S'abonner :  Newsletters    Magazines
Avis sur les produits Avis sur les logiciels Avis sur les jeux Actualités A propos de 01net
1135 utilisateurs connectés
Forum de 01net / Sécurité / virus MSN

virus MSN

flochlo le 25 aout 2009 à 19h37
Bonsoir à tous
J'ai depuis plusieurs jours "Antivir" qui me détecte un virus MSN.Dois-je laiser tel que ou faut-il nettoyer.Merci pour l'aide.
répondre
Curson le 25 aout 2009 à 20h16
Bonsoir,

Poste le rapport AntiVir.

Télécharge HiJackThis de Merijn sur ton bureau.

- Double-clic sur HijackThis.
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note.

- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller

Aide : N'hésite pas à consulter l'aide HiJackThis.


Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
répondre
flochlo le 25 aout 2009 à 21h48
Bonsoir Curson
Merci pour l'aide.Avant de te repondre je faisais un scan avec Malwarebyte.Je te joins le rapport avec celui de Hijackthis plus l'alerte Antivir.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:59, on 25/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [utchonuc] "c:\documents and settings\propriétaire\local settings\application data\utchonuc.exe" utchonuc
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

--
End of file - 10910 bytes
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2551
Windows 5.1.2600 Service Pack 3

25/08/2009 21:31:18
mbam-log-2009-08-25 (21-31-18).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 183997
Temps écoulé: 1 hour(s), 11 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\utchonuc (Trojan.Agent.H) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Antivir
Dans le fichier 'C:\Program Files\Messenger Plus! Live\Scripts\SendTo\_sendfile.exe'
un virus ou un programme indésirable 'TR/Crypt.CFI.Gen' [trojan] a été détecté.
Action exécutée : Refuser l'accès
répondre
Curson le 25 aout 2009 à 21h56
Bonsoir,

Désactive tes logiciels de sécurité durant la procédure.

1) Télécharge Navilog1 et enregistre-le sur ton bureau.

- Clique-droit sur navilog1.exe et suis les instructions d'installation.

- Démarre Navilog1 à partir du raccourci crée sur ton bureau.
- Sur le menu principal, choisis 1.
- Suis les instructions et patiente.
- Patiente jusqu'au message *** Nettoyage terminé le....*** (il se peut que ça prenne un certain temps).
- Appuie sur une touche ainsi que demandé.
- Un document du Bloc-notes est créé : fixnavi.txt.
- Copie/colle le contenu de ce compte-rendu dans ta prochaine réponse.
- Referme le Bloc-notes.


2) Télécharge Lop S&D sur ton bureau

- Double-clique dessus pour lancer l'installation
- Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
- Sélectionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
- Patiente jusqu'à la fin du scan
- Poste le rapport généré (C:\lopR.txt)


3) J'aimerais que tu scannes le fichier suivant sur VirusTotal ; Tutorial : http://forum.malekal.com/viewtopic.php?f=59&t=9828
C:\Program Files\Messenger Plus! Live\Scripts\SendTo\_sendfile.exe

Poste le rapport obtenu.


Cordialement.
-->Message édité par Curson le 25/08/2009 22:42:19<--
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
répondre
flochlo le 26 aout 2009 à 09h29
Bonjour Curson
Voici les rapports que tu m'as demandé.

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Not Activated)
C:\ (Local Disk) - NTFS - Total:72 Go (Free:24 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 26/08/2009| 9:07 )

--------------------\\ Listing des dossiers dans APPLIC~1

[12/04/2008|09:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[15/06/2009|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[17/01/2009|09:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[12/03/2009|18:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/11/2006|17:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[10/07/2008|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[15/06/2009|17:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[19/05/2009|09:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[05/08/2007|10:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[07/12/2008|13:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[29/12/2007|12:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
[06/01/2008|13:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
[18/05/2009|08:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[28/09/2007|18:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[22/12/2008|21:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[25/01/2009|17:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[24/12/2008|14:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
[05/11/2008|23:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HPSSUPPLY
[26/07/2009|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\iolo
[27/10/2008|19:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[01/06/2008|20:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[12/07/2008|08:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[30/09/2007|12:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
[22/12/2008|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[06/06/2009|18:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[22/12/2008|20:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[11/02/2009|12:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[03/01/2008|23:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tonstickcakebias
[05/11/2008|19:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WEBREG
[08/12/2006|20:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[08/11/2006|20:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[06/06/2009|12:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[08/07/2009|17:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
[01/03/2008|16:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[12/08/2007|15:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[27/04/2009|09:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\iolo
[19/12/2006|18:56] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[04/04/2007|10:24] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[05/05/2008|17:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\Adobe
[18/01/2007|21:25] C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeUM
[02/06/2009|19:41] C:\DOCUME~1\PROPRI~1\APPLIC~1\AdSigner
[29/05/2007|16:36] C:\DOCUME~1\PROPRI~1\APPLIC~1\Ahead
[01/07/2009|23:34] C:\DOCUME~1\PROPRI~1\APPLIC~1\aMule
[25/08/2009|16:29] C:\DOCUME~1\PROPRI~1\APPLIC~1\Apple Computer
[05/08/2007|10:33] C:\DOCUME~1\PROPRI~1\APPLIC~1\AVS4YOU
[17/05/2009|18:44] C:\DOCUME~1\PROPRI~1\APPLIC~1\Azureus
[08/11/2006|21:45] C:\DOCUME~1\PROPRI~1\APPLIC~1\CyberLink
[01/01/2008|12:19] C:\DOCUME~1\PROPRI~1\APPLIC~1\DataCast
[06/04/2008|09:03] C:\DOCUME~1\PROPRI~1\APPLIC~1\DivX
[17/05/2009|18:44] C:\DOCUME~1\PROPRI~1\APPLIC~1\DNA
[01/01/2008|12:20] C:\DOCUME~1\PROPRI~1\APPLIC~1\F-Secure
[16/09/2007|19:50] C:\DOCUME~1\PROPRI~1\APPLIC~1\Google
[17/01/2007|18:57] C:\DOCUME~1\PROPRI~1\APPLIC~1\Help
[25/01/2009|17:47] C:\DOCUME~1\PROPRI~1\APPLIC~1\HP
[20/03/2009|20:46] C:\DOCUME~1\PROPRI~1\APPLIC~1\HPAppData
[08/11/2006|17:10] C:\DOCUME~1\PROPRI~1\APPLIC~1\Identities
[06/04/2008|09:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\IE7Pro
[29/07/2007|09:40] C:\DOCUME~1\PROPRI~1\APPLIC~1\IMVU
[01/01/2008|12:19] C:\DOCUME~1\PROPRI~1\APPLIC~1\InstallShield
[26/07/2009|10:17] C:\DOCUME~1\PROPRI~1\APPLIC~1\iolo
[10/06/2009|15:46] C:\DOCUME~1\PROPRI~1\APPLIC~1\Kptic
[06/04/2008|09:10] C:\DOCUME~1\PROPRI~1\APPLIC~1\Lavasoft
[09/11/2006|21:30] C:\DOCUME~1\PROPRI~1\APPLIC~1\Leadertech
[17/05/2009|18:44] C:\DOCUME~1\PROPRI~1\APPLIC~1\LimeWire
[17/01/2009|14:00] C:\DOCUME~1\PROPRI~1\APPLIC~1\Macromedia
[12/07/2008|08:52] C:\DOCUME~1\PROPRI~1\APPLIC~1\Malwarebytes
[10/06/2009|15:40] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft
[21/06/2008|18:45] C:\DOCUME~1\PROPRI~1\APPLIC~1\Mozilla
[08/09/2007|09:44] C:\DOCUME~1\PROPRI~1\APPLIC~1\Real
[20/06/2009|21:14] C:\DOCUME~1\PROPRI~1\APPLIC~1\Samsung
[11/06/2007|17:09] C:\DOCUME~1\PROPRI~1\APPLIC~1\Screenshot Sender
[06/02/2007|19:21] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sun
[23/06/2008|17:22] C:\DOCUME~1\PROPRI~1\APPLIC~1\TaoUSign
[02/01/2007|18:20] C:\DOCUME~1\PROPRI~1\APPLIC~1\vlc
[03/01/2008|23:43] C:\DOCUME~1\PROPRI~1\APPLIC~1\Xfire

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[23/08/2009 17:59][--a------] C:\WINDOWS\tasks\Norton Security Scan for Propriétaire.job
[25/08/2009 11:49][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[25/08/2009 15:29][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{A4D7789E-CA6E-4783-9910-B3DD4A483B80}.job
[26/08/2009 09:04][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[26/08/2009 09:00][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 14:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[17/01/2009|13:55] C:\Program Files\Adobe
[22/12/2008|19:58] C:\Program Files\Adverts
[17/01/2007|19:05] C:\Program Files\Agfa
[08/11/2006|17:53] C:\Program Files\Ahead
[04/11/2007|17:43] C:\Program Files\Alawar
[06/04/2008|09:27] C:\Program Files\Alwil Software
[27/06/2009|16:27] C:\Program Files\aMule
[15/06/2009|17:53] C:\Program Files\Apple Software Update
[25/05/2009|18:12] C:\Program Files\Ask Search Assistant
[08/11/2006|17:59] C:\Program Files\ASUSTeK
[10/06/2009|15:17] C:\Program Files\AVIConverter
[19/05/2009|09:32] C:\Program Files\Avira
[06/04/2008|09:09] C:\Program Files\AviSynth 2.5
[14/03/2009|19:39] C:\Program Files\AVS4YOU
[06/04/2008|09:12] C:\Program Files\AxySnake
[15/06/2009|17:51] C:\Program Files\Bonjour
[06/04/2008|09:09] C:\Program Files\Boonty
[14/08/2008|13:25] C:\Program Files\Borland
[09/04/2007|09:01] C:\Program Files\Canon
[06/04/2008|09:01] C:\Program Files\CCleaner
[17/05/2009|18:44] C:\Program Files\Championship Manager 3
[22/12/2008|19:58] C:\Program Files\Circle Developement
[26/10/2008|13:45] C:\Program Files\Collège Multimédia
[08/11/2006|17:01] C:\Program Files\ComPlus Applications
[04/11/2007|17:31] C:\Program Files\DemonStarSM2_Shareware
[10/02/2007|23:07] C:\Program Files\Disney Interactive
[01/01/2009|20:24] C:\Program Files\DNA
[13/06/2008|16:06] C:\Program Files\Dofus
[26/12/2008|15:17] C:\Program Files\DVDVideoSoft
[22/12/2008|19:59] C:\Program Files\DVDVideoSoft(2)
[01/04/2007|13:32] C:\Program Files\EA GAMES
[23/08/2009|16:17] C:\Program Files\eMule
[26/03/2007|19:50] C:\Program Files\Ensemble clavier et souris sans fil Labtec
[15/06/2009|17:50] C:\Program Files\Fichiers communs
[04/11/2007|17:33] C:\Program Files\GameSpy Arcade
[18/05/2009|08:46] C:\Program Files\Google
[26/10/2008|13:46] C:\Program Files\Guitar Pro 5
[28/01/2009|22:03] C:\Program Files\Hasbro Interactive
[08/11/2006|22:40] C:\Program Files\Hewlett-Packard
[23/12/2008|20:45] C:\Program Files\HP
[08/11/2006|22:42] C:\Program Files\hp deskjet 845c series
[06/04/2008|09:12] C:\Program Files\IE7Pro
[29/07/2007|09:41] C:\Program Files\IMVU
[18/05/2009|08:53] C:\Program Files\Infogrames
[17/05/2009|18:38] C:\Program Files\InstallShield Installation Information
[23/08/2009|18:08] C:\Program Files\Internet Explorer
[25/08/2009|12:41] C:\Program Files\iPod
[25/08/2009|12:42] C:\Program Files\iTunes
[10/04/2009|08:56] C:\Program Files\Java
[01/01/2008|12:19] C:\Program Files\Lame MP3 Codec
[25/12/2008|10:13] C:\Program Files\Lavalys
[27/10/2008|19:16] C:\Program Files\Lavasoft
[30/09/2007|10:41] C:\Program Files\Logitech
[04/08/2007|12:23] C:\Program Files\LudoRace
[25/08/2009|20:17] C:\Program Files\Malwarebytes' Anti-Malware
[25/12/2007|00:02] C:\Program Files\MarkAny
[06/04/2008|09:09] C:\Program Files\MediaInfo
[26/10/2008|13:50] C:\Program Files\Messenger
[25/05/2009|18:12] C:\Program Files\Messenger Plus! Live
[06/01/2007|13:01] C:\Program Files\Micro Application
[06/06/2009|12:59] C:\Program Files\Microsoft
[09/05/2007|15:28] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[08/11/2006|17:05] C:\Program Files\microsoft frontpage
[20/04/2008|20:40] C:\Program Files\Microsoft Games
[18/01/2009|21:12] C:\Program Files\Microsoft Office
[01/08/2009|11:06] C:\Program Files\Microsoft Silverlight
[06/06/2009|12:57] C:\Program Files\Microsoft SQL Server Compact Edition
[06/06/2009|12:58] C:\Program Files\Microsoft Sync Framework
[11/05/2009|17:59] C:\Program Files\Mio Technology
[26/10/2008|13:49] C:\Program Files\Movie Maker
[25/08/2009|16:30] C:\Program Files\Mozilla Firefox
[23/08/2009|18:12] C:\Program Files\MSBuild
[18/01/2009|21:12] C:\Program Files\MSECache
[14/11/2006|21:53] C:\Program Files\MSN
[08/11/2006|17:00] C:\Program Files\MSN Gaming Zone
[06/04/2008|09:09] C:\Program Files\MSXML 4.0
[05/08/2008|18:54] C:\Program Files\Multi_Media_France
[22/12/2008|19:58] C:\Program Files\MyFree Codec
[26/08/2009|09:02] C:\Program Files\Navilog1
[10/06/2009|17:38] C:\Program Files\Neonumeric
[22/12/2008|19:58] C:\Program Files\Netlog 24
[26/10/2008|13:47] C:\Program Files\NetMeeting
[10/07/2009|18:00] C:\Program Files\Norton Security Scan
[11/08/2007|10:22] C:\Program Files\Oct2005_xinput_x64
[08/11/2006|17:00] C:\Program Files\Online Services
[23/08/2009|18:05] C:\Program Files\Outlook Express
[28/10/2008|18:34] C:\Program Files\Pack Securite
[06/04/2008|09:02] C:\Program Files\Philips
[15/06/2009|17:19] C:\Program Files\QuickTime
[08/09/2007|09:38] C:\Program Files\Real
[06/04/2008|09:09] C:\Program Files\Realore
[23/08/2009|18:12] C:\Program Files\Reference Assemblies
[30/12/2007|10:59] C:\Program Files\RegCleaner
[03/08/2007|15:58] C:\Program Files\Return to Castle Wolfenstein
[08/11/2006|18:02] C:\Program Files\S3Inc
[25/08/2009|12:59] C:\Program Files\Safari
[25/12/2007|00:02] C:\Program Files\Samsung
[08/11/2006|17:03] C:\Program Files\Services en ligne
[14/01/2009|18:45] C:\Program Files\SFR
[28/12/2008|12:38] C:\Program Files\Spybot - Search & Destroy
[15/04/2008|20:21] C:\Program Files\Sun
[06/04/2008|09:12] C:\Program Files\Superball Arcade Demo
[17/05/2009|18:38] C:\Program Files\ToniArts
[25/08/2009|21:35] C:\Program Files\Trend Micro
[08/11/2006|17:10] C:\Program Files\Uninstall Information
[25/08/2009|22:45] C:\Program Files\vanBasco's Karaoke Player
[08/11/2006|18:04] C:\Program Files\VIA Technologies, Inc
[02/01/2007|18:12] C:\Program Files\VideoLAN
[06/04/2008|09:09] C:\Program Files\WinASPI
[09/11/2007|18:48] C:\Program Files\WinAVI MP4 Converter
[01/01/2008|13:51] C:\Program Files\Windows Defender
[06/06/2009|12:59] C:\Program Files\Windows Live
[27/06/2008|18:07] C:\Program Files\Windows Live Safety Center
[06/06/2009|12:54] C:\Program Files\Windows Live SkyDrive
[13/04/2008|23:09] C:\Program Files\Windows Live Toolbar
[18/12/2006|22:19] C:\Program Files\Windows Media Connect 2
[26/10/2008|13:47] C:\Program Files\Windows Media Player
[26/10/2008|13:47] C:\Program Files\Windows NT
[08/11/2006|17:03] C:\Program Files\WindowsUpdate
[06/04/2008|09:00] C:\Program Files\WinRAR
[08/07/2009|17:23] C:\Program Files\WinZip
[02/01/2007|15:55] C:\Program Files\Wolfenstein - Enemy Territory
[08/11/2006|17:05] C:\Program Files\xerox
[06/04/2008|09:09] C:\Program Files\XviD
[06/04/2008|09:07] C:\Program Files\XviD(2)
[24/09/2007|18:24] C:\Program Files\Yahoo!
[31/03/2009|20:08] C:\Program Files\Zattoo

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[12/03/2009|18:46] C:\Program Files\Fichiers communs\Adobe
[28/12/2006|21:39] C:\Program Files\Fichiers communs\Agfa
[08/11/2006|17:50] C:\Program Files\Fichiers communs\Ahead
[25/08/2009|12:41] C:\Program Files\Fichiers communs\Apple
[14/03/2009|19:38] C:\Program Files\Fichiers communs\AVSMedia
[19/11/2006|12:28] C:\Program Files\Fichiers communs\Designer
[14/03/2009|19:10] C:\Program Files\Fichiers communs\DVDVideoSoft
[05/11/2008|19:06] C:\Program Files\Fichiers communs\Hewlett-Packard
[23/12/2008|19:31] C:\Program Files\Fichiers communs\HP
[09/04/2007|09:00] C:\Program Files\Fichiers communs\InstallShield
[01/01/2008|13:38] C:\Program Files\Fichiers communs\LightScribe
[08/11/2006|21:13] C:\Program Files\Fichiers communs\Logitech
[06/06/2009|12:54] C:\Program Files\Fichiers communs\Microsoft Shared
[08/11/2006|17:02] C:\Program Files\Fichiers communs\MSSoap
[08/11/2006|17:51] C:\Program Files\Fichiers communs\Nero
[12/08/2007|10:39] C:\Program Files\Fichiers communs\Nullsoft
[08/11/2006|17:53] C:\Program Files\Fichiers communs\ODBC
[28/03/2009|16:46] C:\Program Files\Fichiers communs\Real
[08/11/2006|17:02] C:\Program Files\Fichiers communs\Services
[08/11/2006|17:53] C:\Program Files\Fichiers communs\SpeechEngines
[10/07/2009|18:00] C:\Program Files\Fichiers communs\Symantec Shared
[26/10/2008|13:47] C:\Program Files\Fichiers communs\System
[06/06/2009|12:31] C:\Program Files\Fichiers communs\Windows Live
[06/04/2008|09:04] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[28/03/2009|16:46] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 61 Processes )

iexplore.exe ~ [PID:2264]
iexplore.exe ~ [PID:2436]
iexplore.exe ~ [PID:2992]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\Program Files\Adverts
C:\Program Files\Circle Developement
C:\Program Files\Multi_Media_France
C:\Program Files\Multi_Media_France\INSTALL.LOG
C:\Program Files\Multi_Media_France\tbMul1.dll
C:\Program Files\Multi_Media_France\tbMult.dll
C:\Program Files\Multi_Media_France\toolbar.cfg
C:\Program Files\Multi_Media_France\UNWISE.EXE
C:\Program Files\Multi_Media_France\UNWISE.INI
C:\Program Files\Multi_Media_France
C:\Program Files\Multi_Media_France\INSTALL.LOG
C:\Program Files\Multi_Media_France\tbMul1.dll
C:\Program Files\Multi_Media_France\tbMult.dll
C:\Program Files\Multi_Media_France\toolbar.cfg
C:\Program Files\Multi_Media_France\UNWISE.EXE
C:\Program Files\Multi_Media_France\UNWISE.INI
C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@advertstream[2].txt
C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@advertising[2].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-26 09:09:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 59

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:10][D:2]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
[F:166][D:0]-> C:\DOCUME~1\PROPRI~1\Cookies
[F:1492][D:7]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 26/08/2009| 9:11 - Option : [1]

--------------------\\ Fin du rapport a 9:11:36
Fix Navipromo version 4.0.1 commencé le 26/08/2009 8:47:36,51

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 18.07.2009 à 11h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Propriétaire ( Administrator )
BOOT : Normal boot

Antivirus : AntiVir Desktop 9.0.1.32 (Not Activated)


C:\ (Local Disk) - NTFS - Total:72 Go (Free:24 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)


Recherche executée en mode normal

Nettoyage exécuté au redémarrage de l'ordinateur




Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Propriétaire\locals~1\Temp effectué !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok





*** Scan terminé 26/08/2009 9:02:04,46 ***
Srpski | Македонски | العربية | Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español | English
Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...

Fichier _sendfile.exe.vir reçu le 2009.08.10 22:30:19 (UTC)
Situation actuelle: terminé

Résultat: 7/41 (17.07%)
Formaté Impression des résultats Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.10 -
AhnLab-V3 5.0.0.2 2009.08.10 -
AntiVir 7.9.0.248 2009.08.10 TR/Crypt.CFI.Gen
Antiy-AVL 2.0.3.7 2009.08.10 -
Authentium 5.1.2.4 2009.08.10 W32/Heuristic-210!Eldorado
Avast 4.8.1335.0 2009.08.10 -
AVG 8.5.0.406 2009.08.10 -
BitDefender 7.2 2009.08.11 -
CAT-QuickHeal 10.00 2009.08.10 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.08.10 -
Comodo 1937 2009.08.11 -
DrWeb 5.0.0.12182 2009.08.11 -
eSafe 7.0.17.0 2009.08.10 Suspicious File
eTrust-Vet 31.6.6670 2009.08.10 -
F-Prot 4.4.4.56 2009.08.10 W32/Heuristic-210!Eldorado
F-Secure 8.0.14470.0 2009.08.10 -
Fortinet 3.120.0.0 2009.08.10 -
GData 19 2009.08.10 -
Ikarus T3.1.1.64.0 2009.08.10 -
Jiangmin 11.0.800 2009.08.10 -
K7AntiVirus 7.10.815 2009.08.10 -
Kaspersky 7.0.0.125 2009.08.10 -
McAfee 5705 2009.08.10 -
McAfee+Artemis 5705 2009.08.10 -
McAfee-GW-Edition 6.8.5 2009.08.10 Trojan.Crypt.CFI.Gen
Microsoft 1.4903 2009.08.10 -
NOD32 4323 2009.08.10 -
Norman 6.01.09 2009.08.10 W32/Obfuscated.T2!genr
nProtect 2009.1.8.0 2009.08.10 -
Panda 10.0.0.14 2009.08.10 -
PCTools 4.4.2.0 2009.08.10 -
Prevx 3.0 2009.08.11 -
Rising 21.42.04.00 2009.08.10 -
Sophos 4.44.0 2009.08.10 -
Sunbelt 3.2.1858.2 2009.08.10 -
Symantec 1.4.4.12 2009.08.10 -
TheHacker 6.3.4.3.379 2009.08.10 -
TrendMicro 8.950.0.1094 2009.08.10 -
VBA32 3.12.10.9 2009.08.10 -
ViRobot 2009.8.10.1877 2009.08.10 -
VirusBuster 4.6.5.0 2009.08.10 -
Information additionnelle
File size: 38912 bytes
MD5 : e994660d1b2dd323f6b71c4739cdaa4c
SHA1 : 1e26ad86c9e839294f6aaf23e5534937a86663f5
SHA256: f2ff149501d6e22dd47df76ea6e440e18b6000f3b4dcbbd614b85dc663f0ec05
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xE9CF
timedatestamp.....: 0x45E28EBD (Mon Feb 26 08:39:41 2007)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
text 0x1000 0xD000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
data 0xE000 0x1000 0xC00 7.40 c94313ca9ebb4f21c0efb48d920f6fd0
.rsrc 0xF000 0x9000 0x8800 4.79 7b26a1e2659fb1fbd678f99463cc921a

( 2 imports )

> kernel32.dll: LoadLibraryA, GetProcAddress, ExitProcess
> msvbvm60.dll: -

( 0 exports )

TrID : File type identification
67.9% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
21.8% (.EXE) Win32 Executable Generic (8527/13/3)
5.1% (.EXE) Generic Win/DOS Executable (2002/3)
5.1% (.EXE) DOS Executable Generic (2000/1)
0.0% (.CEL) Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3)
ssdeep: 384:gElCY1LDJFRA2sR30OMmUI9umTi5+GT9nZD2d4Ssyg7DABeFxz6ifgntfrZfnf8r:NLDJFRARhDfTy+uZSdvg7iQxIrhfA
PEiD : UPX-Scrambler RC v1.x
packers (Kaspersky): PE_Patch, UPX
packers (F-Prot): UPXScrambler, UPX
packers (Authentium): UPXScrambler, UPX
RDS : NSRL Reference Data Set
-


ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service
Encore merci pour l'aide.
répondre
Curson le 26 aout 2009 à 22h07
Bonsoir,

Désactive tes logiciels de sécurité durant la procédure.

1) Relance LOP S&D

- Choisir l'Option 2 (Suppression)
- Ne ferme pas la fenêtre lors de la suppression !
- Poste le rapport généré (C:\lopR.txt)


2) Télécharge OTL (de OldTimer) et enregistre-le sur ton Bureau.

- Quitte les applications en cours afin de ne pas interrompre le scan.
- Une fenêtre apparaît. Dans la section Output en haut de cette fenêtre, coche "Minimal Output". Fais de même avec "Scan All Users".
- Coche également les cases à côté de "LOP Check" et "Purity Check".
- Dans la zone Extra Registry, coche "Use Safelist".

Ne modifie pas les autres paramètres !

- Clique sur le bouton Run Scan.
- Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTListIT2 (donc par défaut sur le Bureau).

- Copie/colle ici le contenu des deux fichiers. Utilise un message par rapport.


Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
répondre
flochlo le 27 aout 2009 à 09h27
Bonjour Curson.
Voici le premier rapport.
OTL logfile created on: 27/08/2009 09:15:45 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Propriétaire\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,19 Gb Total Physical Memory | 0,69 Gb Available Physical Memory | 58,58% Memory free
2,06 Gb Paging File | 1,57 Gb Available in Paging File | 76,44% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72,30 Gb Total Space | 24,79 Gb Free Space | 34,29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CARON-B5C5E45A1
Current User Name: Propriétaire
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Pack Securite\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Pack Securite\Common\FSMB32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Pack Securite\Common\FCH32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Pack Securite\Common\FAMEH32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Pack Securite\FSPC\fspc.exe (F-Secure Corporation)
PRC - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe (F-Secure Corporation)
PRC - C:\WINDOWS\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Pack Securite\FSAUA\program\fsus.exe (F-Secure Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Pack Securite\Common\FSM32.EXE (F-Secure Corporation)
PRC - C:\WINDOWS\System32\VTtrayp.exe (S3 Graphics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
PRC - C:\Program Files\Pack Securite\FSGUI\fsguidll.exe (F-Secure Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Propriétaire\Bureau\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (FSAUA [On_Demand | Running]) -- C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe (F-Secure Corporation)
SRV - (FSMA [Auto | Running]) -- C:\Program Files\Pack Securite\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (fsssvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [On_Demand | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (avgntflt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (fssfltr [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (kbfilter [System | Running]) -- C:\WINDOWS\System32\drivers\kbfilter.sys (WayTech Development, Inc.)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\lvusbsta.sys (Logitech Inc.)
DRV - (moufiltr [System | Running]) -- C:\WINDOWS\System32\drivers\moufiltr.sys (Windows (R) 2000 DDK provider)
DRV - (PID_0928 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LV561AV.SYS (Logitech Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (ssmdrv [System | Running]) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (ssm_bus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ssm_bus.sys (MCCI)
DRV - (ssm_mdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ssm_mdfl.sys (MCCI)
DRV - (ssm_mdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ssm_mdm.sys (MCCI)
DRV - (StarOpen [System | Running]) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (viagfx [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\vtmini.sys (Copyright (C) VIA/S3 Graphics Co, Ltd.)
DRV - (VIAudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\viaudios.sys (VIA Technologies, Inc.)
DRV - (Vsp [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\Vsp.sys ()

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-776561741-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-776561741-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-776561741-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-776561741-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-776561741-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
IE - HKU\S-1-5-21-776561741-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-776561741-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-776561741-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 1D 1C 45 99 E6 C9 01 [binary data]
IE - HKU\S-1-5-21-776561741-1659004503-839522115-1003\S-1-5-21-776561741-1659004503-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-776561741-1659004503-839522115-1003\S-1-5-21-776561741-1659004503-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/28 16:46:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/23 18:13:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/24 20:12:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/15 17:17:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/22 16:58:40 | 00,000,000 | ---D | M]

[2008/06/21 18:45:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\mozilla\Extensions
[2008/06/21 18:45:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/25 16:30:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\mozilla\Firefox\Profiles\v48gf9g9.default\extensions
[2008/06/21 18:46:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\mozilla\Firefox\Profiles\v48gf9g9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/12/22 20:00:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\mozilla\Firefox\Profiles\v48gf9g9.default\extensions\feedbar@efinke(2).com
[2008/12/07 14:28:11 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\Mozilla\FireFox\Profiles\v48gf9g9.default\searchplugins\ask.xml
[2008/02/06 22:03:40 | 00,001,825 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\Mozilla\FireFox\Profiles\v48gf9g9.default\searchplugins\live-search.xml
[2009/08/25 16:30:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/09/08 09:39:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/06/09 18:52:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/17 10:37:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/08/24 20:12:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2007/09/08 09:38:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\realplayer@partners.mozilla.com
[2009/06/09 18:52:27 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/09 18:52:27 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/24 20:12:28 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/06/09 18:52:29 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/15 17:19:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/15 17:19:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/15 17:19:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/15 17:19:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/15 17:19:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/15 17:19:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/15 17:19:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/12/25 09:56:45 | 00,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2008/12/25 09:56:45 | 00,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2008/12/25 09:56:45 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/25 09:56:45 | 00,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2008/12/25 09:56:45 | 00,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2008/12/25 09:56:45 | 00,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll (Google Inc.)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-776561741-1659004503-839522115-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-776561741-1659004503-839522115-1003\..\Toolbar\WebBrowser: (Multi Media France Toolbar) - {7009FCD4-05BE-44F4-9583-93FE419AB7B0} - C:\Program Files\Multi_Media_France\tbMul1.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Pack Securite\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTtrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-776561741-1659004503-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-776561741-1659004503-839522115-1003..\Run: [utchonuc] c:\documents and settings\propriétaire\local settings\application data\utchonuc.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-776561741-1659004503-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776561741-1659004503-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-776561741-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-1659004503-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776561741-1659004503-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Pack Securite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Pack Securite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Pack Securite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Pack Securite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-776561741-1659004503-839522115-1003\..Trusted Domains: ca-norddefrance.fr ([www] https in Sites de confiance)
O15 - HKU\S-1-5-21-776561741-1659004503-839522115-1003\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.(...) (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/08 17:04:47 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/08/27 09:12:29 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Propriétaire\Bureau\OTL.exe
[2009/08/26 22:42:01 | 00,000,618 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Bureau\trtr.rtf
[2009/08/26 20:48:43 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/08/26 20:36:16 | 00,000,512 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/26 20:36:07 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/08/26 20:26:27 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/08/26 20:26:25 | 00,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Ad-Aware.lnk
[2009/08/26 19:51:32 | 00,015,838 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Mes documents\PROGRAMMATION FRANCAIS IMPRIMANTE.eml
[2009/08/26 09:06:50 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/08/26 09:06:36 | 00,501,736 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Bureau\LopSD.exe
[2009/08/26 08:45:40 | 00,000,000 | ---D | C] -- C:\Program Files\Navilog1
[2009/08/25 22:52:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Bureau\Bureau
[2009/08/25 22:48:52 | 00,011,884 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Bureau\Aznavour_C_._Allez _vai_ Marseille.zip
[2009/08/25 22:45:02 | 00,000,748 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Bureau\vanBasco's Karaoke Player.lnk
[2009/08/25 22:45:01 | 00,000,000 | ---D | C] -- C:\Program Files\vanBasco's Karaoke Player
[2009/08/25 22:44:28 | 00,884,736 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Bureau\vkaraoke.exe
[2009/08/25 21:35:39 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Bureau\HijackThis.lnk
[2009/08/25 12:59:38 | 00,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Safari.lnk
[2009/08/25 12:59:18 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2009/08/25 12:42:27 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2009/08/25 12:41:58 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/08/25 12:41:52 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/08/24 20:12:43 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/24 20:12:43 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/24 20:12:43 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/24 20:12:43 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/23 18:31:49 | 01,089,883 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/08/23 18:12:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/08/23 18:12:31 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/08/23 18:12:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/08/23 18:12:19 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/08/23 18:11:37 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/08/23 18:11:37 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/08/23 18:11:36 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/08/23 18:11:36 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/08/23 18:11:36 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/08/23 18:11:36 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/08/23 18:11:36 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/08/23 18:11:36 | 00,000,000 | ---D | C] -- C:\3771811755d6746cd407f6839330c953
[2009/08/22 21:30:09 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/22 21:27:12 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/07 17:13:03 | 00,310,885 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Mes documents\Espace Demandeurs d'emploi - site pole-emploi_fr.mht
[2009/08/05 11:00:38 | 00,205,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/07/28 17:46:13 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Propriétaire\Mes documents\Copie de Mes images
[2009/04/27 09:29:59 | 00,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/05/03 23:29:40 | 00,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
[2007/12/25 00:05:41 | 00,299,008 | ---- | C] () -- C:\WINDOWS\System32\LAME_MP3.dll
[2007/12/25 00:02:07 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2007/12/25 00:02:07 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2007/12/25 00:02:04 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2007/12/25 00:02:04 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2007/11/08 21:21:01 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/11/04 17:26:04 | 00,000,018 | ---- | C] () -- C:\WINDOWS\gfact.ini
[2007/11/01 13:06:51 | 00,000,048 | ---- | C] () -- C:\WINDOWS\PacWorld.ini
[2007/10/08 20:56:02 | 00,000,035 | ---- | C] () -- C:\WINDOWS\TZSOFT.INI
[2007/09/15 11:43:46 | 00,001,967 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/05 10:31:32 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/08/05 10:31:32 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/06/28 20:13:24 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2007/06/28 20:13:24 | 00,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2007/06/28 20:11:54 | 00,000,034 | ---- | C] () -- C:\WINDOWS\C_it.ini
[2007/06/16 16:09:25 | 00,000,073 | -HS- | C] () -- C:\WINDOWS\System32\SYSDRV004.SYS
[2007/06/16 16:09:23 | 00,000,061 | ---- | C] () -- C:\WINDOWS\System32\SYSTMBXNDRV.SYS
[2007/05/16 12:44:04 | 00,000,810 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2007/05/13 16:31:41 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/05/13 16:31:41 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/05/13 16:31:41 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/03/31 19:42:18 | 00,000,026 | ---- | C] () -- C:\WINDOWS\WD.INI
[2007/02/10 23:07:30 | 00,002,360 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/11/19 12:30:02 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/09 20:23:39 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/11/08 21:17:07 | 00,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/11/08 19:50:39 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\HKLock.dll
[2006/11/08 19:50:39 | 00,057,344 | ---- | C] () -- C:\WINDOWS\HKLock.dll
[2006/11/08 18:06:13 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2006/11/08 18:04:45 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2006/11/08 18:04:45 | 00,003,351 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsp.sys
[2006/03/02 14:00:00 | 00,000,705 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/03/02 14:00:00 | 00,000,262 | ---- | C] () -- C:\WINDOWS\system.ini
[1999/01/27 14:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/14 12:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/08/27 09:12:39 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Propriétaire\Bureau\OTL.exe
[2009/08/27 09:02:13 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/26 22:42:02 | 00,000,618 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Bureau\trtr.rtf
[2009/08/26 20:41:50 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/26 20:41:42 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/08/26 20:38:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/26 20:38:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/26 20:36:17 | 00,000,512 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/26 20:35:58 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/08/26 20:35:15 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/08/26 20:26:25 | 00,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Ad-Aware.lnk
[2009/08/26 19:51:32 | 00,015,838 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Mes documents\PROGRAMMATION FRANCAIS IMPRIMANTE.eml
[2009/08/26 19:34:02 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2009/08/26 18:38:54 | 00,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A4D7789E-CA6E-4783-9910-B3DD4A483B80}.job
[2009/08/26 09:06:50 | 00,501,736 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Bureau\LopSD.exe
[2009/08/25 22:52:36 | 00,011,884 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Bureau\Aznavour_C_._Allez _vai_ Marseille.zip
[2009/08/25 22:45:02 | 00,000,748 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Bureau\vanBasco's Karaoke Player.lnk
[2009/08/25 22:44:51 | 00,884,736 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Bureau\vkaraoke.exe
[2009/08/25 21:35:39 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Bureau\HijackThis.lnk
[2009/08/25 16:29:38 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Safari.lnk
[2009/08/25 12:42:27 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2009/08/25 11:49:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/24 20:12:27 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/24 20:12:27 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/24 20:12:27 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/24 20:12:27 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/24 20:12:26 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/08/23 18:28:26 | 00,026,016 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/23 18:28:11 | 00,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/23 18:17:31 | 01,228,572 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/23 18:17:31 | 00,578,928 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/08/23 18:17:31 | 00,502,032 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/23 18:17:31 | 00,096,150 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/08/23 18:17:31 | 00,080,630 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/23 17:59:59 | 00,000,422 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Propriétaire.job
[2009/08/22 22:10:57 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/08/07 17:13:04 | 00,310,885 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Mes documents\Espace Demandeurs d'emploi - site pole-emploi_fr.mht
[2009/08/05 11:00:38 | 00,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 11:00:38 | 00,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/30 02:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/29 17:34:35 | 00,138,752 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2006/11/08 17:53:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrateur\Application Data
[2009/08/26 20:26:27 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/08/26 20:26:27 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/06/15 17:52:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/01/17 09:51:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2006/11/08 17:50:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2007/08/05 10:33:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2008/12/07 13:47:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2007/12/29 12:17:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2008/01/06 13:29:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2009/07/26 10:17:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/06/01 20:13:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/12/22 19:58:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2008/01/03 23:43:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tonstickcakebias
[2006/11/08 20:48:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2009/06/06 12:54:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
[2009/07/08 17:24:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2006/11/08 17:53:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2006/11/08 17:10:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2009/04/27 09:31:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2006/11/08 17:08:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2009/08/26 19:59:47 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data
[2009/08/26 20:09:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\AdSigner
[2007/05/29 16:36:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Ahead
[2009/08/26 20:09:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\aMule
[2007/08/05 10:33:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\AVS4YOU
[2009/05/17 18:44:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Azureus
[2006/11/08 21:45:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\CyberLink
[2008/01/01 12:19:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\DataCast
[2008/01/01 12:20:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\F-Secure
[2008/04/06 09:12:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\IE7Pro
[2007/07/29 09:40:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\IMVU
[2009/07/26 10:17:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\iolo
[2009/06/10 15:46:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Kptic
[2006/11/09 21:30:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Leadertech
[2009/05/17 18:44:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\LimeWire
[2009/06/20 21:14:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Samsung
[2007/06/11 17:09:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Screenshot Sender
[2008/06/23 17:22:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\TaoUSign
[2008/01/03 23:43:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Xfire
[2009/08/26 20:36:17 | 00,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/08/25 11:49:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2006/03/02 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/26 20:41:42 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/08/23 17:59:59 | 00,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\Norton Security Scan for Propriétaire.job
[2009/08/26 20:38:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/08/26 18:38:54 | 00,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A4D7789E-CA6E-4783-9910-B3DD4A483B80}.job

========== Purity Check ==========


< End of report >
répondre
flochlo le 27 aout 2009 à 09h27
Bonjour Curson.
Voici le premier rapport.
OTL logfile created on: 27/08/2009 09:15:45 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Propriétaire\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,19 Gb Total Physical Memory | 0,69 Gb Available Physical Memory | 58,58% Memory free
2,06 Gb Paging File | 1,57 Gb Available in Paging File | 76,44% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72,30 Gb Total Space | 24,79 Gb Free Space | 34,29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CARON-B5C5E45A1
Current User Name: Propriétaire
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Pack Securite\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Pack Securite\Common\FSMB32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Pack Securite\Common\FCH32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Pack Securite\Common\FAMEH32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Pack Securite\FSPC\fspc.exe (F-Secure Corporation)
PRC - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe (F-Secure Corporation)
PRC - C:\WINDOWS\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Pack Securite\FSAUA\program\fsus.exe (F-Secure Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Pack Securite\Common\FSM32.EXE (F-Secure Corporation)
PRC - C:\WINDOWS\System32\VTtrayp.exe (S3 Graphics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
PRC - C:\Program Files\Pack Securite\FSGUI\fsguidll.exe (F-Secure Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Propriétaire\Bureau\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (FSAUA [On_Demand | Running]) -- C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe (F-Secure Corporation)
SRV - (FSMA [Auto | Running]) -- C:\Program Files\Pack Securite\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (fsssvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [On_Demand | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (avgntflt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (fssfltr [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (kbfilter [System | Running]) -- C:\WINDOWS\System32\drivers\kbfilter.sys (WayTech Development, Inc.)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\lvusbsta.sys (Logitech Inc.)
DRV - (moufiltr [System | Running]) -- C:\WINDOWS\System32\drivers\moufiltr.sys (Windows (R) 2000 DDK provider)
DRV - (PID_0928 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LV561AV.SYS (Logitech Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (ssmdrv [System | Running]) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (ssm_bus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ssm_bus.sys (MCCI)
DRV - (ssm_mdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ssm_mdfl.sys (MCCI)
DRV - (ssm_mdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ssm_mdm.sys (MCCI)
DRV - (StarOpen [System | Running]) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (viagfx [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\vtmini.sys (Copyright (C) VIA/S3 Graphics Co, Ltd.)
DRV - (VIAudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\viaudios.sys (VIA Technologies, Inc.)
DRV - (Vsp [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\Vsp.sys ()

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-776561741-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-776561741-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-776561741-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-776561741-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-776561741-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
IE - HKU\S-1-5-21-776561741-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-776561741-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-776561741-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 1D 1C 45 99 E6 C9 01 [binary data]
IE - HKU\S-1-5-21-776561741-1659004503-839522115-1003\S-1-5-21-776561741-1659004503-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-776561741-1659004503-839522115-1003\S-1-5-21-776561741-1659004503-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/28 16:46:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/23 18:13:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/24 20:12:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/15 17:17:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/22 16:58:40 | 00,000,000 | ---D | M]

[2008/06/21 18:45:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\mozilla\Extensions
[2008/06/21 18:45:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/25 16:30:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\mozilla\Firefox\Profiles\v48gf9g9.default\extensions
[2008/06/21 18:46:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\mozilla\Firefox\Profiles\v48gf9g9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/12/22 20:00:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\mozilla\Firefox\Profiles\v48gf9g9.default\extensions\feedbar@efinke(2).com
[2008/12/07 14:28:11 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\Mozilla\FireFox\Profiles\v48gf9g9.default\searchplugins\ask.xml
[2008/02/06 22:03:40 | 00,001,825 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\Mozilla\FireFox\Profiles\v48gf9g9.default\searchplugins\live-search.xml
[2009/08/25 16:30:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/09/08 09:39:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/06/09 18:52:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/17 10:37:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/08/24 20:12:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2007/09/08 09:38:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\realplayer@partners.mozilla.com
[2009/06/09 18:52:27 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/09 18:52:27 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/24 20:12:28 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/06/09 18:52:29 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/15 17:19:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/15 17:19:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/15 17:19:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/15 17:19:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/15 17:19:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/15 17:19:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/15 17:19:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/12/25 09:56:45 | 00,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2008/12/25 09:56:45 | 00,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2008/12/25 09:56:45 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/25 09:56:45 | 00,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2008/12/25 09:56:45 | 00,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2008/12/25 09:56:45 | 00,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll (Google Inc.)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-776561741-1659004503-839522115-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-776561741-1659004503-839522115-1003\..\Toolbar\WebBrowser: (Multi Media France Toolbar) - {7009FCD4-05BE-44F4-9583-93FE419AB7B0} - C:\Program Files\Multi_Media_France\tbMul1.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Pack Securite\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTtrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-776561741-1659004503-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-776561741-1659004503-839522115-1003..\Run: [utchonuc] c:\documents and settings\propriétaire\local settings\application data\utchonuc.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-776561741-1659004503-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776561741-1659004503-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-776561741-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-1659004503-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776561741-1659004503-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Pack Securite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Pack Securite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Pack Securite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Pack Securite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-776561741-1659004503-839522115-1003\..Trusted Domains: ca-norddefrance.fr ([www] https in Sites de confiance)
O15 - HKU\S-1-5-21-776561741-1659004503-839522115-1003\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.(...) (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/08 17:04:47 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/08/27 09:12:29 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Propriétaire\Bureau\OTL.exe
[2009/08/26 22:42:01 | 00,000,618 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Bureau\trtr.rtf
[2009/08/26 20:48:43 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/08/26 20:36:16 | 00,000,512 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/26 20:36:07 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/08/26 20:26:27 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/08/26 20:26:25 | 00,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Ad-Aware.lnk
[2009/08/26 19:51:32 | 00,015,838 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Mes documents\PROGRAMMATION FRANCAIS IMPRIMANTE.eml
[2009/08/26 09:06:50 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/08/26 09:06:36 | 00,501,736 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Bureau\LopSD.exe
[2009/08/26 08:45:40 | 00,000,000 | ---D | C] -- C:\Program Files\Navilog1
[2009/08/25 22:52:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Bureau\Bureau
[2009/08/25 22:48:52 | 00,011,884 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Bureau\Aznavour_C_._Allez _vai_ Marseille.zip
[2009/08/25 22:45:02 | 00,000,748 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Bureau\vanBasco's Karaoke Player.lnk
[2009/08/25 22:45:01 | 00,000,000 | ---D | C] -- C:\Program Files\vanBasco's Karaoke Player
[2009/08/25 22:44:28 | 00,884,736 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Bureau\vkaraoke.exe
[2009/08/25 21:35:39 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Bureau\HijackThis.lnk
[2009/08/25 12:59:38 | 00,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Safari.lnk
[2009/08/25 12:59:18 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2009/08/25 12:42:27 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2009/08/25 12:41:58 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/08/25 12:41:52 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/08/24 20:12:43 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/24 20:12:43 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/24 20:12:43 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/24 20:12:43 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/23 18:31:49 | 01,089,883 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/08/23 18:12:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/08/23 18:12:31 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/08/23 18:12:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/08/23 18:12:19 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/08/23 18:11:37 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/08/23 18:11:37 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/08/23 18:11:36 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/08/23 18:11:36 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/08/23 18:11:36 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/08/23 18:11:36 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/08/23 18:11:36 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/08/23 18:11:36 | 00,000,000 | ---D | C] -- C:\3771811755d6746cd407f6839330c953
[2009/08/22 21:30:09 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/22 21:27:12 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/07 17:13:03 | 00,310,885 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Mes documents\Espace Demandeurs d'emploi - site pole-emploi_fr.mht
[2009/08/05 11:00:38 | 00,205,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/07/28 17:46:13 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Propriétaire\Mes documents\Copie de Mes images
[2009/04/27 09:29:59 | 00,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/05/03 23:29:40 | 00,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
[2007/12/25 00:05:41 | 00,299,008 | ---- | C] () -- C:\WINDOWS\System32\LAME_MP3.dll
[2007/12/25 00:02:07 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2007/12/25 00:02:07 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2007/12/25 00:02:04 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2007/12/25 00:02:04 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2007/11/08 21:21:01 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/11/04 17:26:04 | 00,000,018 | ---- | C] () -- C:\WINDOWS\gfact.ini
[2007/11/01 13:06:51 | 00,000,048 | ---- | C] () -- C:\WINDOWS\PacWorld.ini
[2007/10/08 20:56:02 | 00,000,035 | ---- | C] () -- C:\WINDOWS\TZSOFT.INI
[2007/09/15 11:43:46 | 00,001,967 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/05 10:31:32 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/08/05 10:31:32 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/06/28 20:13:24 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2007/06/28 20:13:24 | 00,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2007/06/28 20:11:54 | 00,000,034 | ---- | C] () -- C:\WINDOWS\C_it.ini
[2007/06/16 16:09:25 | 00,000,073 | -HS- | C] () -- C:\WINDOWS\System32\SYSDRV004.SYS
[2007/06/16 16:09:23 | 00,000,061 | ---- | C] () -- C:\WINDOWS\System32\SYSTMBXNDRV.SYS
[2007/05/16 12:44:04 | 00,000,810 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2007/05/13 16:31:41 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/05/13 16:31:41 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/05/13 16:31:41 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/03/31 19:42:18 | 00,000,026 | ---- | C] () -- C:\WINDOWS\WD.INI
[2007/02/10 23:07:30 | 00,002,360 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/11/19 12:30:02 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/09 20:23:39 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/11/08 21:17:07 | 00,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/11/08 19:50:39 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\HKLock.dll
[2006/11/08 19:50:39 | 00,057,344 | ---- | C] () -- C:\WINDOWS\HKLock.dll
[2006/11/08 18:06:13 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2006/11/08 18:04:45 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2006/11/08 18:04:45 | 00,003,351 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsp.sys
[2006/03/02 14:00:00 | 00,000,705 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/03/02 14:00:00 | 00,000,262 | ---- | C] () -- C:\WINDOWS\system.ini
[1999/01/27 14:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/14 12:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/08/27 09:12:39 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Propriétaire\Bureau\OTL.exe
[2009/08/27 09:02:13 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/26 22:42:02 | 00,000,618 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Bureau\trtr.rtf
[2009/08/26 20:41:50 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/26 20:41:42 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/08/26 20:38:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/26 20:38:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/26 20:36:17 | 00,000,512 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/26 20:35:58 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/08/26 20:35:15 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/08/26 20:26:25 | 00,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Ad-Aware.lnk
[2009/08/26 19:51:32 | 00,015,838 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Mes documents\PROGRAMMATION FRANCAIS IMPRIMANTE.eml
[2009/08/26 19:34:02 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2009/08/26 18:38:54 | 00,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A4D7789E-CA6E-4783-9910-B3DD4A483B80}.job
[2009/08/26 09:06:50 | 00,501,736 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Bureau\LopSD.exe
[2009/08/25 22:52:36 | 00,011,884 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Bureau\Aznavour_C_._Allez _vai_ Marseille.zip
[2009/08/25 22:45:02 | 00,000,748 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Bureau\vanBasco's Karaoke Player.lnk
[2009/08/25 22:44:51 | 00,884,736 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Bureau\vkaraoke.exe
[2009/08/25 21:35:39 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Bureau\HijackThis.lnk
[2009/08/25 16:29:38 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Safari.lnk
[2009/08/25 12:42:27 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2009/08/25 11:49:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/24 20:12:27 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/24 20:12:27 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/24 20:12:27 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/24 20:12:27 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/24 20:12:26 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/08/23 18:28:26 | 00,026,016 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/23 18:28:11 | 00,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/23 18:17:31 | 01,228,572 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/23 18:17:31 | 00,578,928 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/08/23 18:17:31 | 00,502,032 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/23 18:17:31 | 00,096,150 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/08/23 18:17:31 | 00,080,630 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/23 17:59:59 | 00,000,422 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Propriétaire.job
[2009/08/22 22:10:57 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/08/07 17:13:04 | 00,310,885 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Mes documents\Espace Demandeurs d'emploi - site pole-emploi_fr.mht
[2009/08/05 11:00:38 | 00,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 11:00:38 | 00,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/30 02:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/29 17:34:35 | 00,138,752 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2006/11/08 17:53:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrateur\Application Data
[2009/08/26 20:26:27 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/08/26 20:26:27 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/06/15 17:52:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/01/17 09:51:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2006/11/08 17:50:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2007/08/05 10:33:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2008/12/07 13:47:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2007/12/29 12:17:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2008/01/06 13:29:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2009/07/26 10:17:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/06/01 20:13:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/12/22 19:58:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2008/01/03 23:43:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tonstickcakebias
[2006/11/08 20:48:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2009/06/06 12:54:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
[2009/07/08 17:24:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2006/11/08 17:53:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2006/11/08 17:10:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2009/04/27 09:31:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2006/11/08 17:08:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2009/08/26 19:59:47 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data
[2009/08/26 20:09:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\AdSigner
[2007/05/29 16:36:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Ahead
[2009/08/26 20:09:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\aMule
[2007/08/05 10:33:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\AVS4YOU
[2009/05/17 18:44:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Azureus
[2006/11/08 21:45:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\CyberLink
[2008/01/01 12:19:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\DataCast
[2008/01/01 12:20:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\F-Secure
[2008/04/06 09:12:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\IE7Pro
[2007/07/29 09:40:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\IMVU
[2009/07/26 10:17:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\iolo
[2009/06/10 15:46:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Kptic
[2006/11/09 21:30:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Leadertech
[2009/05/17 18:44:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\LimeWire
[2009/06/20 21:14:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Samsung
[2007/06/11 17:09:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Screenshot Sender
[2008/06/23 17:22:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\TaoUSign
[2008/01/03 23:43:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Xfire
[2009/08/26 20:36:17 | 00,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/08/25 11:49:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2006/03/02 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/26 20:41:42 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/08/23 17:59:59 | 00,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\Norton Security Scan for Propriétaire.job
[2009/08/26 20:38:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/08/26 18:38:54 | 00,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A4D7789E-CA6E-4783-9910-B3DD4A483B80}.job

========== Purity Check ==========


< End of report >
répondre
flochlo le 27 aout 2009 à 09h29
Voici le second,Bon courage!

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Not Activated)
C:\ (Local Disk) - NTFS - Total:72 Go (Free:24 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 27/08/2009| 9:02 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\Program Files\Multi_Media_France\INSTALL.LOG
Supprime! - C:\Program Files\Multi_Media_France\tbMul1.dll
Supprime! - C:\Program Files\Multi_Media_France\tbMult.dll
Supprime! - C:\Program Files\Multi_Media_France\toolbar.cfg
Supprime! - C:\Program Files\Multi_Media_France\UNWISE.EXE
Supprime! - C:\Program Files\Multi_Media_France\UNWISE.INI
Supprime! - C:\Program Files\Adverts
Supprime! - C:\Program Files\Circle Developement
Supprime! - C:\Program Files\Multi_Media_France
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[12/04/2008|09:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[26/08/2009|20:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{83C91755-2546-441D-AC40-9A6B4B860800}
[15/06/2009|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[17/01/2009|09:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[12/03/2009|18:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/11/2006|17:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[10/07/2008|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[15/06/2009|17:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[19/05/2009|09:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[05/08/2007|10:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[07/12/2008|13:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[29/12/2007|12:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
[06/01/2008|13:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
[18/05/2009|08:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[28/09/2007|18:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[22/12/2008|21:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[25/01/2009|17:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[24/12/2008|14:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
[05/11/2008|23:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HPSSUPPLY
[26/07/2009|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\iolo
[27/10/2008|19:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[01/06/2008|20:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[12/07/2008|08:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[30/09/2007|12:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
[22/12/2008|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[06/06/2009|18:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[22/12/2008|20:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[11/02/2009|12:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[03/01/2008|23:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tonstickcakebias
[05/11/2008|19:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WEBREG
[08/12/2006|20:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[08/11/2006|20:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[06/06/2009|12:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[08/07/2009|17:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
[01/03/2008|16:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[12/08/2007|15:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[27/04/2009|09:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\iolo
[19/12/2006|18:56] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[04/04/2007|10:24] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[05/05/2008|17:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\Adobe
[18/01/2007|21:25] C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeUM
[26/08/2009|20:09] C:\DOCUME~1\PROPRI~1\APPLIC~1\AdSigner
[29/05/2007|16:36] C:\DOCUME~1\PROPRI~1\APPLIC~1\Ahead
[26/08/2009|20:09] C:\DOCUME~1\PROPRI~1\APPLIC~1\aMule
[25/08/2009|16:29] C:\DOCUME~1\PROPRI~1\APPLIC~1\Apple Computer
[05/08/2007|10:33] C:\DOCUME~1\PROPRI~1\APPLIC~1\AVS4YOU
[17/05/2009|18:44] C:\DOCUME~1\PROPRI~1\APPLIC~1\Azureus
[08/11/2006|21:45] C:\DOCUME~1\PROPRI~1\APPLIC~1\CyberLink
[01/01/2008|12:19] C:\DOCUME~1\PROPRI~1\APPLIC~1\DataCast
[06/04/2008|09:03] C:\DOCUME~1\PROPRI~1\APPLIC~1\DivX
[01/01/2008|12:20] C:\DOCUME~1\PROPRI~1\APPLIC~1\F-Secure
[16/09/2007|19:50] C:\DOCUME~1\PROPRI~1\APPLIC~1\Google
[17/01/2007|18:57] C:\DOCUME~1\PROPRI~1\APPLIC~1\Help
[25/01/2009|17:47] C:\DOCUME~1\PROPRI~1\APPLIC~1\HP
[20/03/2009|20:46] C:\DOCUME~1\PROPRI~1\APPLIC~1\HPAppData
[08/11/2006|17:10] C:\DOCUME~1\PROPRI~1\APPLIC~1\Identities
[06/04/2008|09:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\IE7Pro
[29/07/2007|09:40] C:\DOCUME~1\PROPRI~1\APPLIC~1\IMVU
[01/01/2008|12:19] C:\DOCUME~1\PROPRI~1\APPLIC~1\InstallShield
[26/07/2009|10:17] C:\DOCUME~1\PROPRI~1\APPLIC~1\iolo
[10/06/2009|15:46] C:\DOCUME~1\PROPRI~1\APPLIC~1\Kptic
[06/04/2008|09:10] C:\DOCUME~1\PROPRI~1\APPLIC~1\Lavasoft
[09/11/2006|21:30] C:\DOCUME~1\PROPRI~1\APPLIC~1\Leadertech
[17/05/2009|18:44] C:\DOCUME~1\PROPRI~1\APPLIC~1\LimeWire
[17/01/2009|14:00] C:\DOCUME~1\PROPRI~1\APPLIC~1\Macromedia
[12/07/2008|08:52] C:\DOCUME~1\PROPRI~1\APPLIC~1\Malwarebytes
[10/06/2009|15:40] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft
[21/06/2008|18:45] C:\DOCUME~1\PROPRI~1\APPLIC~1\Mozilla
[08/09/2007|09:44] C:\DOCUME~1\PROPRI~1\APPLIC~1\Real
[20/06/2009|21:14] C:\DOCUME~1\PROPRI~1\APPLIC~1\Samsung
[11/06/2007|17:09] C:\DOCUME~1\PROPRI~1\APPLIC~1\Screenshot Sender
[06/02/2007|19:21] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sun
[23/06/2008|17:22] C:\DOCUME~1\PROPRI~1\APPLIC~1\TaoUSign
[02/01/2007|18:20] C:\DOCUME~1\PROPRI~1\APPLIC~1\vlc
[03/01/2008|23:43] C:\DOCUME~1\PROPRI~1\APPLIC~1\Xfire

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[26/08/2009 20:36][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[23/08/2009 17:59][--a------] C:\WINDOWS\tasks\Norton Security Scan for Propriétaire.job
[25/08/2009 11:49][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[26/08/2009 18:38][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{A4D7789E-CA6E-4783-9910-B3DD4A483B80}.job
[26/08/2009 20:41][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[26/08/2009 20:38][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 14:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[17/01/2009|13:55] C:\Program Files\Adobe
[17/01/2007|19:05] C:\Program Files\Agfa
[08/11/2006|17:53] C:\Program Files\Ahead
[04/11/2007|17:43] C:\Program Files\Alawar
[06/04/2008|09:27] C:\Program Files\Alwil Software
[15/06/2009|17:53] C:\Program Files\Apple Software Update
[25/05/2009|18:12] C:\Program Files\Ask Search Assistant
[08/11/2006|17:59] C:\Program Files\ASUSTeK
[10/06/2009|15:17] C:\Program Files\AVIConverter
[19/05/2009|09:32] C:\Program Files\Avira
[06/04/2008|09:09] C:\Program Files\AviSynth 2.5
[14/03/2009|19:39] C:\Program Files\AVS4YOU
[06/04/2008|09:12] C:\Program Files\AxySnake
[06/04/2008|09:09] C:\Program Files\Boonty
[14/08/2008|13:25] C:\Program Files\Borland
[09/04/2007|09:01] C:\Program Files\Canon
[06/04/2008|09:01] C:\Program Files\CCleaner
[17/05/2009|18:44] C:\Program Files\Championship Manager 3
[26/10/2008|13:45] C:\Program Files\Collège Multimédia
[08/11/2006|17:01] C:\Program Files\ComPlus Applications
[04/11/2007|17:31] C:\Program Files\DemonStarSM2_Shareware
[10/02/2007|23:07] C:\Program Files\Disney Interactive
[26/08/2009|20:00] C:\Program Files\Dofus
[26/08/2009|20:02] C:\Program Files\DVDVideoSoft
[22/12/2008|19:59] C:\Program Files\DVDVideoSoft(2)
[01/04/2007|13:32] C:\Program Files\EA GAMES
[26/08/2009|23:08] C:\Program Files\eMule
[26/03/2007|19:50] C:\Program Files\Ensemble clavier et souris sans fil Labtec
[15/06/2009|17:50] C:\Program Files\Fichiers communs
[04/11/2007|17:33] C:\Program Files\GameSpy Arcade
[18/05/2009|08:46] C:\Program Files\Google
[26/10/2008|13:46] C:\Program Files\Guitar Pro 5
[28/01/2009|22:03] C:\Program Files\Hasbro Interactive
[08/11/2006|22:40] C:\Program Files\Hewlett-Packard
[23/12/2008|20:45] C:\Program Files\HP
[08/11/2006|22:42] C:\Program Files\hp deskjet 845c series
[06/04/2008|09:12] C:\Program Files\IE7Pro
[29/07/2007|09:41] C:\Program Files\IMVU
[18/05/2009|08:53] C:\Program Files\Infogrames
[17/05/2009|18:38] C:\Program Files\InstallShield Installation Information
[23/08/2009|18:08] C:\Program Files\Internet Explorer
[25/08/2009|12:41] C:\Program Files\iPod
[25/08/2009|12:42] C:\Program Files\iTunes
[10/04/2009|08:56] C:\Program Files\Java
[01/01/2008|12:19] C:\Program Files\Lame MP3 Codec
[25/12/2008|10:13] C:\Program Files\Lavalys
[27/10/2008|19:16] C:\Program Files\Lavasoft
[30/09/2007|10:41] C:\Program Files\Logitech
[04/08/2007|12:23] C:\Program Files\LudoRace
[25/08/2009|20:17] C:\Program Files\Malwarebytes' Anti-Malware
[25/12/2007|00:02] C:\Program Files\MarkAny
[06/04/2008|09:09] C:\Program Files\MediaInfo
[26/10/2008|13:50] C:\Program Files\Messenger
[25/05/2009|18:12] C:\Program Files\Messenger Plus! Live
[06/01/2007|13:01] C:\Program Files\Micro Application
[06/06/2009|12:59] C:\Program Files\Microsoft
[09/05/2007|15:28] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[08/11/2006|17:05] C:\Program Files\microsoft frontpage
[20/04/2008|20:40] C:\Program Files\Microsoft Games
[18/01/2009|21:12] C:\Program Files\Microsoft Office
[01/08/2009|11:06] C:\Program Files\Microsoft Silverlight
[06/06/2009|12:57] C:\Program Files\Microsoft SQL Server Compact Edition
[06/06/2009|12:58] C:\Program Files\Microsoft Sync Framework
[11/05/2009|17:59] C:\Program Files\Mio Technology
[26/10/2008|13:49] C:\Program Files\Movie Maker
[26/08/2009|20:09] C:\Program Files\Mozilla Firefox
[23/08/2009|18:12] C:\Program Files\MSBuild
[18/01/2009|21:12] C:\Program Files\MSECache
[14/11/2006|21:53] C:\Program Files\MSN
[08/11/2006|17:00] C:\Program Files\MSN Gaming Zone
[06/04/2008|09:09] C:\Program Files\MSXML 4.0
[22/12/2008|19:58] C:\Program Files\MyFree Codec
[26/08/2009|09:02] C:\Program Files\Navilog1
[10/06/2009|17:38] C:\Program Files\Neonumeric
[22/12/2008|19:58] C:\Program Files\Netlog 24
[26/10/2008|13:47] C:\Program Files\NetMeeting
[10/07/2009|18:00] C:\Program Files\Norton Security Scan
[11/08/2007|10:22] C:\Program Files\Oct2005_xinput_x64
[08/11/2006|17:00] C:\Program Files\Online Services
[23/08/2009|18:05] C:\Program Files\Outlook Express
[28/10/2008|18:34] C:\Program Files\Pack Securite
[06/04/2008|09:02] C:\Program Files\Philips
[15/06/2009|17:19] C:\Program Files\QuickTime
[08/09/2007|09:38] C:\Program Files\Real
[06/04/2008|09:09] C:\Program Files\Realore
[23/08/2009|18:12] C:\Program Files\Reference Assemblies
[30/12/2007|10:59] C:\Program Files\RegCleaner
[03/08/2007|15:58] C:\Program Files\Return to Castle Wolfenstein
[08/11/2006|18:02] C:\Program Files\S3Inc
[25/08/2009|12:59] C:\Program Files\Safari
[25/12/2007|00:02] C:\Program Files\Samsung
[08/11/2006|17:03] C:\Program Files\Services en ligne
[14/01/2009|18:45] C:\Program Files\SFR
[28/12/2008|12:38] C:\Program Files\Spybot - Search & Destroy
[15/04/2008|20:21] C:\Program Files\Sun
[06/04/2008|09:12] C:\Program Files\Superball Arcade Demo
[17/05/2009|18:38] C:\Program Files\ToniArts
[25/08/2009|21:35] C:\Program Files\Trend Micro
[08/11/2006|17:10] C:\Program Files\Uninstall Information
[25/08/2009|22:45] C:\Program Files\vanBasco's Karaoke Player
[08/11/2006|18:04] C:\Program Files\VIA Technologies, Inc
[02/01/2007|18:12] C:\Program Files\VideoLAN
[06/04/2008|09:09] C:\Program Files\WinASPI
[09/11/2007|18:48] C:\Program Files\WinAVI MP4 Converter
[01/01/2008|13:51] C:\Program Files\Windows Defender
[06/06/2009|12:59] C:\Program Files\Windows Live
[27/06/2008|18:07] C:\Program Files\Windows Live Safety Center
[06/06/2009|12:54] C:\Program Files\Windows Live SkyDrive
[13/04/2008|23:09] C:\Program Files\Windows Live Toolbar
[18/12/2006|22:19] C:\Program Files\Windows Media Connect 2
[26/10/2008|13:47] C:\Program Files\Windows Media Player
[26/10/2008|13:47] C:\Program Files\Windows NT
[08/11/2006|17:03] C:\Program Files\WindowsUpdate
[06/04/2008|09:00] C:\Program Files\WinRAR
[08/07/2009|17:23] C:\Program Files\WinZip
[02/01/2007|15:55] C:\Program Files\Wolfenstein - Enemy Territory
[08/11/2006|17:05] C:\Program Files\xerox
[06/04/2008|09:09] C:\Program Files\XviD
[06/04/2008|09:07] C:\Program Files\XviD(2)
[24/09/2007|18:24] C:\Program Files\Yahoo!
[31/03/2009|20:08] C:\Program Files\Zattoo

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[12/03/2009|18:46] C:\Program Files\Fichiers communs\Adobe
[28/12/2006|21:39] C:\Program Files\Fichiers communs\Agfa
[08/11/2006|17:50] C:\Program Files\Fichiers communs\Ahead
[25/08/2009|12:41] C:\Program Files\Fichiers communs\Apple
[14/03/2009|19:38] C:\Program Files\Fichiers communs\AVSMedia
[19/11/2006|12:28] C:\Program Files\Fichiers communs\Designer
[26/08/2009|20:01] C:\Program Files\Fichiers communs\DVDVideoSoft
[05/11/2008|19:06] C:\Program Files\Fichiers communs\Hewlett-Packard
[23/12/2008|19:31] C:\Program Files\Fichiers communs\HP
[09/04/2007|09:00] C:\Program Files\Fichiers communs\InstallShield
[01/01/2008|13:38] C:\Program Files\Fichiers communs\LightScribe
[08/11/2006|21:13] C:\Program Files\Fichiers communs\Logitech
[06/06/2009|12:54] C:\Program Files\Fichiers communs\Microsoft Shared
[08/11/2006|17:02] C:\Program Files\Fichiers communs\MSSoap
[08/11/2006|17:51] C:\Program Files\Fichiers communs\Nero
[12/08/2007|10:39] C:\Program Files\Fichiers communs\Nullsoft
[08/11/2006|17:53] C:\Program Files\Fichiers communs\ODBC
[28/03/2009|16:46] C:\Program Files\Fichiers communs\Real
[08/11/2006|17:02] C:\Program Files\Fichiers communs\Services
[08/11/2006|17:53] C:\Program Files\Fichiers communs\SpeechEngines
[10/07/2009|18:00] C:\Program Files\Fichiers communs\Symantec Shared
[26/10/2008|13:47] C:\Program Files\Fichiers communs\System
[06/06/2009|12:31] C:\Program Files\Fichiers communs\Windows Live
[06/04/2008|09:04] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[28/03/2009|16:46] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 58 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@advertising[1].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-27 09:03:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 59

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:41][D:5]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
[F:74][D:0]-> C:\DOCUME~1\PROPRI~1\Cookies
[F:1308][D:4]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 26/08/2009| 9:11 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 27/08/2009| 9:06 - Option : [2]

--------------------\\ Fin du rapport a 9:06:07
répondre
Curson le 27 aout 2009 à 18h26
Bonsoir,

Tu as posté deux fois le rapport OTL.txt.
Poste le rapport Extras.txt.

Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
répondre
flochlo le 27 aout 2009 à 20h12
Mes excuses je ne devais pas être bien reveillé
OTL Extras logfile created on: 27/08/2009 09:15:46 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Propriétaire\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,19 Gb Total Physical Memory | 0,69 Gb Available Physical Memory | 58,58% Memory free
2,06 Gb Paging File | 1,57 Gb Available in Paging File | 76,44% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72,30 Gb Total Space | 24,79 Gb Free Space | 34,29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CARON-B5C5E45A1
Current User Name: Propriétaire
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-776561741-1659004503-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\aMule\amule.exe" = C:\Program Files\aMule\amule.exe:*:Enabled:All-Platform P2P Client Based on eMule -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{059C042E-796A-4ACC-A81A-ECC2010BB78C}" = Windows Live Messenger
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1C614BDA-3920-11D7-B5C5-00C04F4351FF}" = Aladdin
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2231CE39-B963-4B9D-823A-F412ECA637B1}" = Windows Live Writer
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3A2AF807-9F9F-43C9-A24A-17B617238B74}" = OpenOffice.org Installer 1.0
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4126406B-F755-45D6-91A3-8A46582EDF3C}" = Samsung PC Studio 3
"{44E54A81-9D91-4AA1-9417-80AFF134F5FF}" = Galerie de photos Windows Live
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{577B1B8C-ADB1-11D5-9C7E-0003476D4878}" = Action Man Destruction X (mini-game)
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{63DC2DA0-2A6C-4C38-9249-B75395458657}" = Windows Live Mail
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7370DF47-B4F9-4279-BFC3-3F09919F720D}" = Installation Windows Live
"{7617FC2E-EA1B-4F07-A0F5-5D5F437CB32D}" = MioMore Desktop 2008
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8D2B09E2-6B04-4960-B780-4B0CE90780EE}" = LightScribe 1.4.39.1
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-040C-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9028040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional avec FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}" = Windows Live Sync
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A369B607-5BAF-4AB3-B18A-1017ED19902D}" = Ensemble clavier et souris sans fil Labtec
"{A4CBCF09-0C7E-40AA-0080-34B8A5CFE7FA}" = Harry Potter et le prisonnier d'Azkaban(TM)
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1036-7B44-A91000000001}" = Adobe Reader 9.1.3 - Français
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logiciel QuickCam de Logitech
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D6A2DDE3-9D7C-412C-932A-756580D29919}" = Windows Live Contrôle parental
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F27FC2F5-09E0-447E-B5CF-3F1F51DEC082}" = Kptic
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"102 Dalmatians Puppies to the Rescue" = Disney 102 Dalmatiens à la rescousse
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires 2.0" = Microsoft Age of Empires II
"Agfa ScanWise 1.50" = Agfa ScanWise 1.50
"Agfa ScanWise 2.00" = Agfa ScanWise 2.00
"AVIConverter" = AVIConverter 2.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner (remove only)
"Championship Manager 3" = Championship Manager 3
"Collège Multimédia" = Collège Multimédia
"DemonStar SM2 (Shareware Version)_is1" = DemonStar SM2-Shareware
"eMule" = eMule
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"GameSpy Arcade" = GameSpy Arcade
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Halo" = Microsoft Halo
"HijackThis" = HijackThis 2.0.2
"hp deskjet 845c series" = hp deskjet 845c series (Supprimer uniquement)
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"Language pack for Ad-Aware SE" = Language pack for Ad-Aware SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MyFreeCodec" = MyFreeCodec
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Netlog 24" = Netlog 24
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PacLands" = PacLands
"Picasa 3" = Picasa 3
"QcDrv" = Programme de gestion Camera de Logitech®
"RealPlayer 6.0" = RealPlayer
"Red Alert 2" = Command & Conquer Alerte Rouge 2
"Return to Castle Wolfenstein" = Return to Castle Wolfenstein
"RollerCoaster Tycoon Setup" = RolllayN
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SFR_Kit" = SFR - Kit de connexion
"Shop for HP Supplies" = Shop for HP Supplies
"Tiny Cars 2_is1" = Tiny Cars 2
"Uninstall_is1" = Uninstall 1.0.0.0
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
"VLC media player" = VideoLAN VLC media player 0.8.6
"VMidi" = vanBasco's Karaoke Player
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOLAPI" = Composants Internet Partagés de Westwood
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-776561741-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/07/2009 14:43:28 | Computer Name = CARON-B5C5E45A1 | Source = Application Error | ID = 1000
Description = Application défaillante explorer.exe, version 6.0.2900.5512, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0x4eb9730c.

Error - 20/07/2009 11:52:15 | Computer Name = CARON-B5C5E45A1 | Source = Application Hang | ID = 1002
Description = Application bloquée msnmsgr.exe, version 14.0.8064.206, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 21/07/2009 19:18:11 | Computer Name = CARON-B5C5E45A1 | Source = Application Hang | ID = 1002
Description = Application bloquée realplay.exe, version 11.0.0.614, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 24/07/2009 13:46:19 | Computer Name = CARON-B5C5E45A1 | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 24/07/2009 13:46:23 | Computer Name = CARON-B5C5E45A1 | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs 1180947459.

Error - 27/07/2009 06:59:50 | Computer Name = CARON-B5C5E45A1 | Source = ESENT | ID = 490
Description = svchost (1012) Une tentative d'ouverture du fichier "C:\WINDOWS\system32\CatRoot2\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\catdb"
pour accès en lecture/écriture a échoué en indiquant l'erreur système 32 (0x00000020)
: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un
autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur
-1032 (0xfffffbf8).

Error - 29/07/2009 13:33:49 | Computer Name = CARON-B5C5E45A1 | Source = ESENT | ID = 490
Description = svchost (1004) Une tentative d'ouverture du fichier "C:\WINDOWS\system32\CatRoot2\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\catdb"
pour accès en lecture/écriture a échoué en indiquant l'erreur système 32 (0x00000020)
: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un
autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur
-1032 (0xfffffbf8).

Error - 03/08/2009 11:14:19 | Computer Name = CARON-B5C5E45A1 | Source = Application Error | ID = 1000
Description = Application défaillante smsnotice.exe, version 1.0.0.1, module défaillant
mslur71.dll, version 7.10.0.0, adresse de défaillance 0x0000b9e0.

Error - 03/08/2009 11:28:11 | Computer Name = CARON-B5C5E45A1 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL,
P10 NIL.

Error - 26/08/2009 14:27:08 | Computer Name = CARON-B5C5E45A1 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

[ System Events ]
Error - 26/08/2009 14:03:34 | Computer Name = CARON-B5C5E45A1 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 26/08/2009 14:03:35 | Computer Name = CARON-B5C5E45A1 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 26/08/2009 14:03:35 | Computer Name = CARON-B5C5E45A1 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 26/08/2009 14:03:35 | Computer Name = CARON-B5C5E45A1 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 26/08/2009 14:03:35 | Computer Name = CARON-B5C5E45A1 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 26/08/2009 14:03:35 | Computer Name = CARON-B5C5E45A1 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 26/08/2009 14:03:35 | Computer Name = CARON-B5C5E45A1 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 26/08/2009 14:03:35 | Computer Name = CARON-B5C5E45A1 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 26/08/2009 14:38:36 | Computer Name = CARON-B5C5E45A1 | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x80070005.

Error - 26/08/2009 14:40:15 | Computer Name = CARON-B5C5E45A1 | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.


< End of report >
répondre
Curson le 27 aout 2009 à 20h44
Bonsoir,

1) Désinstalle les applications suivantes (si présentes) via ajout/suppression de programmes :

Microsoft Search Enhancement Pack
Ad-Aware ; il n'est plus d'aucune efficacité contre les infections actuelles.
Windows Live OneCare safety scanner


2) Le Pack Securité de Wanadoo est présent sur le système. Il fait doublon avec Antivir ; nous allons le désinstaller.

- Télécharge l'Utilitaire de désinstallation des produits F-Secure et enregistre-le sur ton bureau.

- Décompresse le fichier zip et double-clique sur le fichier UninstallationTool.exe
- Accepte la licence d'utilisation et clique sur "Next".

- L'outil va désinstaller l'antivirus puis redémarrer l'ordinateur.


3) Relance OTL

- Copie-colle l'entièreté de ceci ci dessous dans la partie "Customs Scans/Fixes" :
:Processes
explorer.exe

:otl
SRV - (Lavasoft Ad-Aware Service [On_Demand | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-776561741-1659004503-839522115-1003\..\Toolbar\WebBrowser: (Multi Media France Toolbar) - {7009FCD4-05BE-44F4-9583-93FE419AB7B0} - C:\Program Files\Multi_Media_France\tbMul1.dll File not found
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKU\S-1-5-21-776561741-1659004503-839522115-1003\..\Run: [utchonuc] c:\documents and settings\propriétaire\local settings\application data\utchonuc.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-776561741-1659004503-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776561741-1659004503-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-776561741-1659004503-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776561741-1659004503-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
[2009/08/26 20:48:43 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/08/26 20:36:16 | 00,000,512 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/26 20:26:27 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/08/26 20:26:25 | 00,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Ad-Aware.lnk
[2009/08/23 18:17:31 | 00,578,928 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/08/23 18:17:31 | 00,502,032 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/23 18:17:31 | 00,096,150 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/08/23 18:17:31 | 00,080,630 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/23 17:59:59 | 00,000,422 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Propriétaire.job
[2009/01/17 09:51:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2008/01/03 23:43:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tonstickcakebias
[2009/08/26 20:41:42 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/08/23 17:59:59 | 00,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\Norton Security Scan for Propriétaire.job

:files
C:\Program Files\Messenger Plus! Live\Scripts\SendTo\_sendfile.exe
C:\Program Files\Alwil Software
C:\Program Files\Lavasoft
C:\Program Files\Microsoft\Search Enhancement Pack
C:\Program Files\Ask Search Assistant
C:\Program Files\Boonty
C:\Program Files\Norton Security Scan
C:\Program Files\Fichiers communs\Symantec Shared

:Commands
[Purity]
[emptytemp]
[start explorer]

Clique ensuite sur "Run Fix". L'ordinateur peut demander à redémarrer, accepte.
Une fois l'opération terminée, un fichier texte apparaîtra à l'écran. Copie/colle son contenu ici.


Comment se comporte le système ?


Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
répondre
flochlo le 28 aout 2009 à 09h31
Bonjour Curson
D'après ce que tu m'as fait faire le pc avait besoin d'un serieux nettoyage.Je n'ai pas trouvé "Microsoft Search Enhancement Pack "dans ajout et suppression de programme.Pendant le nettoyage avec OTL ,j'ai eu de nouveau un alerte Antivir toujours sur "messenger plus".
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== OTL ==========
Service\Driver Lavasoft Ad-Aware Service not found.
Service\Driver Lavasoft Ad-Aware Service not found.
File C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe not found.

Service\Driver SeaPort deleted successfully.
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe moved successfully.
Service\Driver Lbd not found.
Service\Driver Lbd not found.
File C:\WINDOWS\system32\DRIVERS\Lbd.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll unregistered successfully.
C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_USERS\S-1-5-21-776561741-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7009FCD4-05BE-44F4-9583-93FE419AB7B0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7009FCD4-05BE-44F4-9583-93FE419AB7B0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe not found.
Registry value HKEY_USERS\S-1-5-21-776561741-1659004503-839522115-1003\\Software\Microsoft\Windows\CurrentVersion\Run\\utchonuc deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-21-776561741-1659004503-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-776561741-1659004503-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-776561741-1659004503-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-776561741-1659004503-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:lsdelete deleted successfully.
File C:\WINDOWS\System32\lsdelete.exe not found.
File C:\WINDOWS\System32\lsdelete.exe not found.
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\ not found.
File C:\Documents and Settings\All Users\Bureau\Ad-Aware.lnk not found.
C:\WINDOWS\System32\perfh00C.dat moved successfully.
C:\WINDOWS\System32\perfh009.dat moved successfully.
C:\WINDOWS\System32\perfc00C.dat moved successfully.
C:\WINDOWS\System32\perfc009.dat moved successfully.
C:\WINDOWS\tasks\Norton Security Scan for Propriétaire.job moved successfully.
C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} moved successfully.
C:\Documents and Settings\All Users\Application Data\Tonstickcakebias moved successfully.
C:\WINDOWS\Tasks\MP Scheduled Scan.job moved successfully.
File C:\WINDOWS\Tasks\Norton Security Scan for Propriétaire.job not found.
========== FILES ==========
C:\Program Files\Messenger Plus! Live\Scripts\SendTo\_sendfile.exe moved successfully.
C:\Program Files\Alwil Software moved successfully.
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins moved successfully.
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Plugins\Langs moved successfully.
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Plugins moved successfully.
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Lang moved successfully.
C:\Program Files\Lavasoft\Ad-Aware SE Personal moved successfully.
C:\Program Files\Lavasoft moved successfully.
C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper moved successfully.
C:\Program Files\Microsoft\Search Enhancement Pack\Search Box Extension moved successfully.
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort moved successfully.
C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote moved successfully.
C:\Program Files\Microsoft\Search Enhancement Pack\Choice Guard moved successfully.
C:\Program Files\Microsoft\Search Enhancement Pack moved successfully.
C:\Program Files\Ask Search Assistant moved successfully.
C:\Program Files\Boonty\Components moved successfully.
C:\Program Files\Boonty moved successfully.
C:\Program Files\Norton Security Scan moved successfully.
C:\Program Files\Fichiers communs\Symantec Shared\SymcData\virusdefs-2.5-e\incoming moved successfully.
C:\Program Files\Fichiers communs\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub moved successfully.
C:\Program Files\Fichiers communs\Symantec Shared\SymcData\virusdefs-2.5-e\20090708.002 moved successfully.
C:\Program Files\Fichiers communs\Symantec Shared\SymcData\virusdefs-2.5-e\20090624.003 moved successfully.
C:\Program Files\Fichiers communs\Symantec Shared\SymcData\virusdefs-2.5-e moved successfully.
C:\Program Files\Fichiers communs\Symantec Shared\SymcData moved successfully.
C:\Program Files\Fichiers communs\Symantec Shared\NSSSetup\{22563C5A-6C62-4AA6-9C62-E451153F69BE}_2_0_1 moved successfully.
C:\Program Files\Fichiers communs\Symantec Shared\NSSSetup moved successfully.
C:\Program Files\Fichiers communs\Symantec Shared moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 82858 bytes

User: NetworkService
->Temp folder emptied: 1061320 bytes
->Temporary Internet Files folder emptied: 29992799 bytes

User: Propriétaire
->Temp folder emptied: 3594179 bytes
->Temporary Internet Files folder emptied: 42532006 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 58175044 bytes
->Google Chrome cache emptied: 6075848 bytes
->Apple Safari cache emptied: 84674 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\DA15D5355E1D4076B5208571346D6238.TMP folder deleted successfully.
%systemroot% .tmp files removed: 2242877 bytes
%systemroot%\System32 .tmp files removed: 720896 bytes
Windows Temp folder emptied: 101330 bytes
RecycleBin emptied: 38003245 bytes

Total Files Cleaned = 174,33 mb


OTL by OldTimer - Version 3.0.10.7 log created on 08282009_091740

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
répondre
Curson le 28 aout 2009 à 18h14
Bonsoir,

Comment se comporte le système à présent ?

Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
répondre
flochlo le 29 aout 2009 à 20h56
Bonsoir Curson
Concernant le système , je n'ai plus d'alerte Antivir et au niveau de l'utilisation j'ai gagné en rapidité.Tout à l'air OK, tu as fait bon boulot et je t'en remercie encore.A+
répondre
Curson le 29 aout 2009 à 23h02
Bonsoir,

L'infection a été éradiquée.

Suppression des outils utilisés

1) Télécharge ToolsCleaner2 de A.Rothstein et enregistre-le sur ton bureau.


2) Double-clique sur ToolsCleaner2.exe pour lancer l'outil.

- Clique sur le bouton Recherche.
- Une fois la recherche terminée, clique sur le bouton Suppression.

- Copie/colle le rapport et poste-le dans ta prochaine réponse.

Tu peux ensuite supprimer ToolsCleaner.


Sécurisation du système

1) Ta version de Java n'est pas à jour. Des failles de sécurité peuvent permettre l'infection de ton ordinateur. Plus d'informations.

Télécharge JavaRa et suis les instructions de ce tutorial.
Poste le rapport obtenu.


2) Ta version d'Adobe Reader n'est également pas à jour. Des failles de sécurité peuvent permettre l'infection de ton ordinateur. Plus d'informations.

- Fais la mise à jours vers la version 9.1.3.


Comment se comporte le système ?


Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
répondre
flochlo le 31 aout 2009 à 10h24
Bonjour Curson
J'ai bien mis à jour Adobe.Pour Java ,j'ai du supprimer l'ancienne version pour réinstaller la nouvelle .J'ai essayé d'utilisé JavaRa pour nettoyer ce qui rester des anciennes version,impossible.J'ai ce message"impossible de trouver Javara.def!assurez-vous que le fichier de destination reside dans le même répertoire.Hier j'ai fait deux scans avec Antivir et il m'a retrouvé deux"trojans".Je te joins le rapport Toolscleaner
[ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Navilog1\catchme.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\WINDOWS\system32\*.msnfix: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\Navilog1\catchme.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\WINDOWS\system32\*.msnfix: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
Pour info je te joins aussi le dernier rapport Antivir


Avira AntiVir Personal
Date de création du fichier de rapport : dimanche 30 août 2009 15:01

La recherche porte sur 1669782 souches de virus.

Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows XP
Version de Windows : (Service Pack 3) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur : CARON-B5C5E45A1

Informations de version :
BUILD.DAT : 9.0.0.67 17958 Bytes 04/08/2009 14:47:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 22/08/2009 20:10:56
AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11
LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 11:10:36
ANTIVIR2.VDF : 7.1.5.146 3087360 Bytes 21/08/2009 20:10:56
ANTIVIR3.VDF : 7.1.5.180 249856 Bytes 30/08/2009 10:48:44
Version du moteur : 8.2.1.7
AEVDF.DLL : 8.1.1.1 106868 Bytes 19/05/2009 07:40:05
AESCRIPT.DLL : 8.1.2.26 463227 Bytes 27/08/2009 10:10:39
AESCN.DLL : 8.1.2.4 127348 Bytes 22/07/2009 18:57:45
AERDL.DLL : 8.1.2.4 430452 Bytes 15/07/2009 18:15:27
AEPACK.DLL : 8.1.3.18 401783 Bytes 27/05/2009 19:36:24
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 17/06/2009 17:14:57
AEHEUR.DLL : 8.1.0.155 1921400 Bytes 22/08/2009 20:10:56
AEHELP.DLL : 8.1.6.0 233846 Bytes 22/08/2009 20:10:56
AEGEN.DLL : 8.1.1.59 356725 Bytes 27/08/2009 10:10:36
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 22/07/2009 18:57:31
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
AVPREF.DLL : 9.0.0.1 43777 Bytes 03/12/2008 10:39:26
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 14/07/2009 09:52:53
RCTEXT.DLL : 9.0.37.0 88321 Bytes 15/04/2009 09:07:05

Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: arrêt
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen

Début de la recherche : dimanche 30 août 2009 15:01

La recherche d'objets cachés commence.
'51690' objets ont été contrôlés, '0' objets cachés ont été trouvés.

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'iPodService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'LSSrvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'WZQKPICK.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'TeaTimer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'iTunesHelper.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'HpqSRmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SMSTray.exe' - '1' module(s) sont contrôlés
Processus de recherche 'VTTrayp.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'realsched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'MSASCui.exe' - '1' module(s) sont contrôlés
Processus de recherche 'WudfHost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'MsMpEng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'41' processus ont été contrôlés avec '41' modules

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '57' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\'
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\System Volume Information\_restore{A51A8C3B-89E9-4932-8082-E394E54CA6AF}\RP400\A0106257.exe
[RESULTAT] Contient le cheval de Troie TR/Crypt.CFI.Gen

Début de la désinfection :
C:\System Volume Information\_restore{A51A8C3B-89E9-4932-8082-E394E54CA6AF}\RP400\A0106257.exe
[RESULTAT] Contient le cheval de Troie TR/Crypt.CFI.Gen
[AVERTISSEMENT] Erreur lors de la création d'une copie de sécurité du fichier. Le fichier n'a pas été supprimé. Code d'erreur : 26004
[AVERTISSEMENT] Impossible de trouver le fichier source.
[REMARQUE] Tentative en cours d'exécuter l'action à l'aide de la bibliothèque ARK.
[AVERTISSEMENT] Erreur dans la bibliothèque ARK
[REMARQUE] Le fichier a été repéré pour une suppression après un redémarrage.


Fin de la recherche : dimanche 30 août 2009 17:36
Temps nécessaire: 2:31:34 Heure(s)

La recherche a été effectuée intégralement

8185 Les répertoires ont été contrôlés
248067 Des fichiers ont été contrôlés
1 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
0 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
1 Impossible de contrôler des fichiers
248065 Fichiers non infectés
1709 Les archives ont été contrôlées
2 Avertissements
2 Consignes
51690 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés

Cdlt
répondre
Curson le 31 aout 2009 à 20h15
Bonsoir,

C'est OK.

Suppression des points de restauration système infectés

Certains malwares détectés se trouvent dans les points de restauration système. Ils ne sont pas actifs.
C:\System Volume Information\

Il te suffit d'effacer le contenu de la restauration système :

- Cliquer droit sur "Poste de travail" puis choisir "Propriétés".
- Sélectionner l'onglet "Restauration du système".
- Cocher "Désactiver la Restauration du système sur tous les lecteurs" ou "Désactiver la Restauration du système" puis appliquer.

- Un message informera la suppression de tous les points de restauration existants.
- Confirmer par "Oui".
- Réactiver ensuite la restauration du système en décochant "Désactiver la Restauration du système".
- Appliquer puis valider par "OK".

< inclued picture >


Quelques conseils de sécurité

- Windows Update parfaitement à jour (catégorie critique, Services Pack et Services Release)
- pare-feu bien paramétré - antivirus bien paramétré et mis à jour régulièrement (quotidiennement s'il le faut) avec un scan complet régulier.
- IMPORTANT : une attitude prudente vis à vis de la navigation (pas de sites douteux : cracks, warez, etc) et vis à vis de la messagerie (les fichiers joints aux messages doivent être scanné avant d'être ouvert ainsi que les fichiers téléchargés dont la provenance n'est pas sûre !!)
- une attitude vigilante (être à l'affût de fonctionnements inhabituels de ton système)

Je te conseille également la lecture de ce document.

Si tu désires mieux connaître le domaine de la sécurité informatique, je ne peux que t'encourager à visiter le site de Malekal_Morte.


Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
répondre


PRODUITS

TÉLÉCHARGER - LOGICIELS

JEUX VIDÉOS

LOISIRS

01NET PRO

AVIS ET COMMENTAIRES

A PROPOS DE 01NET

Forum de 01net / Sécurité / virus MSN
publicité
> Logiciel : Kaspersky Internet Security 2010
la solution de sécurité la plus complète du marché.

Service 01net
Newsletters 01net
abonnez vous gratuitement !
Actus
Voir le dernier numéro
Entreprise
Voir le dernier numéro
  
01Informatique
01 INFORMATIQUE
L'hebdo de référence des décideurs informatiques.
Micro Hebdo
MICRO HEBDO
L'hebdo qui vous simplifie la micro
et Internet.
L'Ordinateur Individuel
L'ORDINATEUR INDIVIDUEL
Le mensuel informatique qui vous informe et vous conseille.
Nous contacter  |  Charte de confiance  |  Voir notice légale

01net.  -  01men  -  RMC  -  BFM Radio  -  BFM TV  -  TousLesPodcasts  -  01informatique.fr  -  Association RMC-BFM
Tous droits réservés © 1999 - 2009 Internext - 01net.