Il y a actuellement 371 visiteurs
Lundi 23 Décembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

Desktop Security 2010

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

Desktop Security 2010

Message le 09 Mai 2010 18:44

Bonsoir à tous,

J'ai été infecté par cette pôurriture hier soir et depuis je prds des heures sur mon ordi à essayer de l'éradiquer.

Ce que j'ai déjà fait:
-lire des réponses sur des forums à ceux qui ont déjà eu ce truc.
-Télécharger rkill.scr et le lancer pour arrêter le processus qui embête et ensuite tout supprimer manuellement mais ça revient au prochain démarrage
-Télécharger et mettre à jour malewarebytes et lancer un scan complet et tout supprimer mais ça réapparaît au prochain redémarrage! je précise que maleware ne se lancait pas et que, suivant une astuce du net, je l'ai renommé zal.exe et puis il s'est lancé.
[EDIT] Je précise qu'à la fin de la suppression de maleware il me dit que certains éléments n'ont pas été supprimés.

Je poste mon rapport hijakthis ainsi que le dernier scan maleware.

J'éspère vraiment que quelqu'un pourra m'aider.

Au fait: pourquoi MCAfee que ja paye suffisamment ne le voit même pas????


Merci d'avance

Code: Tout sélectionner
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:04, on 09/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Fichiers communs\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\program files\quicktime\qtsystem\quicktimeinternetextras.resources\es.lproj\quicktimequicktimeresources.exe
C:\program files\quicktime\qtsystem\quicktimecapture.resources\sv.lproj\quicktimeresourcesquicktime.exe
C:\program files\quicktime\qtsystem\quicktimestreamingauthoring.resources\it.lproj\quicktimeresourcesquicktimeresources7.6.6.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
C:\Program Files\Neuf\Kit\9props.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\docume~1\benjamin\locals~1\temp\hppt.exe
C:\WINDOWS\explorer.exe
c:\docume~1\benjamin\locals~1\temp\athh.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Documents and Settings\benjamin\Mes documents\install\HiJackThis.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 3194 bytes




Code: Tout sélectionner
Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Version de la base de données: 4083

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

09/05/2010 19:18:57
mbam-log-2010-05-09 (19-18-57).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 209946
Temps écoulé: 32 minute(s), 23 seconde(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 9
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 16

Processus mémoire infecté(s):
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\Desktop Security 2010.exe (Rogue.DesktopSecurity2010) -> Unloaded process successfully.
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\securitycenter.exe (Rogue.DesktopSecurity2010) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\mfc71.dll (Rogue.DesktopSecurity2010) -> Delete on reboot.
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\msvcp71.dll (Rogue.DesktopSecurity2010) -> Delete on reboot.
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\msvcr71.dll (Rogue.DesktopSecurity2010) -> Delete on reboot.
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\taskmgr.dll (Rogue.DesktopSecurity2010) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\securitycenter (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nnomkidrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tusppmdrv (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wvtstrdrv (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wvtstrdrv (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dddabysys (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qoppmnsys (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qoppmnsys (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\benjamin\Menu Démarrer\Programmes\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Delete on reboot.

Fichier(s) infecté(s):
C:\Documents and Settings\benjamin\Menu Démarrer\Programmes\Desktop Security 2010\Activate Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\benjamin\Menu Démarrer\Programmes\Desktop Security 2010\Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\benjamin\Menu Démarrer\Programmes\Desktop Security 2010\Help Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\benjamin\Menu Démarrer\Programmes\Desktop Security 2010\How to Activate Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\Desktop Security 2010.exe (Rogue.DesktopSecurity2010) -> Delete on reboot.
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\mfc71.dll (Rogue.DesktopSecurity2010) -> Delete on reboot.
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\MFC71ENU.DLL (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\msvcp71.dll (Rogue.DesktopSecurity2010) -> Delete on reboot.
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\msvcr71.dll (Rogue.DesktopSecurity2010) -> Delete on reboot.
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\securitycenter.exe (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\securityhelper.exe (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\benjamin\Application Data\Desktop Security 2010\taskmgr.dll (Rogue.DesktopSecurity2010) -> Delete on reboot.
C:\Documents and Settings\benjamin\Menu Démarrer\Programmes\Desktop Security 2010.LNK (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop Security 2010.LNK (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\benjamin\Local Settings\Temp\wrfwe_di.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\benjamin\Local Settings\Temp\test.exe (Trojan.Agent) -> Delete on reboot.
zikkmu
Visiteur
Visiteur
 
Messages: 6
Inscription: 09 Mai 2010 18:31
 


Re: Desktop Security 2010

Message le 09 Mai 2010 18:58

Bonsoir

Fait ceci.

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal " soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL " Personnalisation"

Code: Tout sélectionner
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
 viasraid.sys
AGP440.sys
 vaxscsi.sys
 nvatabus.sys
 viamraid.sys
 nvata.sys
 nvgts.sys
 iastorv.sys
 ViPrt.sys
 eNetHook.dll
 ahcix86.sys
 KR10N.sys
 vstor32.sys
 ahcix86s.sys
 nvrd32.sys
 /md5stop
 %systemroot%\*. /mp /s
 %systemroot%\system32\*.dll /lockedfiles
 %systemroot%\Tasks\*.job /lockedfiles





* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: Desktop Security 2010

Message le 09 Mai 2010 19:17

Merci beaucoup pour ton aide, si tu veux bien je veux bien des explications de ce que je fais, histoire de comprendre et d'éviter de poser une question la prochaine fois!

Code: Tout sélectionner
OTL.txt
OTL logfile created on: 09/05/2010 20:02:47 - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Documents and Settings\benjamin\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53,07 Gb Total Space | 5,37 Gb Free Space | 10,12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: INSPIRON9100
Current User Name: benjamin
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Documents and Settings\benjamin\Bureau\OTL.exe (OldTimer Tools)
PRC - c:\Documents and Settings\benjamin\Local Settings\Temp\atHh.exe ()
PRC - c:\Documents and Settings\benjamin\Local Settings\Temp\hPPT.exe ()
PRC - C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\it.lproj\QuickTimeResourcesQuickTimeResources7.6.6.exe ()
PRC - C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\sv.lproj\QuickTimeResourcesQuickTime.exe ()
PRC - C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\es.lproj\QuickTimeQuickTimeResources.exe ()
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Documents and Settings\benjamin\Mes documents\install\HiJackThis.exe (Trend Micro Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Fichiers communs\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Neuf\Kit\9props.exe (SFR)
PRC - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\Fichiers communs\Nokia\MPlatform\NokiaMServer.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
PRC - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIBEE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe ()
PRC - C:\Program Files\Dell\QuickSet\quickset.exe ()
PRC - C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe (ScanSoft, Inc.)
PRC - C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Documents and Settings\benjamin\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
MOD - C:\WINDOWS\SYSTEM32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\SYSTEM32\framedyn.dll (Microsoft Corporation)
MOD - C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll (ScanSoft, Inc.)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (matlabserver) --  File not found
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Program Files\Fichiers communs\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (ServiceLayer) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)
SRV - (MDM) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (tbhsd) -- C:\WINDOWS\SYSTEM32\DRIVERS\tbhsd.sys (RapidSolution Software AG)
DRV - (mfehidk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys (McAfee, Inc.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (upperdev) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (UsbserFilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\WINDOWS\SYSTEM32\DRIVERS\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\SYSTEM32\DRIVERS\ccdcmb.sys (Nokia)
DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (RTLWUSB) -- C:\WINDOWS\SYSTEM32\DRIVERS\wg111v2.sys (NETGEAR Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\SYSTEM32\DRIVERS\pccsmcfd.sys (Nokia)
DRV - (WmXlCore) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmVirHid.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmBEnum.sys (Logitech Inc.)
DRV - (ezplay) -- C:\WINDOWS\SYSTEM32\DRIVERS\ezplay.sys (VSO Software)
DRV - (bbcap) -- C:\WINDOWS\SYSTEM32\DRIVERS\bbcap.sys (Windows (R) 2000 DDK provider)
DRV - (slabbus) CP210x USB Composite Device driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\slabbus.sys (MCCI)
DRV - (HSF_DPV) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (slabser) -- C:\WINDOWS\SYSTEM32\DRIVERS\slabser.sys (MCCI)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\SYSTEM32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS (NVIDIA Corporation)
DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys (SigmaTel, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Inc)
DRV - (bcm4sbxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (pfc) -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys (Padus, Inc.)
DRV - (kbfilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\kbfilter.sys (WayTech Development, Inc.)
DRV - (SMCIRDA) -- C:\WINDOWS\SYSTEM32\DRIVERS\smcirda.sys (SMC)
DRV - (STIrUsb) -- C:\WINDOWS\SYSTEM32\DRIVERS\irstusb.sys (SigmaTel, Inc.)
DRV - (SBKUPNT) -- C:\WINDOWS\SYSTEM32\DRIVERS\SBKUPNT.SYS ()
DRV - (Aspi32) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.SYS (Adaptec)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.16.110.200:3128
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/02 10:21:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/09 23:10:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/08 22:55:19 | 000,000,000 | ---D | M]
 
[2009/01/25 22:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\benjamin\Application Data\Mozilla\Extensions
[2009/01/25 22:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\benjamin\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/01/09 16:47:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\benjamin\Application Data\Mozilla\Firefox\Profiles\uz7dv3lr.default\extensions
[2010/01/09 16:27:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\benjamin\Application Data\Mozilla\Firefox\Profiles\uz7dv3lr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/09 16:22:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\benjamin\Application Data\Mozilla\Firefox\Profiles\xnrndhf8.Ben\extensions
[2010/01/09 16:19:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\benjamin\Application Data\Mozilla\Firefox\Profiles\xnrndhf8.Ben\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2010/01/09 16:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\benjamin\Application Data\Mozilla\Firefox\Profiles\xnrndhf8.Ben\extensions\staged-xpis
[2010/05/08 21:24:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/13 11:08:35 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/03/13 11:08:35 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/03/13 11:08:35 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/03/13 11:08:35 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/03/24 08:06:14 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2009/05/13 08:18:30 | 000,000,782 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1   localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ApplicationMcAfee1001] c:\Documents and Settings\benjamin\Local Settings\Temp\tIgv.exe ()
O4 - HKLM..\Run: [awtqposys] C:\WINDOWS\System32\khifgh.dll ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [Emurayden PSX Emulator]  File not found
O4 - HKLM..\Run: [EoEngine]  File not found
O4 - HKLM..\Run: [EoWeather]  File not found
O4 - HKLM..\Run: [InstallerMcAfee] C:\Documents and Settings\benjamin\Local Settings\Temp\hPPT.exe ()
O4 - HKLM..\Run: [Installermcinst4300] c:\Documents and Settings\benjamin\Local Settings\Temp\dAAF.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\zal.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcinstmcinst] c:\Documents and Settings\benjamin\Local Settings\Temp\atHh.exe ()
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe File not found
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Fichiers communs\Nokia\MPlatform\NokiaMServer.exe ()
O4 - HKLM..\Run: [OPSE reminder] C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe ()
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTimeQuickTimeResources] C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\es.lproj\QuickTimeQuickTimeResources.exe ()
O4 - HKLM..\Run: [QuickTimeResourcesQuickTime] c:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\sv.lproj\QuickTimeResourcesQuickTime.exe ()
O4 - HKLM..\Run: [quicktimeresourcesquicktimeresources7.6.6] c:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\it.lproj\QuickTimeResourcesQuickTimeResources7.6.6.exe ()
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [xxyyvsdrv] C:\WINDOWS\System32\ddayww.dll (RealWorld Graphics)
O4 - HKCU..\Run: [38p5rvurc884] C:\Documents and Settings\benjamin\Local Settings\Temp\m.29E.tmp.exe ()
O4 - HKCU..\Run: [Connexion SFR 9props.exe] C:\Program Files\Neuf\Kit\9props.exe (SFR)
O4 - HKCU..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe File not found
O4 - HKCU..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON Stylus DX4050] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe File not found
O4 - HKCU..\Run: [wvwwvwdrv] C:\WINDOWS\System32\ddayww.dll (RealWorld Graphics)
O4 - HKLM..\RunServices: [Installermcinst] c:\Documents and Settings\benjamin\Local Settings\Temp\hPPT.exe ()
O4 - HKLM..\RunServices: [mcinstInstaller] C:\Documents and Settings\benjamin\Local Settings\Temp\hPPT.exe ()
O4 - HKLM..\RunServices: [mcinstMcAfee] c:\Documents and Settings\benjamin\Local Settings\Temp\SmPm.exe ()
O4 - HKLM..\RunServices: [QuickTimeQuickTimeResources] C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\es.lproj\QuickTimeQuickTimeResources.exe ()
O4 - HKLM..\RunServices: [quicktimeresourcesquicktime] c:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\sv.lproj\QuickTimeResourcesQuickTime.exe ()
O4 - HKLM..\RunServices: [QuickTimeResourcesQuickTime7.6.6] c:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\es.lproj\QuickTimeQuickTimeResources.exe ()
O4 - HKLM..\RunServices: [QuickTimeResourcesQuickTimeResources] c:\Program Files\QuickTime\QTSystem\QuickTimeCapture.Resources\sv.lproj\QuickTimeResourcesQuickTime.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Nokia Ovi Suite.lnk = C:\Program Files\Nokia\Ovi\Suite\RunLauncher.exe (Nokia)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WG111v2 Smart Wizard Wireless Setting.lnk = C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe ()
O4 - Startup: C:\Documents and Settings\benjamin\Menu Démarrer\Programmes\Démarrage\Outil de détection de support PMB.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: //@signup.mar@/ ([]money in My Computer)
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Intranet local)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab (DjVuCtl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} https://support.microsoft.com/OAS/ActiveX/odc.cab (Microsoft Data Collection Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB50} http://82.127.17.206/home/SonySncCs3View.cab (Sony SNC-CS3 Image Viewer)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://www.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection.cab?version= (Reg Error: Key error.)
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {983AB2CC-3D50-11D9-ADFE-00062919A34C} http://www.photoservice.com/activeX/newUpload.CAB (ActiveXUpload.UserCtrl)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe (Virtools WebPlayer Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\benjamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\benjamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - Reg Error: Key error. File not found
O30 - LSA: Authentication Packages - (khifgh.dll) - C:\WINDOWS\System32\khifgh.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/20 12:37:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6319920e-d1ff-11dd-b0a2-001143617874}\Shell\AutoRun\command - "" = F:\h3.bat -- File not found
O33 - MountPoints2\{6319920e-d1ff-11dd-b0a2-001143617874}\Shell\explore\Command - "" = F:\h3.bat -- File not found
O33 - MountPoints2\{6319920e-d1ff-11dd-b0a2-001143617874}\Shell\open\Command - "" = F:\h3.bat -- File not found
O33 - MountPoints2\{6357f9b5-3fc2-11dc-ad4d-001143617874}\Shell - "" = AutoRun
O33 - MountPoints2\{9b8d379c-d872-11db-ac07-001143617874}\Shell - "" = AutoRun
O33 - MountPoints2\{9b8d379c-d872-11db-ac07-001143617874}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a2500352-4a1e-11df-b3dc-001060a746c3}\Shell - "" = AutoRun
O33 - MountPoints2\{cca42c92-97b9-11da-a840-001143617874}\Shell\AutoRun\command - "" = setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2007/09/22 10:45:41 | 000,000,000 | ---D | M]
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/05/09 19:59:21 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\benjamin\Bureau\OTL.exe
[2010/05/09 12:43:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/09 12:43:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/09 12:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/08 23:35:48 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\benjamin\Bureau\TFC.exe
[2010/05/08 20:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/08 18:52:59 | 000,089,088 | -H-- | C] (RealWorld Graphics) -- C:\WINDOWS\System32\ddayww.dll
[2010/05/07 22:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Robert et Collins
[2010/05/05 15:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\benjamin\Mes documents\DartyCaddieReceiptView_fichiers
[2010/05/05 14:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Apple
[2010/05/05 14:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\benjamin\Local Settings\Application Data\Apple
[2010/05/05 14:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/05/05 14:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/05/05 14:55:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\benjamin\Local Settings\Application Data\Apple Computer
[2010/04/27 15:18:04 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioVisu.dll
[2010/04/27 15:18:04 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudPlayer.dll
[2010/04/27 15:18:04 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioRecord.dll
[2010/04/27 15:18:04 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\WMAFile.dll
[2010/04/27 15:18:03 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDesign.dll
[2010/04/27 15:18:03 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll
[2010/04/27 15:18:03 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll
[2010/04/27 15:18:03 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDisplay.dll
[2010/04/27 15:18:02 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscc2fr.dll
[2010/04/27 15:18:02 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTFR.DLL
[2010/04/27 15:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\benjamin\Application Data\FreeAudioPack
[2010/04/27 15:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Free Audio Pack
[2010/04/21 22:29:41 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/04/21 22:28:25 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/21 22:28:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/21 22:28:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/21 20:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\Softtrends
[1980/01/01 02:00:00 | 000,135,168 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[74 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\Documents and Settings\benjamin\Mes documents\*.tmp files -> C:\Documents and Settings\benjamin\Mes documents\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/05/09 19:59:28 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\benjamin\Bureau\OTL.exe
[2010/05/09 19:20:12 | 000,023,169 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/05/09 19:19:07 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\pxwgspoa.sys
[2010/05/09 18:40:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/05/09 18:38:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/09 18:38:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/05/09 18:38:37 | 2146,725,888 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/09 18:37:37 | 014,680,064 | ---- | M] () -- C:\Documents and Settings\benjamin\ntuser.dat
[2010/05/09 18:36:54 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\benjamin\NTUSER.INI
[2010/05/09 08:21:40 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\benjamin\Bureau\Raccourci vers HiJackThis.exe.lnk
[2010/05/08 23:36:01 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\benjamin\Bureau\TFC.exe
[2010/05/08 23:06:28 | 000,001,246 | ---- | M] () -- C:\Documents and Settings\benjamin\Mes documents\sauv.reg
[2010/05/08 21:49:24 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\benjamin\Bureau\rkill.scr
[2010/05/08 20:48:00 | 000,090,112 | -H-- | M] () -- C:\WINDOWS\System32\khifgh.dll
[2010/05/08 18:55:05 | 000,518,066 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/05/08 18:55:05 | 000,449,796 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/05/08 18:55:05 | 000,087,566 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/05/08 18:55:05 | 000,074,250 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/05/08 18:55:04 | 001,145,136 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/08 18:53:00 | 000,089,088 | -H-- | M] (RealWorld Graphics) -- C:\WINDOWS\System32\ddayww.dll
[2010/05/08 12:11:44 | 000,055,484 | ---- | M] () -- C:\Documents and Settings\benjamin\Application Data\wklnhst.dat
[2010/05/07 22:44:49 | 000,000,031 | ---- | M] () -- C:\WINDOWS\rcwin.ini
[2010/05/07 22:40:48 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\benjamin\Bureau\Le Robert et Collins.lnk
[2010/05/07 20:01:00 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\Analyse McAfee.com - Mon ordinateur (GHEDINOS-benjamin).job
[2010/05/05 15:30:38 | 000,157,103 | ---- | M] () -- C:\Documents and Settings\benjamin\Mes documents\DartyCaddieReceiptView.htm
[2010/05/05 14:56:28 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/05 12:28:48 | 000,153,980 | ---- | M] () -- C:\Documents and Settings\benjamin\Mes documents\coupon_avantages_exclusifs_offre_bienvenue.pdf
[2010/05/03 19:43:00 | 000,159,584 | ---- | M] () -- C:\Documents and Settings\benjamin\Mes documents\ODR_SFR_50e_HTC_Legend.pdf
[2010/05/01 19:54:53 | 000,130,200 | ---- | M] () -- C:\Documents and Settings\benjamin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 16:53:12 | 022,676,856 | ---- | M] () -- C:\Documents and Settings\benjamin\Mes documents\bildermitseitenverhltnis4zu3konventionell.zip
[2010/04/28 12:03:40 | 000,039,277 | ---- | M] () -- C:\Documents and Settings\benjamin\Mes documents\RETOUR_DARTY.pdf
[2010/04/27 15:18:05 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\benjamin\Bureau\Free Mp3 Wma Converter.lnk
[2010/04/22 22:18:35 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\benjamin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/22 07:14:12 | 002,278,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/21 22:32:44 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\OpenOffice.org 3.1.lnk
[2010/04/21 20:58:32 | 000,045,338 | ---- | M] () -- C:\Documents and Settings\benjamin\Mes documents\Note1.pwi
[2010/04/21 20:50:44 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010/04/21 07:41:55 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\benjamin\Mes documents\recu.bmp
[2010/04/17 23:07:00 | 000,625,802 | ---- | M] () -- C:\Documents and Settings\benjamin\Mes documents\gradabzeichenf.pdf
[2010/04/17 16:51:38 | 000,000,252 | ---- | M] () -- C:\WINDOWS\dao.ini
[2010/04/17 16:50:55 | 000,000,016 | ---- | M] () -- C:\WINDOWS\oledao95.ini
[2010/04/16 16:05:40 | 000,175,287 | ---- | M] () -- C:\Documents and Settings\benjamin\Mes documents\EDUCATEL.pdf
[2010/04/15 09:52:04 | 000,000,113 | ---- | M] () -- C:\Documents and Settings\benjamin\Bureau\Eglise ADD Tours.url
[2010/04/15 09:48:51 | 000,000,571 | ---- | M] () -- C:\Documents and Settings\benjamin\Bureau\Prédication Tours.lnk
[2010/04/14 13:48:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[74 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\Documents and Settings\benjamin\Mes documents\*.tmp files -> C:\Documents and Settings\benjamin\Mes documents\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/05/09 19:19:07 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\pxwgspoa.sys
[2010/05/09 12:05:15 | 2146,725,888 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/09 08:21:40 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\benjamin\Bureau\Raccourci vers HiJackThis.exe.lnk
[2010/05/08 23:06:28 | 000,001,246 | ---- | C] () -- C:\Documents and Settings\benjamin\Mes documents\sauv.reg
[2010/05/08 21:49:18 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\benjamin\Bureau\rkill.scr
[2010/05/08 20:48:00 | 000,090,112 | -H-- | C] () -- C:\WINDOWS\System32\khifgh.dll
[2010/05/07 22:40:48 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\benjamin\Bureau\Le Robert et Collins.lnk
[2010/05/07 22:39:51 | 000,000,031 | ---- | C] () -- C:\WINDOWS\rcwin.ini
[2010/05/05 15:30:35 | 000,157,103 | ---- | C] () -- C:\Documents and Settings\benjamin\Mes documents\DartyCaddieReceiptView.htm
[2010/05/05 14:56:28 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/05 12:28:48 | 000,153,980 | ---- | C] () -- C:\Documents and Settings\benjamin\Mes documents\coupon_avantages_exclusifs_offre_bienvenue.pdf
[2010/05/03 19:43:00 | 000,159,584 | ---- | C] () -- C:\Documents and Settings\benjamin\Mes documents\ODR_SFR_50e_HTC_Legend.pdf
[2010/04/28 16:51:07 | 022,676,856 | ---- | C] () -- C:\Documents and Settings\benjamin\Mes documents\bildermitseitenverhltnis4zu3konventionell.zip
[2010/04/28 12:03:39 | 000,039,277 | ---- | C] () -- C:\Documents and Settings\benjamin\Mes documents\RETOUR_DARTY.pdf
[2010/04/27 15:18:05 | 000,000,900 | ---- | C] () -- C:\Documents and Settings\benjamin\Bureau\Free Mp3 Wma Converter.lnk
[2010/04/27 15:18:04 | 000,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
[2010/04/27 15:18:01 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/04/21 22:32:44 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\OpenOffice.org 3.1.lnk
[2010/04/21 20:58:32 | 000,045,338 | ---- | C] () -- C:\Documents and Settings\benjamin\Mes documents\Note1.pwi
[2010/04/21 07:41:54 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\benjamin\Mes documents\recu.bmp
[2010/04/17 23:07:00 | 000,625,802 | ---- | C] () -- C:\Documents and Settings\benjamin\Mes documents\gradabzeichenf.pdf
[2010/04/16 16:05:40 | 000,175,287 | ---- | C] () -- C:\Documents and Settings\benjamin\Mes documents\EDUCATEL.pdf
[2010/04/15 09:51:47 | 000,000,113 | ---- | C] () -- C:\Documents and Settings\benjamin\Bureau\Eglise ADD Tours.url
[2010/04/15 09:48:51 | 000,000,571 | ---- | C] () -- C:\Documents and Settings\benjamin\Bureau\Prédication Tours.lnk
[2010/02/22 10:30:45 | 000,000,252 | ---- | C] () -- C:\WINDOWS\dao.ini
[2010/02/22 10:30:16 | 000,000,016 | ---- | C] () -- C:\WINDOWS\oledao95.ini
[2009/11/11 17:06:41 | 000,000,884 | ---- | C] () -- C:\WINDOWS\shlfolder.sys
[2009/11/11 15:24:34 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/11/11 15:24:17 | 000,007,023 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/10/23 22:21:07 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/03/20 17:31:10 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2009/03/02 12:33:32 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/28 21:28:26 | 000,966,765 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2008/12/28 21:28:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\RtlGina2.dll
[2008/12/28 21:28:24 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\SCMLib.dll
[2008/01/21 20:52:48 | 000,000,115 | ---- | C] () -- C:\WINDOWS\VBCE.INI
[2007/11/10 22:06:24 | 000,000,096 | ---- | C] () -- C:\WINDOWS\CARTESURTABLE.INI
[2007/11/10 09:30:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/10/24 22:11:24 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2007/09/29 22:34:28 | 000,000,712 | ---- | C] () -- C:\WINDOWS\GARMINWT.INI
[2007/09/14 13:16:49 | 000,000,287 | ---- | C] () -- C:\WINDOWS\BibleVersesSetup.INI
[2007/08/04 12:01:02 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/06/27 15:48:29 | 000,000,041 | ---- | C] () -- C:\WINDOWS\pos.ini
[2007/03/19 21:03:11 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/02/16 19:51:23 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/02/16 19:47:38 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE DX4000EFDG.ini
[2007/01/27 21:42:44 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/12/27 16:27:17 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2006/12/27 16:27:13 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2006/12/23 14:18:53 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/12/13 20:15:21 | 000,046,266 | ---- | C] () -- C:\WINDOWS\System32\miscapi.dll
[2006/11/29 18:49:35 | 000,000,148 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2006/11/10 16:23:41 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\WideDBAdapter.dll
[2006/11/10 16:23:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\WideSyncManager.dll
[2006/11/10 16:23:41 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\WideToolkit.dll
[2006/11/10 16:23:41 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ObexLib.dll
[2006/11/10 16:23:41 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\WideSyncAdminAdapter.dll
[2006/08/02 12:07:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/06/16 12:23:53 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/02/07 13:15:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6f.DLL
[2006/01/26 14:51:57 | 000,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2006/01/26 14:51:56 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\nlame.dll
[2005/12/14 22:21:47 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\bbchlp.dll
[2005/12/14 22:13:43 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2005/12/14 22:13:43 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegOBJ.dll
[2005/12/14 22:06:24 | 000,001,071 | ---- | C] () -- C:\WINDOWS\pae.ini
[2005/10/23 17:43:37 | 000,004,290 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/10/13 01:11:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sirenacm(2).dll
[2005/05/25 21:14:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NWRGSTRY.INI
[2005/04/26 08:41:45 | 000,000,157 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2005/04/26 08:00:39 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mllink5.dll
[2005/04/26 08:00:39 | 000,000,019 | ---- | C] () -- C:\WINDOWS\exlink.ini
[2005/04/20 18:19:41 | 000,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005/02/12 19:04:32 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/02/05 17:40:56 | 000,000,679 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2005/01/22 22:32:49 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/01/22 18:47:44 | 000,000,750 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/07 10:42:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/07 10:10:06 | 000,000,617 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/12/03 11:17:42 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\RsaCrypt.dll
[2004/08/20 12:46:40 | 000,000,829 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2001/07/06 15:30:00 | 000,003,279 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[1980/01/01 02:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2008/12/08 20:37:20 | 001,268,472 | ---- | M] () -- C:\DLM.exe
[2002/05/26 16:35:24 | 000,139,776 | ---- | M] (http://www.cliprex.com) -- C:\reg.exe
[2001/05/24 13:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/19 22:07:10 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/22 13:58:53 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/22 13:58:53 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/19 22:07:10 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/22 13:58:53 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/22 13:58:53 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004/08/19 21:56:28 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2004/08/05 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\I386\EVENTLOG.DLL
[2004/08/19 21:57:55 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\SYSTEM32\eventlog.dll
 
[color=#A23BEC]< MD5 for: IASTOR.SYS  >[/color]
[2004/08/19 22:13:38 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\WINDOWS\dell\iastor\iastor.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/05 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\I386\NETLOGON.DLL
[2004/08/19 22:02:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\SYSTEM32\scecli.dll
[2004/08/05 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\I386\SCECLI.DLL
[2004/08/19 22:05:20 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2008/04/14 04:33:33 | 001,384,479 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\SYSTEM32\msvbvm60.dll
[74 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

Extras.txt
OTL Extras logfile created on: 09/05/2010 20:02:47 - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Documents and Settings\benjamin\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53,07 Gb Total Space | 5,37 Gb Free Space | 10,12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: INSPIRON9100
Current User Name: benjamin
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"26180:TCP" = 26180:TCP:*:Enabled:neuf telecom
"26181:TCP" = 26181:TCP:*:Enabled:neuf telecom
"9876:TCP" = 9876:TCP:*:Enabled:neuf telecom
"26190:UDP" = 26190:UDP:*:Disabled:SesamTV PVR
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Disabled:eMule -- File not found
"C:\Jeux\IL-2 Sturmovik Forgotten Battles\il2fb.exe" = C:\Jeux\IL-2 Sturmovik Forgotten Battles\il2fb.exe:*:Disabled:il2fb -- File not found
"C:\Jeux\Star Wars\GameData\jamp.exe" = C:\Jeux\Star Wars\GameData\jamp.exe:*:Disabled:Jedi Academy MultiPlayer -- File not found
"C:\Program Files\Kazaa\kazaa.exe" = C:\Program Files\Kazaa\kazaa.exe:*:Disabled:Kazaa Media Desktop -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- File not found
"C:\Jeux\blobby\volley.exe" = C:\Jeux\blobby\volley.exe:*:Disabled:volley -- File not found
"F:\jeux\IL-2 Sturmovik Forgotten Battles\il2fb.exe" = F:\jeux\IL-2 Sturmovik Forgotten Battles\il2fb.exe:*:Enabled:il2fb -- File not found
"F:\jeux\DVD-IL2\IL-2 Sturmovik Forgotten Battles\il2fb.exe" = F:\jeux\DVD-IL2\IL-2 Sturmovik Forgotten Battles\il2fb.exe:*:Enabled:il2fb -- File not found
"C:\WINDOWS\SYSTEM32\FXSCLNT.EXE" = C:\WINDOWS\SYSTEM32\FXSCLNT.EXE:*:Disabled:Microsoft  Fax Console -- File not found
"C:\Program Files\FTP Commander\ftpcomm.exe" = C:\Program Files\FTP Commander\ftpcomm.exe:*:Enabled:ftpcomm -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- File not found
"C:\Program Files\Team17\Worms 2\Frontend.exe" = C:\Program Files\Team17\Worms 2\Frontend.exe:*:Disabled:Worms 2 Frontend -- File not found
"C:\Team17\Worms Armageddon\WA.exe" = C:\Team17\Worms Armageddon\WA.exe:*:Disabled:Worms Armageddon -- File not found
"C:\Program Files\NetMeeting\CONF.EXE" = C:\Program Files\NetMeeting\CONF.EXE:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\WINDOWS\SYSTEM32\dwwin.exe" = C:\WINDOWS\SYSTEM32\dwwin.exe:*:Enabled:dwwin -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe" = C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Visicom Media\FTP Expert 3\ftpxpert3.exe" = C:\Program Files\Visicom Media\FTP Expert 3\ftpxpert3.exe:*:Disabled:AceFTP v3 -- File not found
"C:\Program Files\Windows CE Tools\Common\Platman\bin\cemgr.exe" = C:\Program Files\Windows CE Tools\Common\Platman\bin\cemgr.exe:*:Disabled:CEMGR Module -- File not found
"C:\Program Files\Logitech\Gaming Software\LWEMon.exe" = C:\Program Files\Logitech\Gaming Software\LWEMon.exe:*:Disabled:LWEMon -- (Logitech Inc.)
"C:\Program Files\neuf telecom\MP9 Premium\MP9Premium.exe" = C:\Program Files\neuf telecom\MP9 Premium\MP9Premium.exe:*:Disabled:SesamTV Media Center -- File not found
"C:\Program Files\TmNationsForever\TmForever.exe" = C:\Program Files\TmNationsForever\TmForever.exe:*:Disabled:TmForever -- ()
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe" = C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:*:Disabled:TwonkyMedia -- File not found
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe" = C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:*:Disabled:TwonkyMediaServer -- File not found
"C:\Program Files\Team17\Worms Armageddon\wa.exe" = C:\Program Files\Team17\Worms Armageddon\wa.exe:*:Disabled:Worms Armageddon -- File not found
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CFF0BFE-B750-4ECA-882D-03B8C6A9F26A}" = Nokia Ovi Content Copier
"{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}" = OpenOffice.org 3.1
"{11AEA686-CD61-4C11-B410-330119375147}" = WiDESYNC 2.0
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1933FE45-AF8D-482D-9BC7-5F651BBF0A4F}" = Nokia Ovi System Utilities
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F45C0EC-17A4-4EE9-874D-A88757BD6C09}" = CapMan
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2A6282FF-B75B-463F-90F5-0A43732F690D}" = Broadcom Management Programs
"{2BAB23B0-70CE-4E7C-85B4-36154482CD57}" = Nokia Ovi Suite
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3514CD14-6F9C-39C9-94F5-6644CAD122CF}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - FRA
"{3675CF90-85D3-4DC2-85C9-C169BBCD2B2D}" = Sony Ericsson OCS
"{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4102037D-E8E0-48E0-B203-E521D194FB71}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{511DF669-2930-30C0-8EB6-552887E29EC8}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{567885A3-D921-443F-9704-9964D1D8EE33}" = Pocket e-Sword (2005)
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}" = Microsoft .NET Framework 3.5 Language Pack - fra
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CEC5DEA-44D1-4C56-978E-56BFD84AF10D}" = Nokia Ovi One Touch Access
"{7054ED85-498D-4D20-906F-14646AEC5581}" = Complément Microsoft Word pour Microsoft Works Suite
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = Analyseur et SDK MSXML 4.0 SP2
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{75B4F73F-4EB1-4126-AE4B-639F3CE6E411}" = Sony Ericsson Mobile Phone Monitor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A8F0E9B-4FC9-3C40-9AFB-9AEEFE81D6A7}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - FRA
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (French) 12
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_OUTLOOKR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_OUTLOOKR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOKR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_OUTLOOKR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_OUTLOOKR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9028040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional avec FrontPage
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{911B040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{9C7C8898-DC29-4E8B-9E77-55A77C3250F6}" = PC Connectivity Solution
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0229D5A-CA5A-498E-8DB1-611802A09306}" = LivePvrSync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4E0CA0F-1903-440A-9B98-FEA6CB049999}" = Nokia Flashing Cable Driver
"{A96D3ED0-E7B3-41F6-8BB5-F3C63D80901D}" = SplashPhoto
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français
"{AEFD48FE-2A76-11D3-928B-00C04FB90523}" = Microsoft Reader pour Pocket PC
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C5961323-A2E5-4FAB-B92D-DBF6C282F0F5}" = Logitech Gaming Software 5.01
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader  1.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6BAE954-487E-488B-BC4E-2E69E54E8117}" = Microsoft Works
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FC762E57-B09D-41AE-AA5F-3DAC3CBE453E}" = Nokia Ovi Application Installer
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Package de pilotes Windows - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"BelAtoutFr_is1" = Bel Atout 3.95
"Bible Verses Today Screen Module" = Bible Verses Today Screen Module
"Billiard Master 2" = Billiard Master 2
"CNetX Flash Format" = CNetX Flash Format
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"EPSON Scanner" = EPSON Scan
"ffdshow_is1" = ffdshow [rev 2975] [2009-05-28]
"Flight Buddy" = Flight Buddy
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Inkscape" = Inkscape 0.46
"InstallShield_{2A6282FF-B75B-463F-90F5-0A43732F690D}" = Broadcom Management Programs
"Li-Nuggz X-Mas" = Li-Nuggz X-Mas
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - fra" = Module linguistique Microsoft .NET Framework 3.5 - fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Power Toys for Pocket PCs" = Microsoft Power Toys for Pocket PCs
"Money2005b" = Microsoft Money
"MortScript" = MortScript
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Navio" = Navio
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3008
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3008
"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3008
"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3008
"NoniGPSPlot" = NoniGPSPlot
"OnlineBible" = La Bible Online E-M 10.10.05
"OUTLOOKR" = Microsoft Office Outlook 2007 Trial
"PhotoFiltre" = PhotoFiltre
"PocketDVDStudio" = Pocket-DVD Studio(remove only)
"Port Splitter" = Port Splitter
"QuicktimeAlt_is1" = QuickTime Alternative 2.8.0
"RealAlt_is1" = Real Alternative 1.9.0
"SFR_Kit" = SFR - Kit de connexion
"SLABCOMM&10C4&EA60" = CP210x USB to UART Bridge Controller
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TasksPlus" = TasksPlus
"Tomb Raider - Legend" = Tomb Raider - Legend 1.2
"Tomb Raider III" = Tomb Raider III
"Touch Commander_is1" = 3.2.5.10
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.3
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebPost" = Assistant Publication de sites Web Microsoft 1.53
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.41-3
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Works2004Setup" = Sélecteur d'installation de Microsoft Works 2004
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OnlineBible" = La Bible Online E-M 10.10.05
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 08/05/2010 15:57:35 | Computer Name = INSPIRON9100 | Source = pctsSvc.exe | ID = 0
Description =
 
Error - 08/05/2010 16:08:33 | Computer Name = INSPIRON9100 | Source = MsiInstaller | ID = 11706
Description = Produit : Nokia Ovi Suite -- Erreur 1706. Package d'installation pour
 le produit Nokia Ovi Suite introuvable. Réessayez d'exécuter Windows Installer
avec un package d'installation valide Nokia Ovi Suite.msi.
 
Error - 08/05/2010 17:17:52 | Computer Name = INSPIRON9100 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.
 
Error - 09/05/2010 02:17:36 | Computer Name = INSPIRON9100 | Source = Application Error | ID = 1000
Description = Application défaillante hijackthis.exe, version 2.0.0.2, module défaillant
 unknown, version 0.0.0.0, adresse de défaillance 0x00000000.
 
Error - 09/05/2010 02:17:41 | Computer Name = INSPIRON9100 | Source = Application Error | ID = 1001
Description = Détecteur d'erreurs 465847675.
 
Error - 09/05/2010 02:55:47 | Computer Name = INSPIRON9100 | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
 séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 avec l'erreur : The server name or address could not be resolved 
 
Error - 09/05/2010 02:55:47 | Computer Name = INSPIRON9100 | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
 séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 avec l'erreur : Cette connexion réseau n'existe pas. 
 
Error - 09/05/2010 02:55:48 | Computer Name = INSPIRON9100 | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
 séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 avec l'erreur : Cette connexion réseau n'existe pas. 
 
Error - 09/05/2010 02:55:49 | Computer Name = INSPIRON9100 | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
 séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 avec l'erreur : Cette connexion réseau n'existe pas. 
 
Error - 09/05/2010 09:43:18 | Computer Name = INSPIRON9100 | Source = MsiInstaller | ID = 11706
Description = Produit : Nokia Ovi Suite -- Erreur 1706. Package d'installation pour
 le produit Nokia Ovi Suite introuvable. Réessayez d'exécuter Windows Installer
avec un package d'installation valide Nokia Ovi Suite.msi.
 
[ OSession Events ]
Error - 24/01/2008 14:38:08 | Computer Name = INSPIRON9100 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 56
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 06/08/2009 13:54:20 | Computer Name = INSPIRON9100 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 06/08/2009 13:56:22 | Computer Name = INSPIRON9100 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 06/08/2009 13:56:42 | Computer Name = INSPIRON9100 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 14
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 06/08/2009 13:56:50 | Computer Name = INSPIRON9100 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 09/05/2010 07:27:52 | Computer Name = INSPIRON9100 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
 charger :   abp480n5  adpu160m  agpCPQ  Aha154x  aic78u2  aic78xx  AliIde  alim1541  amdagp  amsint
asc
asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde
 
Error - 09/05/2010 09:42:20 | Computer Name = INSPIRON9100 | Source = Service Control Manager | ID = 7000
Description = Le service AEGIS Protocol (IEEE 802.1x) v2.3.1.9 n'a pas pu démarrer
 en raison de l'erreur :   %%2
 
Error - 09/05/2010 09:42:20 | Computer Name = INSPIRON9100 | Source = Service Control Manager | ID = 7000
Description = Le service adfs n'a pas pu démarrer en raison de l'erreur :   %%2
 
Error - 09/05/2010 09:42:20 | Computer Name = INSPIRON9100 | Source = Service Control Manager | ID = 7000
Description = Le service MATLAB Server n'a pas pu démarrer en raison de l'erreur :
   %%3
 
Error - 09/05/2010 09:42:20 | Computer Name = INSPIRON9100 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
 charger :   abp480n5  adpu160m  agpCPQ  Aha154x  aic78u2  aic78xx  AliIde  alim1541  amdagp  amsint
asc
asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde
 
Error - 09/05/2010 09:44:44 | Computer Name = INSPIRON9100 | Source = DCOM | ID = 10010
Description = Le serveur {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} ne s'est pas enregistré
 sur DCOM avant la fin du temps imparti.
 
Error - 09/05/2010 12:40:35 | Computer Name = INSPIRON9100 | Source = Service Control Manager | ID = 7000
Description = Le service AEGIS Protocol (IEEE 802.1x) v2.3.1.9 n'a pas pu démarrer
 en raison de l'erreur :   %%2
 
Error - 09/05/2010 12:40:35 | Computer Name = INSPIRON9100 | Source = Service Control Manager | ID = 7000
Description = Le service adfs n'a pas pu démarrer en raison de l'erreur :   %%2
 
Error - 09/05/2010 12:40:35 | Computer Name = INSPIRON9100 | Source = Service Control Manager | ID = 7000
Description = Le service MATLAB Server n'a pas pu démarrer en raison de l'erreur :
   %%3
 
Error - 09/05/2010 12:40:35 | Computer Name = INSPIRON9100 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
 charger :   abp480n5  adpu160m  agpCPQ  Aha154x  aic78u2  aic78xx  AliIde  alim1541  amdagp  amsint
asc
asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde
 
 
< End of report >
zikkmu
Visiteur
Visiteur
 
Messages: 6
Inscription: 09 Mai 2010 18:31
 

Re: Desktop Security 2010

Message le 09 Mai 2010 19:59

OK fait ceci s.t.p

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case " Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

Code: Tout sélectionner
:OTL
PRC - c:\Documents and Settings\benjamin\Local Settings\Temp\atHh.exe ()   
PRC - c:\Documents and Settings\benjamin\Local Settings\Temp\hPPT.exe () 
 SRV - (matlabserver) -- File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O4 - HKLM\..\Run: [ApplicationMcAfee1001] c:\Documents and Settings\benjamin\Local Settings\Temp\tIgv.exe ()
O4 - HKLM\..\Run: [awtqposys] C:\WINDOWS\System32\khifgh.dll ()
O4 - HKLM\..\Run: [Emurayden PSX Emulator] File not found
O4 - HKLM\..\Run: [EoEngine] File not found   
O4 - HKLM\..\Run: [EoWeather] File not found
O4 - HKLM\..\Run: [InstallerMcAfee] C:\Documents and Settings\benjamin\Local Settings\Temp\hPPT.exe ()
O4 - HKLM\..\Run: [Installermcinst4300] c:\Documents and Settings\benjamin\Local Settings\Temp\dAAF.exe () 
O4 - HKLM\..\Run: [mcinstmcinst] c:\Documents and Settings\benjamin\Local Settings\Temp\atHh.exe ()   
O4 - HKCU\..\Run: [38p5rvurc884] C:\Documents and Settings\benjamin\Local Settings\Temp\m.29E.tmp.exe () 
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe File not found   
O4 - HKLM\..\RunServices: [Installermcinst] c:\Documents and Settings\benjamin\Local Settings\Temp\hPPT.exe () 
O4 - HKLM\..\RunServices: [mcinstInstaller] C:\Documents and Settings\benjamin\Local Settings\Temp\hPPT.exe ()   
O4 - HKLM\..\RunServices: [mcinstMcAfee] c:\Documents and Settings\benjamin\Local Settings\Temp\SmPm.exe ()
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)   




* Cliques sur l'icône Correction (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés


Ensuite j'ai un doute sur deux fichiers, donc fait les analysés ici s.t.p

: http://www.virustotal.com/fr/
Clique sur choisir un fichier et choisi ce dossier :


C:\WINDOWS\System32\khifgh.dll
C:\WINDOWS\System32\drivers\pxwgspoa.sys
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: Desktop Security 2010

Message le 09 Mai 2010 20:17

Voici le rapport ouvert après la correction d'OTL, il ne se nomme ni OTL, ni Extras mais 05092010_210354.log

Code: Tout sélectionner
========== OTL ==========
Process atHh.exe killed successfully!
Process hPPT.exe killed successfully!
Service matlabserver stopped successfully!
Service matlabserver deleted successfully!
File  File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-C39E-35F1D2A32EC8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}\ not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
c:\Documents and Settings\benjamin\Local Settings\Temp\tIgv.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
C:\WINDOWS\SYSTEM32\khifgh.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
C:\Documents and Settings\benjamin\Local Settings\Temp\hPPT.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
c:\Documents and Settings\benjamin\Local Settings\Temp\dAAF.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
c:\Documents and Settings\benjamin\Local Settings\Temp\atHh.exe moved successfully.
Registry key HKEY_CURRENT_USER\\Software\Microsoft\Windows\CurrentVersion\Run not found.
C:\Documents and Settings\benjamin\Local Settings\Temp\m.29E.tmp.exe moved successfully.
Registry key HKEY_CURRENT_USER\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\RunServices not found.
File c:\Documents and Settings\benjamin\Local Settings\Temp\hPPT.exe not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\RunServices not found.
File C:\Documents and Settings\benjamin\Local Settings\Temp\hPPT.exe not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\RunServices not found.
c:\Documents and Settings\benjamin\Local Settings\Temp\SmPm.exe moved successfully.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
 
OTL by OldTimer - Version 3.2.4.1 log created on 05092010_210354



Premier fichier avec virustotal

Code: Tout sélectionner
Fichier khifgh.dll reçu le 2010.05.09 19:10:08 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 6/41 (14.64%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: ___.
L'heure estimée de démarrage est entre ___ et ___ .
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:    
   
Antivirus    Version    Dernière mise à jour    Résultat
a-squared   4.5.0.50   2010.05.09   -
AhnLab-V3   2010.05.09.00   2010.05.08   -
AntiVir   8.2.1.236   2010.05.07   TR/Crypt.XPACK.Gen2
Antiy-AVL   2.0.3.7   2010.05.07   -
Authentium   5.2.0.5   2010.05.09   W32/Troj_Obfusc.O.gen!Eldorado
Avast   4.8.1351.0   2010.05.09   -
Avast5   5.0.332.0   2010.05.09   -
AVG   9.0.0.787   2010.05.09   -
BitDefender   7.2   2010.05.09   -
CAT-QuickHeal   10.00   2010.05.08   -
ClamAV   0.96.0.3-git   2010.05.09   -
Comodo   4800   2010.05.09   -
DrWeb   5.0.2.03300   2010.05.09   -
eSafe   7.0.17.0   2010.05.09   -
eTrust-Vet   35.2.7474   2010.05.07   -
F-Prot   4.5.1.85   2010.05.09   W32/Troj_Obfusc.O.gen!Eldorado
F-Secure   9.0.15370.0   2010.05.09   -
Fortinet   4.1.133.0   2010.05.09   -
GData   21   2010.05.09   -
Ikarus   T3.1.1.84.0   2010.05.09   -
Jiangmin   13.0.900   2010.05.09   -
Kaspersky   7.0.0.125   2010.05.09   -
McAfee   5.400.0.1158   2010.05.09   -
McAfee-GW-Edition   2010.1   2010.05.09   -
Microsoft   1.5703   2010.05.09   -
NOD32   5098   2010.05.09   -
Norman   6.04.12   2010.05.09   -
nProtect   2010-05-09.01   2010.05.09   -
Panda   10.0.2.7   2010.05.09   Suspicious file
PCTools   7.0.3.5   2010.05.07   -
Prevx   3.0   2010.05.09   -
Rising   22.46.06.04   2010.05.09   -
Sophos   4.53.0   2010.05.09   Sus/UnkPack-C
Sunbelt   6282   2010.05.09   Trojan.Win32.Obfusc.o.gen (v)
Symantec   20091.2.0.41   2010.05.09   -
TheHacker   6.5.2.0.277   2010.05.09   -
TrendMicro   9.120.0.1004   2010.05.09   -
TrendMicro-HouseCall   9.120.0.1004   2010.05.09   -
VBA32   3.12.12.4   2010.05.06   -
ViRobot   2010.5.8.2306   2010.05.08   -
VirusBuster   5.0.27.0   2010.05.09   -
Information additionnelle
File size: 90112 bytes
MD5...: 9839589b0d00c0a2abb4fc516a16e6db
SHA1..: 2a5b35e4f38bdce12d1a98ffdb256b3d08cd067c
SHA256: b9a16aaf0319231710b6113fef9b8424fbc2dc138a215394bb30c4cf4498be78
ssdeep: 1536:opwebCMnbBkli84/iGss5yObVbW+NNAb91ro6wyiT5waW4MqGBbM5:opwT+
14GsqBbWKAvhye4MqGBb0
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x0 (Thu Jan 01 00:00:00 1970)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7000 0x6e00 7.85 e5c28de47015a56b358a606c06ad0990
.rdata 0x8000 0x7000 0x6e00 7.82 0d2285bfe788067e240cdeb9a6ccc242
.data 0xf000 0x1000 0x1000 7.95 ce3e3985d9dcee95e0b66fc6f02eb428
.idata 0x10000 0x1000 0x800 4.38 abf440f908c43e9c15f09f17a857c59f
.rsrc 0x11000 0x7000 0x6800 5.75 145948aea9533bd6ed1427b13cb4fbde

( 5 imports )
> KERNEL32.dll: CloseHandle, DeleteFileA, ExitProcess, GetACP, GetCommandLineA, GetLastError, GetModuleHandleA, GetOEMCP, GetStartupInfoA, GetVersionExA, HeapAlloc, InterlockedIncrement, LoadLibraryA, LoadResource, OpenFileMappingA, RtlUnwind, SetLastError, WriteFile
> advapi32.dll: RegEnumKeyA, RegLoadKeyA, RegOpenKeyExA, RegQueryValueA, RegCloseKey
> wininet.dll: InternetSetOptionExA, InternetGetLastResponseInfoA, InternetQueryDataAvailable, InternetWriteFile, InternetGetCookieA, InternetCrackUrlA, InternetConnectA, InternetCloseHandle, HttpSendRequestA, HttpOpenRequestA, HttpAddRequestHeadersA, HttpQueryInfoA
> user32.dll: FillRect, MessageBoxA, EnableScrollBar, EnableMenuItem, DrawTextA, wsprintfA, CreateAcceleratorTableA
> shell32.dll: Shell_NotifyIconA, ShellExecuteExA, ShellExecuteA, SHGetPathFromIDListA, SHGetMalloc, SHGetFileInfoA, SHGetDesktopFolder

( 4 exports )
Ilegluf, Lqeytqlk, Msyorcqyf, Zqpgl
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:
publisher....:
copyright....: Copyright (C) 2002
product......: launch Application
description..: launch MFC Application
original name: launch.EXE
internal name: launch
file version.: 1, 0, 0, 1
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned



Deuxième fichier

Code: Tout sélectionner
Fichier pxwgspoa.sys reçu le 2010.05.09 19:12:10 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 2/41 (4.88%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 38 et 55 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:    
   
Antivirus    Version    Dernière mise à jour    Résultat
a-squared   4.5.0.50   2010.05.09   -
AhnLab-V3   2010.05.09.00   2010.05.08   -
AntiVir   8.2.1.236   2010.05.07   -
Antiy-AVL   2.0.3.7   2010.05.07   -
Authentium   5.2.0.5   2010.05.09   -
Avast   4.8.1351.0   2010.05.09   -
Avast5   5.0.332.0   2010.05.09   -
AVG   9.0.0.787   2010.05.09   -
BitDefender   7.2   2010.05.09   -
CAT-QuickHeal   10.00   2010.05.08   -
ClamAV   0.96.0.3-git   2010.05.09   -
Comodo   4800   2010.05.09   -
DrWeb   5.0.2.03300   2010.05.09   -
eSafe   7.0.17.0   2010.05.09   Win32.TrojanHorse
eTrust-Vet   35.2.7474   2010.05.07   -
F-Prot   4.5.1.85   2010.05.09   -
F-Secure   9.0.15370.0   2010.05.09   -
Fortinet   4.1.133.0   2010.05.09   -
GData   21   2010.05.09   -
Ikarus   T3.1.1.84.0   2010.05.09   -
Jiangmin   13.0.900   2010.05.09   -
Kaspersky   7.0.0.125   2010.05.09   -
McAfee   5.400.0.1158   2010.05.09   -
McAfee-GW-Edition   2010.1   2010.05.09   -
Microsoft   1.5703   2010.05.09   -
NOD32   5098   2010.05.09   -
Norman   6.04.12   2010.05.09   -
nProtect   2010-05-09.01   2010.05.09   -
Panda   10.0.2.7   2010.05.09   -
PCTools   7.0.3.5   2010.05.07   -
Prevx   3.0   2010.05.09   High Risk Cloaked Malware
Rising   22.46.06.04   2010.05.09   -
Sophos   4.53.0   2010.05.09   -
Sunbelt   6282   2010.05.09   -
Symantec   20091.2.0.41   2010.05.09   -
TheHacker   6.5.2.0.277   2010.05.09   -
TrendMicro   9.120.0.1004   2010.05.09   -
TrendMicro-HouseCall   9.120.0.1004   2010.05.09   -
VBA32   3.12.12.4   2010.05.06   -
ViRobot   2010.5.8.2306   2010.05.08   -
VirusBuster   5.0.27.0   2010.05.09   -
Information additionnelle
File size: 54016 bytes
MD5...: e6d35f3aa51a65eb35c1f2340154a25e
SHA1..: aabbd57e20d2e7041f9e7abce6cfd8a53c366537
SHA256: 3da4f51682e7d42c5569f1fb1adc6295182962e36f748219e1d0c8f2389ba516
ssdeep: 768:Bosx0q2ph6P2Jpz8ftoSUiJP7hYTCMrhwYKUzY4q:j076P2Jpz8ftBUMPaCM
rhwY
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xc505
timedatestamp.....: 0x4a9ee5b5 (Wed Sep 02 21:37:57 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0xbd9f 0xbe00 5.83 9474f39576a0e15bdbaa2ea3355f0a4a
.rdata 0xc280 0x126 0x180 3.78 375b710d9f213cfced30e9fdb29567e1
.data 0xc400 0xc0 0x100 0.33 786971ca2b109729eda604b44d6c72ad
INIT 0xc500 0x3c8 0x400 5.20 eea49a93a73afb6afc178455582133c6
.reloc 0xc900 0x9ec 0xa00 6.62 bddd5a40c508bfc84ec87de5f8e6a5d3

( 1 imports )
> ntoskrnl.exe: ZwWriteFile, RtlUpcaseUnicodeChar, ZwClose, ZwCreateFile, RtlInitUnicodeString, _wcsicmp, ZwQueryValueKey, ZwOpenKey, ZwDeleteKey, swprintf, ZwEnumerateKey, ExFreePoolWithTag, DbgPrint, ExAllocatePool, RtlPrefixUnicodeString, memcpy, RtlDeleteRegistryValue, ZwSetValueKey, RtlWriteRegistryValue, ZwEnumerateValueKey, ZwSetInformationFile, ZwQueryInformationFile, ZwQueryDirectoryFile, ZwOpenFile, KeTickCount, KeBugCheck, MmGetSystemRoutineAddress, ZwFlushKey, PsTerminateSystemThread, KeSetPriorityThread, KeGetCurrentThread, RtlCheckRegistryKey, KeDelayExecutionThread, ZwReadFile, PsCreateSystemThread, PsGetVersion, KeBugCheckEx

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Clipper DOS Executable (33.3%)
Generic Win/DOS Executable (33.0%)
DOS Executable Generic (33.0%)
VXD Driver (0.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=CB99356A002065F7D3EC001ED8409400D9D04283' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=CB99356A002065F7D3EC001ED8409400D9D04283</a>
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned


Merci encore
zikkmu
Visiteur
Visiteur
 
Messages: 6
Inscription: 09 Mai 2010 18:31
 

Re: Desktop Security 2010

Message le 09 Mai 2010 20:24

OK très peu de suspicions pour les deux fichiers donc on les gardes.

Comment va ton maintenant!
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: Desktop Security 2010

Message le 09 Mai 2010 20:27

bernard53 a écrit:OK très peu de suspicions pour les deux fichiers donc on les gardes.

Comment va ton maintenant!


Ton ordi, je suppose?

Ben ça va bien, mais j'ai bien peur qu'en redémarrant ce ne soit reparti comme en 40!
zikkmu
Visiteur
Visiteur
 
Messages: 6
Inscription: 09 Mai 2010 18:31
 

Re: Desktop Security 2010

Message le 09 Mai 2010 20:28

Redémarres le pc et dis moi s.t.p
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: Desktop Security 2010

Message le 09 Mai 2010 20:42

PC redémarré, aucun signe de cette saloperie de Desktop Security 2010!!

MERCI BEAUCOUP

Je pense me séparer de McAfee qui n'a toujours rien vu...
zikkmu
Visiteur
Visiteur
 
Messages: 6
Inscription: 09 Mai 2010 18:31
 

Re: Desktop Security 2010

Message le 10 Mai 2010 06:25

super :wink:

Refait un passage avec malewarebytes par précaution en scan complet.

Par contre tu sais beaucoup d'autres Antivirus payant comme gratuit on laisser passer cet intrus. Si tu as payer pour "McAfee" dommage de tant séparer.
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: Desktop Security 2010

Message le 10 Mai 2010 06:36

Je vais attendre que McAfee arrive à son terme et essayer Avast.

J'ai à nouveau fait un scan complet avec malewarebytes et il a trouvé un petit Trojan que j'ai ssuprimé.

Maleware est le seul à le voir ce machin, donc peut être vais-je m'équiper de sa version protection en temps réel.

En tout cas merci encore!!
zikkmu
Visiteur
Visiteur
 
Messages: 6
Inscription: 09 Mai 2010 18:31
 

Re: Desktop Security 2010

Message le 10 Mai 2010 06:41

Très bien, il est vrai que MalwaresBytes est super.

Fait ceci pour supprimer les logiciels qui ont servis à cette désinfection.
>> Télécharge ToolsCleaner (de A.Rothstein & dj QUIOU) http://pc-system.fr/TC/ToolsCleaner2.exe

>> Double-clique dessus pour lancer le programme

>> Clique sur Recherche et laisse le scan se terminer (il peut durer une dizaine de minutes au maximum).

>> Une fois la recherche lancée, ne clique pas dans la fenêtre, cela provoquerait un léger bug du programme.

>> Si toutes fois la mention (ne réponds pas) apparaissait dans le titre de la fenêtre ToolsCleaner, ne t'en occupes pas et laisse quand même le programme terminer son travail

** Clique sur Suppression pour finaliser.

• Tu peux, si tu le souhaites, te servir des Options facultatives.

**Poste-moi le rapport qui apparait



Puis::

Maintenant on va mettre la restauration du système propre.

Cliquez avec le bouton droit sur l'icône Poste de travail, puis cliquez sur Propriétés
ou touche "Windows+Pause"
Cliquez sur l'onglet Restauration du système

Sélectionnez Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs.

Cliquez sur Appliquer puis OUI dans la fenêtre suivante.

Attendre quelques instants puis :

activer la restauration du système de nouveau.


Cliquez avec le bouton droit sur Poste de travail, puis cliquez sur Propriétés
ou touche "Windows+Pause"
Cliquez sur l'onglet Restauration du système

Désélectionnez Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs»

Maintenant on crée un nouveau point de restauration.

Démarrer—Exécuter—ou touche "Windows+R" et tapes:
%SystemRoot%\System32\restore\rstrui.exe


Puis coche " Créer un point de restauration" que tu nommes PC- Clean. Valide.

Vous pouvez maintenant fermer toutes les fenêtres.



Bonne journée
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 



Sujets similaires

Message PROBLEME CONVERSATION DOC WORD 2010 TO PDF
Amis,mon probleme c'est qu'on j'essaie de convertir un document word 2010 en PDF , mon document word 2010 se déforme ,alors lorsque j'entre dans office boutton et je choisis enregister sous pdf ou partager ( puis créer en pdf /XPS document ) je reçois un document déformé !! le meme probleme persiste ...
Réponses: 3

Message format sous exel 2010
Bonjour, j'aimerai savoir comment je peux savoir, lorsque je fais une feuille de calcul sous Exel 2010, si elle sortira en un seul morceau à l'impression (imprimante standard A4) ? Merci d'avance.
Réponses: 7

Message office 2010
Bonjour est il possible de trouver office 2010 ("d'occassion") à l'achat aujourd'hui ? Et si oui où. Merci.
Réponses: 4

Message Alternative à Microsoft Security Essential ou Defender
Bonjour,Est-ce que MSE ou Defender sur W10 sont des antivirus efficaces ?Sinon quelle alternative à ces produits ? Merci
Réponses: 3

Message Récupération de données Outlook 2010
Mon ordi de bureau ne fonctionnant plus j'ai récupéré mes données en branchant mon DD sur mon portable par connection USB. Pour mes données Outlook je n'ai pas trouvé comment faire pour récupérer mes données du DD dans Outlook du portable. Comment faut-il faire ? Merci de me dépanner.
Réponses: 1

Message Nouveau pc, desktop lag completement
Bonjour, j'ai récemment construit mon propre Pc et apres avoir installer Windows et quelque autre logiciel essentiel, j'ai commencé à avoir un problème avec mon Widows qui lag complètement. Je peux à peine déplacer mes icônes, faire des sélections avec le click droit enfoncer et je sens même que cer ...
Réponses: 1

Message [Outlook 2010] Spam
Bonjour à tous et à toutesJe fais un post pour vous demander un peu d'aide.J'ai une collègue qui utilise outlook 2010, et elle reçoit beaucoup de courrier en spam.Mais ce courrier n'est souvent pas du spam.Des personnes à qui elle envoie des e-mails, ou qui lui en envoie depuis longtemps sont mainte ...
Réponses: 3


Qui est en ligne

Utilisateurs parcourant ce forum: Bing [Bot] et 5 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.