|18:11] C:\Program Files\Kit ADSL
[18/02/2006|14:57] C:\Program Files\KODAK
[03/11/2007|10:04] C:\Program Files\L'Entraîneur 2007
[25/12/2008|02:05] C:\Program Files\Logitech
[24/12/2008|12:54] C:\Program Files\Malwarebytes' Anti-Malware
[25/12/2008|03:02] C:\Program Files\Messenger
[08/05/2006|19:06] C:\Program Files\MessengerPlus! 3
[05/02/2009|21:34] C:\Program Files\Microsoft
[07/03/2008|11:55] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[17/05/2005|11:51] C:\Program Files\microsoft frontpage
[17/02/2006|15:12] C:\Program Files\Microsoft Office
[26/02/2009|18:58] C:\Program Files\Microsoft Silverlight
[05/02/2009|21:36] C:\Program Files\Microsoft SQL Server Compact Edition
[19/01/2009|22:09] C:\Program Files\Microsoft Works
[25/12/2008|02:59] C:\Program Files\Movie Maker
[08/03/2009|14:30] C:\Program Files\Mozilla Firefox
[07/03/2009|22:50] C:\Program Files\Mozilla Thunderbird
[06/10/2005|17:48] C:\Program Files\MSN
[26/10/2005|18:29] C:\Program Files\MSN Apps
[17/05/2005|11:51] C:\Program Files\MSN Gaming Zone
[15/11/2006|22:55] C:\Program Files\MSXML 4.0
[06/05/2007|09:49] C:\Program Files\Nero
[25/12/2008|02:55] C:\Program Files\NetMeeting
[25/05/2006|18:54] C:\Program Files\Norton AntiVirus
[20/05/2006|17:42] C:\Program Files\Once Dog Ace
[17/05/2005|11:51] C:\Program Files\Online Services
[19/01/2009|22:27] C:\Program Files\Outlook Express
[17/12/2006|18:54] C:\Program Files\PIXELA
[01/02/2008|10:52] C:\Program Files\QuickTime
[08/05/2006|11:13] C:\Program Files\Rainbow Technologies
[22/07/2008|20:37] C:\Program Files\Real
[02/06/2007|21:28] C:\Program Files\Samsung
[17/05/2005|04:31] C:\Program Files\Services en ligne
[09/05/2008|12:41] C:\Program Files\Skype
[24/02/2007|14:14] C:\Program Files\SmartSound Software
[08/05/2006|11:10] C:\Program Files\Solid Edge V14
[17/05/2005|04:26] C:\Program Files\Sonic
[15/03/2008|14:13] C:\Program Files\Sony Corporation
[03/11/2007|10:31] C:\Program Files\Sports Interactive
[14/10/2007|19:29] C:\Program Files\Spybot - Search & Destroy
[08/03/2009|14:30] C:\Program Files\Spyware Terminator
[25/12/2008|01:47] C:\Program Files\SpywareBlaster
[25/05/2006|18:56] C:\Program Files\Symantec
[17/05/2005|04:28] C:\Program Files\Synaptics
[05/03/2009|21:39] C:\Program Files\Trend Micro
[15/03/2008|14:23] C:\Program Files\Ulead Systems
[17/05/2005|11:51] C:\Program Files\Uninstall Information
[21/10/2005|16:34] C:\Program Files\Utilitaire de gestion du LAN Wifi IEEE 802.11g
[13/02/2009|16:55] C:\Program Files\uTorrent
[28/12/2005|18:17] C:\Program Files\VideoLAN
[05/02/2009|21:37] C:\Program Files\Windows Live
[05/02/2009|21:34] C:\Program Files\Windows Live SkyDrive
[24/02/2007|14:13] C:\Program Files\Windows Media Components
[16/02/2007|20:57] C:\Program Files\Windows Media Connect 2
[13/01/2009|20:47] C:\Program Files\Windows Media Player
[25/12/2008|02:55] C:\Program Files\Windows NT
[17/05/2005|11:51] C:\Program Files\WindowsUpdate
[21/11/2008|15:42] C:\Program Files\WinRAR
[17/05/2005|11:51] C:\Program Files\xerox
[22/11/2008|15:27] C:\Program Files\Yahoo!
[03/11/2007|09:45] C:\Program Files\Zero G Registry
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[02/05/2007|17:10] C:\Program Files\Fichiers communs\Adobe
[27/03/2006|17:58] C:\Program Files\Fichiers communs\Agfa
[06/05/2007|09:53] C:\Program Files\Fichiers communs\Ahead
[07/09/2007|14:50] C:\Program Files\Fichiers communs\Apple
[17/09/2005|15:58] C:\Program Files\Fichiers communs\Designer
[07/02/2007|19:26] C:\Program Files\Fichiers communs\FotoWire
[16/06/2007|12:51] C:\Program Files\Fichiers communs\InstallShield
[17/05/2005|04:06] C:\Program Files\Fichiers communs\Java
[17/05/2005|04:33] C:\Program Files\Fichiers communs\LightScribe
[12/11/2005|19:38] C:\Program Files\Fichiers communs\Logitech
[05/03/2009|16:16] C:\Program Files\Fichiers communs\Microsoft Shared
[17/05/2005|11:51] C:\Program Files\Fichiers communs\MSSoap
[15/03/2008|14:13] C:\Program Files\Fichiers communs\muvee Technologies
[22/09/2007|11:05] C:\Program Files\Fichiers communs\Nullsoft
[17/05/2005|11:51] C:\Program Files\Fichiers communs\ODBC
[22/07/2008|20:37] C:\Program Files\Fichiers communs\Real
[17/05/2005|11:51] C:\Program Files\Fichiers communs\Services
[09/05/2008|12:41] C:\Program Files\Fichiers communs\Skype
[17/05/2005|04:24] C:\Program Files\Fichiers communs\Sonic Shared
[17/05/2005|11:51] C:\Program Files\Fichiers communs\SpeechEngines
[17/05/2005|04:26] C:\Program Files\Fichiers communs\SureThing Shared
[25/05/2006|18:56] C:\Program Files\Fichiers communs\Symantec Shared
[19/01/2009|22:24] C:\Program Files\Fichiers communs\System
[17/05/2005|04:25] C:\Program Files\Fichiers communs\TiVo Shared
[15/03/2008|14:23] C:\Program Files\Fichiers communs\Ulead Systems
[05/02/2009|21:08] C:\Program Files\Fichiers communs\Windows Live
[05/03/2008|20:48] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 35 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\Program Files\Adverts
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 14:35:32
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 41
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\NOD32.Antivirus.v2.51.30.FR.(Version.Windows_XP_2000_2003_NT_32-bit_64-bit).Incl-Crack
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\NOD32.Antivirus.v2.51.30.FR.(Version.Windows_XP_2000_2003_NT_32-bit_64-bit).Incl-Crack.rar
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack.zip
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\Kompass clé\Crack Kompass v27 final Mars 2004 by Arsene.exe
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\NOD32.Antivirus.v2.51.30.FR.(Version.Windows_XP_2000_2003_NT_32-bit_64-bit).Incl-Crack\Crack
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\NOD32.Antivirus.v2.51.30.FR.(Version.Windows_XP_2000_2003_NT_32-bit_64-bit).Incl-Crack\http--www.emule-paradise.com-.url
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\NOD32.Antivirus.v2.51.30.FR.(Version.Windows_XP_2000_2003_NT_32-bit_64-bit).Incl-Crack\nentfrst.exe
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack\CORE.NFO
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack\CORE10k.EXE
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack\cr-wr320.exe
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack\FILE_ID.DIZ
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack\twh.nfo
C:\DOCUME~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack\wrar320.exe
[F:3][D:1]-> C:\DOCUME~1\LAUREN~1\LOCALS~1\Temp
[F:31][D:0]-> C:\DOCUME~1\LAUREN~1\Cookies
[F:15][D:4]-> C:\DOCUME~1\LAUREN~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 08/03/2009|14:36 - Option : [1]
--------------------\\ Fin du rapport a 14:36:39
jalawe
le 08 mars 2009 à 21h25
Bonsoir, quand je fait un Kaspersky Online Scanner ça plante en plein scan.
cordialement.
cordialement.
Curson
le 08 mars 2009 à 21h44
Bonsoir,
1) Désactive les logiciels de protection (Antivirus, Antispywares) puis :
2) Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
- Une fenêtre bleue va apparaître. Tape 1 si nécessaire.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.
- Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
3) Télécharge et enregistre sur ton Bureau Kaspersky AVP Tool (environ 28.3 Mo).
4) Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
- Redémarre ton ordinateur
- Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
- A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
- Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
- Choisis ton compte.
5) Lance l'exécutable intitulé "setup_7.0xxxxx" en double-cliquant dessus :
- Réponds "Oui" à la question "Do you want to continue installation?"
- Clique sur "Next" pour les deux fenêtres suivantes: AVP TOOL s'installe sur ton Bureau dans un dossier nommé "Kaspersky Lab Tool"
- Si nécessaire, branche tes périphériques amovibles (clés USB, disque dur externe...)
6) L’outil se lance tout seul: coche toutes les cases dans l'onglet "Automatic Scan".
- Clique maintenant sur "Security Level": une fenêtre de configuration s'ouvre:
Paramètre le scanner comme ceci :
Security level au milieu
Action : coche le premier bouton (scan complete)
Self defence options : coche les 2 dernières lignes
- Valide avec "Apply" puis "OK"
7) L'outil est maintenant configuré: dans la fenêtre principale, clique sur "Scan". Le scan commence, une nouvelle fenêtre s'ouvre indiquant la progression du balayage en pourcentage.
- A la fin du scan, AVP Tool signale les objets infectés par l'intermédiaire d'une pop-up: coche alors "Apply to all" et clique sur "Delete" ou "Disinfect" selon ce que propose la fenêtre (choisis "Disinfect" si cela est possible) :
8) Une fois les infections traitées par l'intermédiaire des pop-ups, il se peut que des fichiers malsains n'aient pas été supprimés: ils apparaissent en rouge dans la liste : clique alors sur le bouton "Neutralize all" de la fenêtre de progression du scan: si une pop-up indique qu'il faut redémarrer, accepte en cliquant sur "OK"
- Rends-toi maintenant dans l'onglet "Events" de la fenêtre de progression du scan, et décoche "Show all events"
- Clique enfin sur "Reports" puis "Save to file" et enregistre le rapport sur ton Bureau sous le nom "Rapport AVP TOOL"
9) Ferme les fenêtres d'AVP Tool: un message apparaît proposant de désinstaller le logiciel : choisis "YES"
Un message d'alerte indique que le PC doit être redémarré pour finir la désinstallation :
10) A la question "Would you like to restart now", réponds "OUI/YES" et redémarre ton ordinateur en Mode normal.
11) Poste le rapport obtenu dans ta prochaine réponse.
Cordialement.
1) Désactive les logiciels de protection (Antivirus, Antispywares) puis :
2) Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
- Une fenêtre bleue va apparaître. Tape 1 si nécessaire.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.
- Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
3) Télécharge et enregistre sur ton Bureau Kaspersky AVP Tool (environ 28.3 Mo).
4) Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
- Redémarre ton ordinateur
- Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
- A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
- Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
- Choisis ton compte.
5) Lance l'exécutable intitulé "setup_7.0xxxxx" en double-cliquant dessus :
- Réponds "Oui" à la question "Do you want to continue installation?"
- Clique sur "Next" pour les deux fenêtres suivantes: AVP TOOL s'installe sur ton Bureau dans un dossier nommé "Kaspersky Lab Tool"
- Si nécessaire, branche tes périphériques amovibles (clés USB, disque dur externe...)
6) L’outil se lance tout seul: coche toutes les cases dans l'onglet "Automatic Scan".
- Clique maintenant sur "Security Level": une fenêtre de configuration s'ouvre:
Paramètre le scanner comme ceci :
Security level au milieu
Action : coche le premier bouton (scan complete)
Self defence options : coche les 2 dernières lignes
- Valide avec "Apply" puis "OK"
7) L'outil est maintenant configuré: dans la fenêtre principale, clique sur "Scan". Le scan commence, une nouvelle fenêtre s'ouvre indiquant la progression du balayage en pourcentage.
- A la fin du scan, AVP Tool signale les objets infectés par l'intermédiaire d'une pop-up: coche alors "Apply to all" et clique sur "Delete" ou "Disinfect" selon ce que propose la fenêtre (choisis "Disinfect" si cela est possible) :
8) Une fois les infections traitées par l'intermédiaire des pop-ups, il se peut que des fichiers malsains n'aient pas été supprimés: ils apparaissent en rouge dans la liste : clique alors sur le bouton "Neutralize all" de la fenêtre de progression du scan: si une pop-up indique qu'il faut redémarrer, accepte en cliquant sur "OK"
- Rends-toi maintenant dans l'onglet "Events" de la fenêtre de progression du scan, et décoche "Show all events"
- Clique enfin sur "Reports" puis "Save to file" et enregistre le rapport sur ton Bureau sous le nom "Rapport AVP TOOL"
9) Ferme les fenêtres d'AVP Tool: un message apparaît proposant de désinstaller le logiciel : choisis "YES"
Un message d'alerte indique que le PC doit être redémarré pour finir la désinstallation :
10) A la question "Would you like to restart now", réponds "OUI/YES" et redémarre ton ordinateur en Mode normal.
11) Poste le rapport obtenu dans ta prochaine réponse.
Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
Si votre sujet reste sans réponse, merci de le signaler ici.
jalawe
le 09 mars 2009 à 21h47
Bonsoir,
Je peux dire que mon problème pour envoyer des mails est résolu (merci)
Je joins le rapport combofix :
ComboFix 09-03-06.02 - Laurence et Anthony 2009-03-09 21:34:49.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.510.114 [GMT 1:00]
Lancé depuis: c:\documents and settings\Laurence et Anthony\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Laurence et Anthony\Bureau\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
FILE ::
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\NOD32.Antivirus.v2.51.30.FR.(Version.Windows_XP_2000_2003_NT_32-bit_64-bit).Incl-Crack.rar
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack.zip
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\ADMINI~1\APPLIC~1\Symantec
c:\docume~1\ALLUSE~1\APPLIC~1\1 proc 2 creative
c:\docume~1\ALLUSE~1\APPLIC~1\1 proc 2 creative\PROXY HTM DEFAULT
c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft\Ad-Aware\update\backup\Help\Ad-Awaremanual-EN.chm.old
c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft\Ad-Aware\update\backup\Lang\EN.lslang.old
c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft\Ad-Aware\update\new\Help\Ad-Awaremanual-EN.chm.new
c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft\Ad-Aware\update\new\Lang\EN.lslang.new
c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft\MiniMessage\2
c:\docume~1\ALLUSE~1\APPLIC~1\Symantec
c:\docume~1\ALLUSE~1\APPLIC~1\Symantec\LiveSubscribe\Catalog.LiveSubscribe
c:\docume~1\ALLUSE~1\APPLIC~1\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
c:\docume~1\ALLUSE~1\APPLIC~1\Symantec\LiveUpdate\Settings.LiveUpdate
c:\docume~1\LAUREN~1\APPLIC~1\01JOY
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\Kompass clé
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\Kompass clé\A lire.txt
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\Kompass clé\Au cas où.txt
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\Kompass clé\Crack Kompass v27 final Mars 2004 by Arsene.exe
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\NOD32.Antivirus.v2.51.30.FR.(Version.Windows_XP_2000_2003_NT_32-bit_64-bit).Incl-Crack
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\NOD32.Antivirus.v2.51.30.FR.(Version.Windows_XP_2000_2003_NT_32-bit_64-bit).Incl-Crack.rar
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\NOD32.Antivirus.v2.51.30.FR.(Version.Windows_XP_2000_2003_NT_32-bit_64-bit).Incl-Crack\http--www.emule-paradise.com-.url
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\NOD32.Antivirus.v2.51.30.FR.(Version.Windows_XP_2000_2003_NT_32-bit_64-bit).Incl-Crack\nentfrst.exe
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack.zip
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack\CORE.NFO
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack\CORE10k.EXE
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack\cr-wr320.exe
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack\FILE_ID.DIZ
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack\twh.nfo
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack\wrar320.exe
c:\docume~1\NETWOR~1\APPLIC~1\Symantec
c:\docume~1\NETWOR~1\APPLIC~1\Symantec\Shared\MyProfile.UserProfile
c:\docume~1\PROPRI~1\APPLIC~1\Symantec
c:\program files\Adverts
c:\program files\Fichiers communs\Symantec Shared
c:\program files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Fichiers communs\Symantec Shared\SEVINST.EXE
c:\program files\Fichiers communs\Symantec Shared\SPManifests\SYMEVNT.GRD
c:\program files\Fichiers communs\Symantec Shared\SPManifests\SYMEVNT.SIG
c:\program files\Fichiers communs\Symantec Shared\SPManifests\SYMEVNT.SPM
c:\program files\Norton AntiVirus
c:\program files\Norton AntiVirus\IWP\ALEUpdate-218146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-288146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-2e4146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-348146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-3dc146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-454146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-4581471D8.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-4a81471D8.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-4f0146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-534146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-688146F70.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-6a0146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-a30146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-b20146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-b24146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-b58146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-bf4146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-c441471D8.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-c50146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-c9c146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-ca0146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-cc0146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-ce41471D8.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-d38146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-dd0146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-e30146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-ed0146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-ee4146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-f40146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-fe0146798.log
c:\program files\Once Dog Ace
c:\program files\Symantec
c:\program files\Symantec\S32EVNT1.DLL
c:\program files\Symantec\SYMEVENT.CAT
c:\program files\Symantec\SYMEVENT.INF
c:\program files\Symantec\SYMEVENT.SYS
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-09 au 2009-03-09 ))))))))))))))))))))))))))))))))))))
.
2009-03-08 14:53 . 2009-03-08 14:53 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-08 14:34 . 2009-03-08 14:36 <REP> d-------- C:\Lop SD
2009-02-13 16:55 . 2009-02-13 16:55 <REP> d-------- c:\program files\uTorrent
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-09 20:40 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-09 20:40 --------- d-----w c:\program files\Spyware Terminator
2009-03-09 20:18 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-09 20:17 --------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-03-09 20:11 --------- d-----w c:\documents and settings\Laurence et Anthony\Application Data\Spyware Terminator
2009-03-07 21:21 --------- d-----w c:\program files\Google
2009-03-05 20:39 --------- d-----w c:\program files\Trend Micro
2009-03-01 09:25 --------- d-----w c:\documents and settings\Laurence et Anthony\Application Data\uTorrent
2009-02-26 18:51 --------- d-----w c:\program files\eMule
2009-02-26 17:58 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-05 20:37 --------- d-----w c:\program files\Windows Live
2009-02-05 20:36 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-02-05 20:34 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-05 20:34 --------- d-----w c:\program files\Microsoft
2009-02-05 20:08 --------- d-----w c:\program files\Fichiers communs\Windows Live
2009-02-03 18:43 --------- d-----w c:\program files\DivX
2009-01-20 20:48 --------- d-----w c:\documents and settings\Laurence et Anthony\Application Data\Thunderbird
2009-01-19 21:09 --------- d-----w c:\program files\Microsoft Works
2009-01-07 20:00 108,088 ----a-w c:\documents and settings\Laurence et Anthony\Application Data\GDIPFONTCACHEV1.DAT
2007-01-28 11:48 560 ----a-w c:\documents and settings\Laurence et Anthony\Application Data\ViewerApp.dat
2006-05-06 16:42 7,260,160 ----a-w c:\program files\mozilla firefox\plugins\libvlc.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-03-07_22.07.19,26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-25 00:58:18 410,984 ----a-w c:\windows\system32\deploytk.dll
+ 2009-03-08 13:53:03 410,984 ----a-w c:\windows\system32\deploytk.dll
- 2008-12-25 00:58:20 144,792 ----a-w c:\windows\system32\java.exe
+ 2009-03-08 13:53:04 144,792 ----a-w c:\windows\system32\java.exe
- 2008-12-25 00:58:20 144,792 ----a-w c:\windows\system32\javaw.exe
+ 2009-03-08 13:53:05 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-12-25 00:58:20 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2009-03-08 13:53:05 148,888 ----a-w c:\windows\system32\javaws.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-12-25 2267136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
c:\documents and settings\Laurence et Anthony\Menu D‚marrer\Programmes\D‚marrage\
SpywareBlaster.lnk - c:\program files\SpywareBlaster\spywareblaster.exe [2008-12-25 1320464]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"SENTINEL"= snti386.dll
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Supervision de Photo Loader.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Laurence et Anthony^Menu Démarrer^Programmes^Démarrage^CD-MENU.LNK]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-03-22 20:05 339968 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 18:04 139264 c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2005-02-17 13:01 233534 c:\program files\HPQ\Default Settings\Cpqset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2004-12-03 12:24 290816 c:\program files\HPQ\Quick Launch Buttons\eabservr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 02:10 409600 c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 22:11 49152 c:\program files\Hp\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2005-04-11 14:21 794624 c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2008-07-24 13:22 243072 c:\program files\IncrediMail\bin\IncMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 c:\program files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 c:\program files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2004-10-14 12:54 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-05-27 09:18 221184 c:\windows\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-05-08 19:06 190024 c:\program files\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 c:\program files\Java\jre1.5.0_10\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-30 21:19 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-02-02 13:11 692316 c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2005-02-02 13:12 102492 c:\program files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
--a------ 2006-03-07 00:52 36864 c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"hpqwmi"=3 (0x3)
"gusvc"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Documents and Settings\\Laurence et Anthony\\Mes documents\\Mes fichiers reçus\\utorrent.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-12-25 142592]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-03-22 200192]
R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [2005-07-13 260608]
S3 NBXG7031;NB 802.11g XG703 SP1 Driver;c:\windows\system32\drivers\WlanUIG.sys [2005-10-21 381312]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1303ddf6-8f98-11dc-860d-0060b355a6b3}]
\Shell\AutoRun\command - E:\AutoTransfer.exe
.
Contenu du dossier 'Tâches planifiées'
2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
TCP: {3AA64611-7245-4495-97EA-EE7BF747E636} = 192.168.30.1
TCP: {DCDB0A75-39C3-4E17-99AD-5E9CA1A1372A} = 192.168.30.1
FF - ProfilePath - c:\documents and settings\Laurence et Anthony\Application Data\Mozilla\Firefox\Profiles\durybrv7.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Rechercher
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-09 21:40:46
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express]
@DACL=(02 0000)
@SACL=
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-03-09 21:44:35 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-09 20:44:29
ComboFix2.txt 2009-03-08 13:28:59
ComboFix3.txt 2009-03-07 21:08:42
Avant-CF: 54 479 036 416 octets libres
Après-CF: 54,525,652,992 octets libres
314 --- E O F --- 2009-03-05 15:17:09
cordialement.
Je peux dire que mon problème pour envoyer des mails est résolu (merci)
Je joins le rapport combofix :
ComboFix 09-03-06.02 - Laurence et Anthony 2009-03-09 21:34:49.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.510.114 [GMT 1:00]
Lancé depuis: c:\documents and settings\Laurence et Anthony\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Laurence et Anthony\Bureau\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
FILE ::
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\NOD32.Antivirus.v2.51.30.FR.(Version.Windows_XP_2000_2003_NT_32-bit_64-bit).Incl-Crack.rar
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack.zip
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\ADMINI~1\APPLIC~1\Symantec
c:\docume~1\ALLUSE~1\APPLIC~1\1 proc 2 creative
c:\docume~1\ALLUSE~1\APPLIC~1\1 proc 2 creative\PROXY HTM DEFAULT
c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft\Ad-Aware\update\backup\Help\Ad-Awaremanual-EN.chm.old
c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft\Ad-Aware\update\backup\Lang\EN.lslang.old
c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft\Ad-Aware\update\new\Help\Ad-Awaremanual-EN.chm.new
c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft\Ad-Aware\update\new\Lang\EN.lslang.new
c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft\MiniMessage\2
c:\docume~1\ALLUSE~1\APPLIC~1\Symantec
c:\docume~1\ALLUSE~1\APPLIC~1\Symantec\LiveSubscribe\Catalog.LiveSubscribe
c:\docume~1\ALLUSE~1\APPLIC~1\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
c:\docume~1\ALLUSE~1\APPLIC~1\Symantec\LiveUpdate\Settings.LiveUpdate
c:\docume~1\LAUREN~1\APPLIC~1\01JOY
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\Kompass clé
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\Kompass clé\A lire.txt
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\Kompass clé\Au cas où.txt
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\Kompass clé\Crack Kompass v27 final Mars 2004 by Arsene.exe
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\NOD32.Antivirus.v2.51.30.FR.(Version.Windows_XP_2000_2003_NT_32-bit_64-bit).Incl-Crack
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\NOD32.Antivirus.v2.51.30.FR.(Version.Windows_XP_2000_2003_NT_32-bit_64-bit).Incl-Crack.rar
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\NOD32.Antivirus.v2.51.30.FR.(Version.Windows_XP_2000_2003_NT_32-bit_64-bit).Incl-Crack\http--www.emule-paradise.com-.url
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\NOD32.Antivirus.v2.51.30.FR.(Version.Windows_XP_2000_2003_NT_32-bit_64-bit).Incl-Crack\nentfrst.exe
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack.zip
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack\CORE.NFO
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack\CORE10k.EXE
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack\cr-wr320.exe
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack\FILE_ID.DIZ
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack\twh.nfo
c:\docume~1\LAUREN~1\Mes documents\Mes fichiers reçus\Win Rar 3.2 Crack\wrar320.exe
c:\docume~1\NETWOR~1\APPLIC~1\Symantec
c:\docume~1\NETWOR~1\APPLIC~1\Symantec\Shared\MyProfile.UserProfile
c:\docume~1\PROPRI~1\APPLIC~1\Symantec
c:\program files\Adverts
c:\program files\Fichiers communs\Symantec Shared
c:\program files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Fichiers communs\Symantec Shared\SEVINST.EXE
c:\program files\Fichiers communs\Symantec Shared\SPManifests\SYMEVNT.GRD
c:\program files\Fichiers communs\Symantec Shared\SPManifests\SYMEVNT.SIG
c:\program files\Fichiers communs\Symantec Shared\SPManifests\SYMEVNT.SPM
c:\program files\Norton AntiVirus
c:\program files\Norton AntiVirus\IWP\ALEUpdate-218146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-288146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-2e4146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-348146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-3dc146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-454146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-4581471D8.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-4a81471D8.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-4f0146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-534146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-688146F70.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-6a0146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-a30146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-b20146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-b24146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-b58146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-bf4146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-c441471D8.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-c50146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-c9c146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-ca0146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-cc0146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-ce41471D8.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-d38146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-dd0146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-e30146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-ed0146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-ee4146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-f40146798.log
c:\program files\Norton AntiVirus\IWP\ALEUpdate-fe0146798.log
c:\program files\Once Dog Ace
c:\program files\Symantec
c:\program files\Symantec\S32EVNT1.DLL
c:\program files\Symantec\SYMEVENT.CAT
c:\program files\Symantec\SYMEVENT.INF
c:\program files\Symantec\SYMEVENT.SYS
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-09 au 2009-03-09 ))))))))))))))))))))))))))))))))))))
.
2009-03-08 14:53 . 2009-03-08 14:53 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-08 14:34 . 2009-03-08 14:36 <REP> d-------- C:\Lop SD
2009-02-13 16:55 . 2009-02-13 16:55 <REP> d-------- c:\program files\uTorrent
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-09 20:40 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-09 20:40 --------- d-----w c:\program files\Spyware Terminator
2009-03-09 20:18 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-09 20:17 --------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-03-09 20:11 --------- d-----w c:\documents and settings\Laurence et Anthony\Application Data\Spyware Terminator
2009-03-07 21:21 --------- d-----w c:\program files\Google
2009-03-05 20:39 --------- d-----w c:\program files\Trend Micro
2009-03-01 09:25 --------- d-----w c:\documents and settings\Laurence et Anthony\Application Data\uTorrent
2009-02-26 18:51 --------- d-----w c:\program files\eMule
2009-02-26 17:58 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-05 20:37 --------- d-----w c:\program files\Windows Live
2009-02-05 20:36 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-02-05 20:34 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-05 20:34 --------- d-----w c:\program files\Microsoft
2009-02-05 20:08 --------- d-----w c:\program files\Fichiers communs\Windows Live
2009-02-03 18:43 --------- d-----w c:\program files\DivX
2009-01-20 20:48 --------- d-----w c:\documents and settings\Laurence et Anthony\Application Data\Thunderbird
2009-01-19 21:09 --------- d-----w c:\program files\Microsoft Works
2009-01-07 20:00 108,088 ----a-w c:\documents and settings\Laurence et Anthony\Application Data\GDIPFONTCACHEV1.DAT
2007-01-28 11:48 560 ----a-w c:\documents and settings\Laurence et Anthony\Application Data\ViewerApp.dat
2006-05-06 16:42 7,260,160 ----a-w c:\program files\mozilla firefox\plugins\libvlc.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-03-07_22.07.19,26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-25 00:58:18 410,984 ----a-w c:\windows\system32\deploytk.dll
+ 2009-03-08 13:53:03 410,984 ----a-w c:\windows\system32\deploytk.dll
- 2008-12-25 00:58:20 144,792 ----a-w c:\windows\system32\java.exe
+ 2009-03-08 13:53:04 144,792 ----a-w c:\windows\system32\java.exe
- 2008-12-25 00:58:20 144,792 ----a-w c:\windows\system32\javaw.exe
+ 2009-03-08 13:53:05 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-12-25 00:58:20 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2009-03-08 13:53:05 148,888 ----a-w c:\windows\system32\javaws.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-12-25 2267136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
c:\documents and settings\Laurence et Anthony\Menu D‚marrer\Programmes\D‚marrage\
SpywareBlaster.lnk - c:\program files\SpywareBlaster\spywareblaster.exe [2008-12-25 1320464]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"SENTINEL"= snti386.dll
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Supervision de Photo Loader.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Laurence et Anthony^Menu Démarrer^Programmes^Démarrage^CD-MENU.LNK]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-03-22 20:05 339968 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 18:04 139264 c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2005-02-17 13:01 233534 c:\program files\HPQ\Default Settings\Cpqset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2004-12-03 12:24 290816 c:\program files\HPQ\Quick Launch Buttons\eabservr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 02:10 409600 c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 22:11 49152 c:\program files\Hp\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2005-04-11 14:21 794624 c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2008-07-24 13:22 243072 c:\program files\IncrediMail\bin\IncMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 c:\program files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 c:\program files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2004-10-14 12:54 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-05-27 09:18 221184 c:\windows\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-05-08 19:06 190024 c:\program files\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 c:\program files\Java\jre1.5.0_10\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-30 21:19 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-02-02 13:11 692316 c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2005-02-02 13:12 102492 c:\program files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
--a------ 2006-03-07 00:52 36864 c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"hpqwmi"=3 (0x3)
"gusvc"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Documents and Settings\\Laurence et Anthony\\Mes documents\\Mes fichiers reçus\\utorrent.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-12-25 142592]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-03-22 200192]
R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [2005-07-13 260608]
S3 NBXG7031;NB 802.11g XG703 SP1 Driver;c:\windows\system32\drivers\WlanUIG.sys [2005-10-21 381312]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1303ddf6-8f98-11dc-860d-0060b355a6b3}]
\Shell\AutoRun\command - E:\AutoTransfer.exe
.
Contenu du dossier 'Tâches planifiées'
2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
TCP: {3AA64611-7245-4495-97EA-EE7BF747E636} = 192.168.30.1
TCP: {DCDB0A75-39C3-4E17-99AD-5E9CA1A1372A} = 192.168.30.1
FF - ProfilePath - c:\documents and settings\Laurence et Anthony\Application Data\Mozilla\Firefox\Profiles\durybrv7.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Rechercher
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-09 21:40:46
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Identities\{676468C9-3382-4F2A-B9CD-F655B4FA4FC7}\Software\Microsoft\Outlook Express]
@DACL=(02 0000)
@SACL=
[HKEY_USERS\S-1-5-21-1609487002-4149792273-3484888702-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-03-09 21:44:35 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-09 20:44:29
ComboFix2.txt 2009-03-08 13:28:59
ComboFix3.txt 2009-03-07 21:08:42
Avant-CF: 54 479 036 416 octets libres
Après-CF: 54,525,652,992 octets libres
314 --- E O F --- 2009-03-05 15:17:09
cordialement.
Curson
le 09 mars 2009 à 23h03
Heureux de voir que ton problème est résolu.
Suppression des outils
1) Télécharge ToolsCleaner2 de A.Rothstein et enregistre-le sur ton bureau.
2) Double-clique sur ToolsCleaner2.exe pour lancer l'outil.
- Clique sur le bouton Recherche.
- Une fois la recherche terminée, clique sur le bouton Suppression.
- Copie/colle le rapport et poste-le dans ta prochaine réponse.
Tu peux ensuite supprimer ToolsCleaner.
Cordialement.
Suppression des outils
1) Télécharge ToolsCleaner2 de A.Rothstein et enregistre-le sur ton bureau.
2) Double-clique sur ToolsCleaner2.exe pour lancer l'outil.
- Clique sur le bouton Recherche.
- Une fois la recherche terminée, clique sur le bouton Suppression.
- Copie/colle le rapport et poste-le dans ta prochaine réponse.
Tu peux ensuite supprimer ToolsCleaner.
Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
Si votre sujet reste sans réponse, merci de le signaler ici.
jalawe
le 10 mars 2009 à 19h18
merci pour tout, voici le rapport toolscleaner2
[ Rapport ToolsCleaner version 2.2.9 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\Combofix.txt: trouvé !
C:\lopR.txt: trouvé !
C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Laurence et Anthony\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Laurence et Anthony\Bureau\LopSD.exe: trouvé !
C:\Documents and Settings\Laurence et Anthony\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Laurence et Anthony\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\Laurence et Anthony\Bureau\OTViewIt.txt: trouvé !
C:\Documents and Settings\Laurence et Anthony\Bureau\OTViewIt.exe: trouvé !
C:\Documents and Settings\Laurence et Anthony\Bureau\suite virus\ComboFix.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\WINDOWS\NIRCMD.exe: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Laurence et Anthony\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Laurence et Anthony\Bureau\LopSD.exe: supprimé !
C:\Documents and Settings\Laurence et Anthony\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\Laurence et Anthony\Bureau\HJTInstall.exe: supprimé !
C:\Documents and Settings\Laurence et Anthony\Bureau\suite virus\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\lopR.txt: supprimé !
C:\Documents and Settings\Laurence et Anthony\Bureau\OTViewIt.txt: supprimé !
C:\Documents and Settings\Laurence et Anthony\Bureau\OTViewIt.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\WINDOWS\NIRCMD.exe: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
cordialement.
[ Rapport ToolsCleaner version 2.2.9 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\Combofix.txt: trouvé !
C:\lopR.txt: trouvé !
C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Laurence et Anthony\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Laurence et Anthony\Bureau\LopSD.exe: trouvé !
C:\Documents and Settings\Laurence et Anthony\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Laurence et Anthony\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\Laurence et Anthony\Bureau\OTViewIt.txt: trouvé !
C:\Documents and Settings\Laurence et Anthony\Bureau\OTViewIt.exe: trouvé !
C:\Documents and Settings\Laurence et Anthony\Bureau\suite virus\ComboFix.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\WINDOWS\NIRCMD.exe: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Laurence et Anthony\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Laurence et Anthony\Bureau\LopSD.exe: supprimé !
C:\Documents and Settings\Laurence et Anthony\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\Laurence et Anthony\Bureau\HJTInstall.exe: supprimé !
C:\Documents and Settings\Laurence et Anthony\Bureau\suite virus\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\lopR.txt: supprimé !
C:\Documents and Settings\Laurence et Anthony\Bureau\OTViewIt.txt: supprimé !
C:\Documents and Settings\Laurence et Anthony\Bureau\OTViewIt.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\WINDOWS\NIRCMD.exe: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
cordialement.
Curson
le 11 mars 2009 à 16h10
Bonjour,
Supprime manuellement les fichiers ci-dessous :
C:\Documents and Settings\Laurence et Anthony\Bureau\ComboFix.exe
C:\Documents and Settings\Laurence et Anthony\Bureau\suite virus\ComboFix.exe
Quelques conseils de sécurité
Je te conseille également la lecture de ce document.
Si tu désires mieux connaître le domaine de la sécurité informatique, je ne peux que t'encourager à visiter le site de Malekal_Morte.
Cordialement.
Supprime manuellement les fichiers ci-dessous :
C:\Documents and Settings\Laurence et Anthony\Bureau\ComboFix.exe
C:\Documents and Settings\Laurence et Anthony\Bureau\suite virus\ComboFix.exe
Quelques conseils de sécurité
Je te conseille également la lecture de ce document.
Si tu désires mieux connaître le domaine de la sécurité informatique, je ne peux que t'encourager à visiter le site de Malekal_Morte.
Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
Si votre sujet reste sans réponse, merci de le signaler ici.
jalawe
le 17 mars 2009 à 21h26
Bonsoir,
merci pour tout.
merci pour tout.
Curson
le 17 mars 2009 à 21h42
Bonsoir,
Ce fut un plaisir.
Bonne continuation.
Ce fut un plaisir.
Bonne continuation.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
Si votre sujet reste sans réponse, merci de le signaler ici.
PRODUITS
- Portables |
- PC |
- Moniteurs |
- Photo / Vidéo |
- T.V. |
- Audio |
- GPS |
- Stockage |
- Téléphonie |
- autres catégories
TÉLÉCHARGER - LOGICIELS
- Windows & logiciels |
- Bureautique |
- Développement |
- Internet |
- Jeux |
- Loisirs |
- Multimédia |
- Personnaliser son pc |
- Sécurité |
- Utilitaires |
- Logiciels Linux |
- logiciels Mac
JEUX VIDÉOS
- jeux PC |
- Xbox |
- Playstation |
- Wii |
- PSP |
- DS |
- Action |
- Aventure |
- MMORPG |
- Sports |
- Simulation |
- Enfant |
- Soluces et astuces
LOISIRS
01NET PRO
- Réseaux et Internet |
- Programmation et développement |
- Logiciels d'entreprise |
- Systèmes d'exploitation en entreprise |
- Sécurité en entreprise |
- Entreprenariat |
- Emploi |
- Services PRO |
- Matériel PRO
AVIS ET COMMENTAIRES
- Les actualités de 01net. |
- Avis sur les jeux vidéos |
- Avis sur les produits |
- Avis sur les logiciels |
A PROPOS DE 01NET
publicité
Messages des modérateurs
A lire aussi
PRODUITS
- je n'arrive pas à envoyer mes photos par mail
- envoyer des photos par internet!
- Comment faire pour envoyer des fotos par mail?
- envoyer des photos en dossier
- envoyer une vidéo (un peu lourde)
TÉLÉCHARGER - LOGICIELS
- Envoyer un mail automatiquement sans serveur
- recherche à télécharger petits sons pour e-mails
- problème pour envoyer des mails
- problème de son
- Impossible envoyer mails à partir d'Outlook Express [Résolu]
JEUX VIDÉOS
- probleme avec real arcade sous vista
- probleme real arcade
- problème bf2142
- autorun.exe a rencontré un problème(résolu par formatage)
- Probleme de manque de mémoire virtuelle
LOISIRS
- Problème de Maths
- probleme avec profs
- probleme avec mon courrier (écrit/poste, pas les mails)
- Problème de math
- probleme
01NET PRO
AVIS ET COMMENTAIRES
- Un problème de clé…
- Le cours du dollar : problème dominant de 2005
- Le problème des hot lines placé sur liste d'attente
- Le principal problème de l'informatique ? L'informaticien
- Caro Les opérateurs invités à envoyer des alertes en cas de surconsommation téléphonique
A PROPOS DE 01NET
 |
 |
> 01netPro :
Rubrique Emplois Consultez les actualités et les dernières offres.
|
 |
||
L'ORDINATEUR INDIVIDUEL
Le mensuel informatique qui vous informe et vous conseille.
Nous contacter
|
Charte de confiance
|
Voir notice légale
01net. - 01men - RMC - BFM Radio - BFM TV - TousLesPodcasts - 01informatique.fr - Association RMC-BFM
01net. - 01men - RMC - BFM Radio - BFM TV - TousLesPodcasts - 01informatique.fr - Association RMC-BFM
Tous droits réservés © 1999 - 2009 Internext - 01net.