Il y a actuellement 460 visiteurs
Dimanche 22 Décembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

[Réglé] cheval de troie impossible a nettoyer

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

[Réglé] cheval de troie impossible a nettoyer

Message le 30 Oct 2011 11:13

Bonjour

Donc j ai une amie qui ma appeler pour me dire quel avait un probleme avec son pc !!
au départ il n avait plus rien a part le DEMARRER , donc j ai fait une recherche via l'USB en mettant Eset .
il ma trouver 5 virus donc le premier le cheval de troie

Image
( le lien au cas ou )
http://imageshack.us/f/593/capturedecranmemoireviv.png/

( mémoire vive - une variante de Win32\Olmasco.O , cheval de troie - Impossible a nettoyer )
deux virus sur le systeme 32
et un trojan ainsi qu un autre !!
donc j ai reussi a retirer les 4 virus , mais il reste le Cheval de troie !!
j ai du refaire l ordi , car je n avais acces a rien !!

j ai utiliser ComboFix
et
Malwarebytes's
Mais rien n y fait !!

plus aucune solutions :oops:

la configuration de son pc ..


RésuméInformations générales
Version du plugin 5.1.5.0

Version de la base 19

Date de la détection 30/10/2011 11:07

Nom de la machine nom-b6390cadfae

Modules
Système d'exploitation Windows XP Edition familliale (build 2600) Service Pack 3
Navigateur web par défaut: Internet Explorer
Client e-mail par défaut: Microsoft Office Outlook
Client de groupes de discussion par défaut: Outlook Express
Antivirus: ESET NOD32 Antivirus 4.2 4.2

Carte mère SMBios version 2.4
MICRO-STAR INTERNATIONAL CO., LTD U-100 Ver.001
Bios: American Megatrends Inc. 4.6.3 07/16/2008 taille: 1024Kb


Chipset Northbridge: Intel i945GSE
Southbridge: Intel 82801GHM (ICH7-M/U)


Processeur Intel Atom N270 Diamondville Socket 437 FCBGA8 (@45 nm) 1600 Mhz ( L1I: 32 Ko, L1D: 24 Ko, L2: 512 Ko )


Mémoire Mémoire physique totale: 1014 Mo, Type: DDR2, @266.0MHz, 4.0-4-4-12--1T


Carte Graphique Intel i945GME
Intel i945GME


Périphériques ATA WDC WD1600BEVT-22ZCT0 11.01A11 (SATA II, 149.05 Go, Cache: 8 Mo)


Disque dur WDC WD1600BEVT-22ZCT0


Cartes PCI/AGP Stockage
Intel Corporation:82801GBM/GHM (ICH7 Family) SATA IDE Controller:

Réseau
Realtek Semiconductor Co., Ltd.:RTL8101E/RTL8102E PCI Express Fast Ethernet controller:
Ralink corp.:RT2860:

Affichage
Intel Corporation:Mobile 945GME Express Integrated Graphics Controller:
Intel Corporation:Mobile 945GM/GMS/GME, 943/940GML Express Integrated Graphics Controller:

Multimédia
Intel Corporation:N10/ICH 7 Family High Definition Audio Controller:

Ponts
Intel Corporation:Mobile 945GME Express Memory Controller Hub:
Intel Corporation:N10/ICH 7 Family PCI Express Port 1
Intel Corporation:N10/ICH 7 Family PCI Express Port 2
Intel Corporation:82801 Mobile PCI Bridge
Intel Corporation:82801GBM (ICH7-M) LPC Interface Bridge:

Bus Séries
Intel Corporation:N10/ICH 7 Family USB UHCI Controller #1:
Intel Corporation:N10/ICH 7 Family USB UHCI Controller #2:
Intel Corporation:N10/ICH 7 Family USB UHCI Controller #3:
Intel Corporation:N10/ICH 7 Family USB UHCI Controller #4:
Intel Corporation:N10/ICH 7 Family USB2 EHCI Controller:
Intel Corporation:N10/ICH 7 Family SMBus Controller:


Périphérique USB Realtek Semiconductor Corp. USB 2.0 multicard reader (Realtek Card Reader(0158))


Clavier Clavier standard 101/102 touches ou clavier Microsoft Natural Keyboard PS/2


Souris Souris Microsoft PS/2


Ecran(s) Écran Plug-and-Play(CPT )
Écran Plug-and-Play(CPT )
Écran Plug-and-Play(CPT )


Voila si quelqu un a une idées je suis toute oui !!

merci
Avatar de l'utilisateur
nana-lyly
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 29
Inscription: 18 Oct 2011 11:24
 


Re: cheval de troie impossible a nettoyer Help

Message le 30 Oct 2011 11:42

Bonjour , :)

On va vérifier cela...

Image Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"

%temp%\smtmp\1\*.* /s
%temp%\smtmp\2\*.* /s
%temp%\smtmp\4\*.* /s
NetSvcs
%systemroot%\system32\drivers\*.sys /lockedfiles
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
netsvcs
/md5start
dwm.exe
taskhost.exe
taskeng.exe
wscntfy.exe
ctfmon.exe
rdpclip.exe
volsnap.sys
sptd.sys
explorer.exe
userinit.exe
winlogon.exe
wininit.exe
tcpip.sys
Sfloppy.sys
Changer.sys
cdrom.sys
disk.sys
ndis.sys
usbscan.sys
usbprint.sys
tdtcp.sys
tdpipe.sys
swmidi.sys
splitter.sys
rdpwd.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
RASACD.SYS
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles


* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( réduit dans la barre des taches).
* Copie et colle les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL

Bonne journée ! ;)
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Re: cheval de troie impossible a nettoyer Help

Message le 30 Oct 2011 12:06

pour l extra

Code: Tout sélectionner
OTL Extras logfile created on: 30/10/2011 12:05:36 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Documents and Settings\Sandra\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
1013,23 Mb Total Physical Memory | 482,94 Mb Available Physical Memory | 47,66% Memory free
2,38 Gb Paging File | 1,95 Gb Available in Paging File | 81,82% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,07 Gb Total Space | 28,12 Gb Free Space | 71,99% Space Free | Partition Type: NTFS
Drive D: | 106,07 Gb Total Space | 105,94 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Drive E: | 963,50 Mb Total Space | 961,00 Mb Free Space | 99,74% Space Free | Partition Type: FAT32
 
Computer Name: NOM-B6390CADFAE | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp
"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- (CybelSoft)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1DEBA687-2E7D-4372-8285-F356B3FD1588}" = Ma-Config.com
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2F19DC5A-D3F6-4D0F-82B3-9E2A72318896}" = ESET NOD32 Antivirus
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (French) 12
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{9AE395DB-6BC3-4CA9-B894-351CB8DE915A}" = BurnRecovery
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D10CB652-9332-4242-B7A9-2D61570144F7}" = USB 2.0 Card Reader
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"4E1F54FAB25DB3EE9094949BF3DFDCF6E1CF07E6" = Windows Driver Package - Realtek (rtl8187Se) Net  (07/10/2008 5.9067.0710.2008)
"E0E22E828DBDB1F29F3D91CF328727F39AF8062B" = Windows Driver Package - Atheros (AR5416) Net  (04/08/2008 7.6.0.200)
"E920DD3E0FC6CCFF23A10B3AF7C6DC99BA39648C" = Windows Driver Package - Ralink Technology, Corp. (RT80x86) Net  (05/19/2008 1.01.03.0000)
"Eazel-FR Toolbar" = Eazel-FR Toolbar
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"PROHYBRIDR" = 2007 Microsoft Office system
"WinRAR archiver" = WinRAR archiver
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 29/10/2011 16:06:22 | Computer Name = NOM-B6390CADFAE | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs -1692901061.
 
Error - 29/10/2011 16:06:24 | Computer Name = NOM-B6390CADFAE | Source = Application Hang | ID = 1002
Description = Application bloquée mbam.exe, version 1.51.0.1118, module bloqué hungapp,
 version 0.0.0.0, adresse de blocage 0x00000000.
 
Error - 29/10/2011 16:06:26 | Computer Name = NOM-B6390CADFAE | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs -1692901061.
 
Error - 29/10/2011 16:06:28 | Computer Name = NOM-B6390CADFAE | Source = Application Hang | ID = 1002
Description = Application bloquée mbam.exe, version 1.51.0.1118, module bloqué hungapp,
 version 0.0.0.0, adresse de blocage 0x00000000.
 
Error - 29/10/2011 16:06:30 | Computer Name = NOM-B6390CADFAE | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs -1692901061.
 
Error - 30/10/2011 07:01:12 | Computer Name = NOM-B6390CADFAE | Source = Application Hang | ID = 1002
Description = Application bloquée OTL.exe, version 3.2.31.0, module bloqué hungapp,
 version 0.0.0.0, adresse de blocage 0x00000000.
 
Error - 30/10/2011 07:01:16 | Computer Name = NOM-B6390CADFAE | Source = Application Hang | ID = 1002
Description = Application bloquée OTL.exe, version 3.2.31.0, module bloqué hungapp,
 version 0.0.0.0, adresse de blocage 0x00000000.
 
Error - 30/10/2011 07:01:16 | Computer Name = NOM-B6390CADFAE | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs -1642434152.
 
Error - 30/10/2011 07:01:20 | Computer Name = NOM-B6390CADFAE | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs -1642434152.
 
Error - 30/10/2011 07:02:44 | Computer Name = NOM-B6390CADFAE | Source = Application Hang | ID = 1002
Description = Application bloquée OTL.exe, version 3.2.31.0, module bloqué hungapp,
 version 0.0.0.0, adresse de blocage 0x00000000.
 
[ System Events ]
Error - 29/10/2011 14:04:05 | Computer Name = NOM-B6390CADFAE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\NIS2008\Setup\Setup\OPC\cltUAC.exe.
Message
 d'erreur de référence : Opération réussie.  .
 
Error - 29/10/2011 14:04:13 | Computer Name = NOM-B6390CADFAE | Source = SideBySide | ID = 16842784
Description = L'assemblage dépendant Microsoft.VC80.CRT ne peut pas être trouvé.
 La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.

 
Error - 29/10/2011 14:04:13 | Computer Name = NOM-B6390CADFAE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly a échoué pour Microsoft.VC80.CRT.  Message
d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.
 
Error - 29/10/2011 14:04:13 | Computer Name = NOM-B6390CADFAE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\NIS2008\Support\uiNPC\uiNPC\NPC\isUAC.exe.
Message
 d'erreur de référence : Opération réussie.  .
 
Error - 29/10/2011 14:37:39 | Computer Name = NOM-B6390CADFAE | Source = Service Control Manager | ID = 7034
Description = Le service Micro Star SCM s'est terminé de façon inattendue pour la
 1ème fois.
 
Error - 29/10/2011 15:09:38 | Computer Name = NOM-B6390CADFAE | Source = Service Control Manager | ID = 7034
Description = Le service Micro Star SCM s'est terminé de façon inattendue pour la
 1ème fois.
 
Error - 29/10/2011 16:03:16 | Computer Name = NOM-B6390CADFAE | Source = Service Control Manager | ID = 7000
Description = Le service MBAMSwissArmy n'a pas pu démarrer en raison de l'erreur :
   %%2
 
Error - 29/10/2011 16:31:05 | Computer Name = NOM-B6390CADFAE | Source = sr | ID = 1
Description = Le filtre de restauration du système à rencontré l'erreur inattendue
 '0xC0000001' pendant le traitement du fichier '' sur le volume 'HarddiskVolume2'.
 Ceci a entraîné l'arrêt de la surveillance du volume.
 
Error - 30/10/2011 06:52:01 | Computer Name = NOM-B6390CADFAE | Source = NtServicePack | ID = 921877
Description = L'installation du Windows XP KB2393802 a échoué. Une erreur interne
 s'est produite. 
 
Error - 30/10/2011 06:52:02 | Computer Name = NOM-B6390CADFAE | Source = Windows Update Agent | ID = 20
Description = Échec de l'installation : l'installation de la mise à jour suivante
 a échoué avec l'erreur 0x8007054f : Mise à jour de sécurité pour Windows XP (KB2393802).
 
 
< End of report >




et pour OTL

Code: Tout sélectionner
OTL logfile created on: 30/10/2011 12:05:36 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Documents and Settings\Sandra\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
1013,23 Mb Total Physical Memory | 482,94 Mb Available Physical Memory | 47,66% Memory free
2,38 Gb Paging File | 1,95 Gb Available in Paging File | 81,82% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,07 Gb Total Space | 28,12 Gb Free Space | 71,99% Space Free | Partition Type: NTFS
Drive D: | 106,07 Gb Total Space | 105,94 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Drive E: | 963,50 Mb Total Space | 961,00 Mb Free Space | 99,74% Space Free | Partition Type: FAT32
 
Computer Name: NOM-B6390CADFAE | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Documents and Settings\Sandra\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)
PRC - C:\Program Files\System Control Manager\MSIService.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - C:\Program Files\System Control Manager\MGKBHook.dll ()
MOD - C:\Program Files\System Control Manager\MSIService.exe ()
MOD - C:\Program Files\System Control Manager\MSIWmiAcpi.dll ()
MOD - C:\Program Files\WinRAR 3.61 Multi\RarExt.dll ()
MOD - C:\WINDOWS\system32\TosCommAPI.dll ()
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (HidServ) --  File not found
SRV - (AppMgmt) --  File not found
SRV - (maconfservice) -- C:\Program Files\ma-config.com\maconfservice.exe (CybelSoft)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (Micro Star SCM) -- C:\Program Files\System Control Manager\MSIService.exe ()
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (AntiAries) -- C:\WINDOWS\system32\drivers\RKL330.tmp.sys (Lavasoft AB)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (driverhardwarev2) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (CybelSoft)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (rtl8187Se) -- C:\WINDOWS\system32\drivers\rtl8187Se.sys (Realtek Semiconductor Corporation                           )
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RTS5121.sys (Realtek Semiconductor Corporation)
DRV - (RT80x86) -- C:\WINDOWS\system32\drivers\rt2860.sys (Ralink Technology, Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ULCDRHlp) -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys (Ulead Systems, Inc.)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw
 
IE - HKU\S-1-5-21-77741532-2183571156-2852241321-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2095689
IE - HKU\S-1-5-21-77741532-2183571156-2852241321-1005\..\URLSearchHook: {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\prxtbEaz0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-77741532-2183571156-2852241321-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/10/29 19:32:13 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Eazel-FR Toolbar) - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\prxtbEaz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Eazel-FR Toolbar) - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\prxtbEaz0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-77741532-2183571156-2852241321-1005\..\Toolbar\WebBrowser: (Eazel-FR Toolbar) - {A8F9752D-E2B8-4E7A-86B5-499F4330E2FE} - C:\Program Files\Eazel-FR\prxtbEaz0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Mise à jour des licences ESET.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe (GuillerSoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-77741532-2183571156-2852241321-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-77741532-2183571156-2852241321-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-77741532-2183571156-2852241321-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C6288C3-F3BD-449F-8552-0D6010F2D1E8}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Wall Paper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Wall Paper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/08 08:48:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/10/18 19:33:49 | 000,000,000 | -H-- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{c3c6463b-025b-11e1-9b2a-002185b62c1f}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Lecteur Windows Media Microsoft 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Mise à jour de sécurité pour Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.dvacm - C:\Program Files\Fichiers communs\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
File not found -- C:\Documents and Settings\Sandra\Bureau\CAWT8RC7.
[2011/10/30 11:57:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sandra\Bureau\OTL.exe
[2011/10/30 11:25:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Local Settings\Application Data\ConduitEngine
[2011/10/30 11:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/10/30 11:22:29 | 000,007,680 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\RKL330.tmp.sys
[2011/10/30 11:22:18 | 000,007,680 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\RKL32F.tmp.sys
[2011/10/30 11:20:35 | 000,007,680 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\RKL30C.tmp.sys
[2011/10/30 11:19:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Local Settings\Application Data\Conduit
[2011/10/30 11:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\Eazel-FR
[2011/10/30 11:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Local Settings\Application Data\Eazel-FR
[2011/10/30 11:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/10/30 11:06:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ma-config.com
[2011/10/30 11:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\ma-config.com
[2011/10/30 11:06:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2011/10/30 11:02:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sandra\PrivacIE
[2011/10/30 11:01:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sandra\IETldCache
[2011/10/30 10:58:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/10/30 10:57:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/10/30 10:56:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/10/30 10:52:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/10/30 10:52:09 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/10/30 10:52:01 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/10/30 10:51:59 | 002,000,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/10/30 10:51:55 | 011,081,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011/10/30 10:50:57 | 017,001,840 | ---- | C] (Microsoft Corporation) -- C:\IE8-WindowsXP-x86-FRA.exe
[2011/10/30 10:41:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Mes documents\Mes fichiers reçus
[2011/10/30 10:40:16 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2011/10/30 03:13:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\RE_DRIVE
[2011/10/29 21:41:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/10/29 21:41:02 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2011/10/29 21:41:02 | 000,017,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/10/29 21:41:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/10/29 21:38:49 | 000,000,000 | --SD | C] -- C:\CAWT8RC715447C
[2011/10/29 21:35:32 | 000,000,000 | --SD | C] -- C:\CAWT8RC732422C
[2011/10/29 21:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data\Malwarebytes
[2011/10/29 21:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2011/10/29 21:02:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/29 21:02:19 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/29 21:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/29 20:04:56 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2011/10/29 20:04:56 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2011/10/29 20:04:40 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/10/29 20:03:10 | 000,000,000 | --SD | C] -- C:\CAWT8RC7610C
[2011/10/29 19:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/10/29 19:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Java
[2011/10/29 19:35:27 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/10/29 19:35:27 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/10/29 19:35:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/10/29 19:35:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/10/29 19:35:27 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/10/29 19:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/10/29 19:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data\Sun
[2011/10/29 19:33:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/29 19:32:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ESET
[2011/10/29 19:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/29 19:32:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/10/29 19:31:34 | 000,000,000 | ---D | C] -- C:\TEMP
[2011/10/29 19:31:30 | 000,000,000 | ---D | C] -- C:\Sun
[2011/10/29 19:31:21 | 016,561,952 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\java-6u23-windows-i586.exe
[2011/10/29 19:30:57 | 000,391,800 | ---- | C] (GuillerSoft) -- C:\Program Files\-MiNODLogin.exe
[2011/10/29 19:27:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/29 19:27:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/29 19:23:41 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Sandra\Application Data\Microsoft
[2011/10/29 19:23:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sandra\Application Data
[2011/10/29 19:23:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandra\Favoris
[2011/10/29 19:23:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sandra\Cookies
[2011/10/29 19:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Local Settings\Application Data\Toshiba
[2011/10/29 19:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Local Settings\Application Data\Microsoft Help
[2011/10/29 19:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Local Settings\Application Data\Microsoft
[2011/10/29 19:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data\InstallShield
[2011/10/29 19:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data\Identities
[2011/10/29 19:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Bureau
[2011/10/29 19:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Local Settings\Application Data\Adobe
[2011/10/29 19:23:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sandra\SendTo
[2011/10/29 19:23:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sandra\Recent
[2011/10/29 19:23:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandra\Mes documents\Mes images
[2011/10/29 19:23:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandra\Mes documents
[2011/10/29 19:23:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandra\Menu Démarrer
[2011/10/29 19:23:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandra\Mes documents\Ma musique
[2011/10/29 19:23:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandra\Menu Démarrer\Programmes\Démarrage
[2011/10/29 19:23:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandra\Menu Démarrer\Programmes\Accessoires
[2011/10/29 19:23:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sandra\Voisinage réseau
[2011/10/29 19:23:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sandra\Voisinage d'impression
[2011/10/29 19:23:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sandra\Modèles
[2011/10/29 19:23:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sandra\Local Settings
[2011/10/29 19:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Menu Démarrer\Programmes\WinRAR
[2011/10/29 19:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Mes documents\Bluetooth
[2011/10/29 19:23:23 | 000,000,000 | --SD | C] -- C:\CAWT8RC7
[2011/10/29 19:20:37 | 000,625,792 | R--- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2860.sys
[2011/10/29 19:20:16 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/10/29 19:14:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandra\Menu Démarrer\Programmes\Outils d'administration
[2011/10/29 19:14:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandra\Mes documents\Mes vidéos
[2011/10/29 19:14:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\Mes vidéos
[2011/10/29 19:12:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/29 19:10:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/29 18:44:23 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Sandra\UserData
[2011/10/29 18:37:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
File not found -- C:\Documents and Settings\Sandra\Bureau\CAWT8RC7.
[2011/10/30 11:56:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandra\Bureau\OTL.exe
[2011/10/30 11:56:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/30 11:56:21 | 1062,526,976 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/30 11:55:32 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/30 11:22:29 | 000,007,680 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\RKL330.tmp.sys
[2011/10/30 11:22:18 | 000,007,680 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\RKL32F.tmp.sys
[2011/10/30 11:20:35 | 000,007,680 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\RKL30C.tmp.sys
[2011/10/30 11:06:41 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Démarrer la détection.lnk
[2011/10/30 11:01:26 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk
[2011/10/30 11:00:57 | 000,288,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/30 10:51:02 | 017,001,840 | ---- | M] (Microsoft Corporation) -- C:\IE8-WindowsXP-x86-FRA.exe
[2011/10/29 21:02:25 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/10/29 19:36:06 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Mise à jour des licences ESET.lnk
[2011/10/29 19:36:06 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mise à jour des licences ESET.lnk
[2011/10/29 19:35:04 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/10/29 19:35:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/10/29 19:35:03 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/10/29 19:35:03 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/10/29 19:35:03 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/10/29 19:33:38 | 000,000,332 | RHS- | M] () -- C:\boot.ini
[2011/10/29 19:23:54 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\Sandra\Bureau\Lecteur Windows Media.lnk
[2011/10/29 19:23:53 | 000,368,314 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2011/10/29 19:23:53 | 000,311,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/29 19:23:53 | 000,049,054 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2011/10/29 19:23:53 | 000,040,326 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/29 19:23:24 | 000,001,211 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/10/29 19:23:17 | 000,000,216 | ---- | M] () -- C:\Boot.bak
[2011/10/29 19:21:39 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2011/10/29 19:20:48 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/10/29 19:20:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/03 09:34:10 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/10/30 11:06:41 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Démarrer la détection.lnk
[2011/10/29 21:02:24 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/10/29 19:33:42 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Mise à jour des licences ESET.lnk
[2011/10/29 19:33:42 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mise à jour des licences ESET.lnk
[2011/10/29 19:33:36 | 000,000,216 | ---- | C] () -- C:\Boot.bak
[2011/10/29 19:33:25 | 000,263,488 | RHS- | C] () -- C:\cmldr
[2011/10/29 19:30:57 | 043,329,024 | ---- | C] () -- C:\Program Files\eav_nt32_fra.msi
[2011/10/29 19:23:54 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\Sandra\Bureau\Lecteur Windows Media.lnk
[2011/10/29 19:23:41 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Sandra\Menu Démarrer\Programmes\Assistance à distance.lnk
[2011/10/29 19:23:41 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk
[2011/10/29 19:23:41 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\Sandra\Menu Démarrer\Programmes\Internet Explorer.lnk
[2011/10/29 19:23:41 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Sandra\Menu Démarrer\Programmes\Lecteur Windows Media.lnk
[2011/10/29 19:23:41 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\Sandra\Menu Démarrer\Programmes\Outlook Express.lnk
[2011/10/29 19:23:41 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureau.scf
[2011/10/29 19:20:48 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/10/29 19:19:26 | 1062,526,976 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/12 04:35:44 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2007/12/21 16:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/03/08 16:30:09 | 000,001,188 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/03/08 16:30:06 | 000,368,314 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2005/03/08 16:30:06 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2005/03/08 16:30:06 | 000,049,054 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2005/03/08 16:30:06 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2005/03/08 16:30:01 | 000,311,938 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/03/08 16:30:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/03/08 16:30:01 | 000,040,326 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/03/08 16:30:01 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/03/08 16:30:01 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/03/08 16:30:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/08 16:30:00 | 000,004,628 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/03/08 16:30:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/03/08 16:29:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/03/08 16:29:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/03/08 16:29:57 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/03/08 16:29:55 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2005/03/08 12:27:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/08 11:40:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2005/03/08 10:48:39 | 006,184,960 | R--- | C] () -- C:\WINDOWS\System32\RTS5121icon.dll
[2005/03/08 10:38:53 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/03/08 10:32:04 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2005/03/08 09:39:58 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/03/08 09:38:58 | 000,288,496 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/08 08:50:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/03/08 08:45:49 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011/10/29 19:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/10/30 11:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2005/03/08 11:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %temp%\smtmp\1\*.* /s >[/color]
 
[color=#A23BEC]< %temp%\smtmp\2\*.* /s >[/color]
 
[color=#A23BEC]< %temp%\smtmp\4\*.* /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
[2005/03/08 10:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/10/29 19:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/10/30 11:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2011/10/29 21:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2005/03/08 08:48:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2005/03/08 12:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/10/29 19:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2005/03/08 11:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2005/03/08 08:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Application Data\Identities
[2005/03/08 10:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Application Data\InstallShield
[2011/10/29 21:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Application Data\Malwarebytes
[2005/03/08 11:09:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Sandra\Application Data\Microsoft
[2011/10/29 19:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Application Data\Sun
 
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2011/10/30 10:51:02 | 017,001,840 | ---- | M] (Microsoft Corporation) -- C:\IE8-WindowsXP-x86-FRA.exe
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2008/04/14 13:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 13:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2008/04/14 13:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 13:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2005/03/25 14:00:00 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=9CAB5B612E3AF65810F276BA051D56CD -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\DRIVERS\ATAPI.SYS
[2005/03/25 14:00:00 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=9CAB5B612E3AF65810F276BA051D56CD -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\DRIVERS\ATAPI.SYS
[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2008/04/14 13:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008/04/14 13:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:cdrom.sys
[2008/04/14 13:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2005/03/25 14:00:00 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=DD6A189894B14E24A14B4D182F5F3949 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\DRIVERS\CDROM.SYS
[2005/03/25 14:00:00 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=DD6A189894B14E24A14B4D182F5F3949 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\DRIVERS\CDROM.SYS
 
[color=#A23BEC]< MD5 for: CHANGER.SYS  >[/color]
[2008/04/14 13:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008/04/14 13:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:Changer.sys
 
[color=#A23BEC]< MD5 for: CTFMON.EXE  >[/color]
[2008/04/14 13:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe
[2008/04/14 13:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\dllcache\ctfmon.exe
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2008/04/14 13:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/14 13:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:disk.sys
[2008/04/14 13:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys
[2005/03/25 14:00:00 | 000,039,936 | ---- | M] (Microsoft Corporation) MD5=5B538C58BB4645B86C256B66620A2DE1 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\DRIVERS\DISK.SYS
[2005/03/25 14:00:00 | 000,039,936 | ---- | M] (Microsoft Corporation) MD5=5B538C58BB4645B86C256B66620A2DE1 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\DRIVERS\DISK.SYS
 
[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2008/04/14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2008/04/14 13:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 13:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\system32\dllcache\explorer.exe
 
[color=#A23BEC]< MD5 for: IASTOR.SYS  >[/color]
[2008/02/14 12:31:26 | 000,310,808 | ---- | M] (Intel Corporation) MD5=ACF3EC4273521B83AD9EFE56C11B4626 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\DRIVERS\IASTOR.SYS
[2008/02/14 12:31:26 | 000,310,808 | ---- | M] (Intel Corporation) MD5=ACF3EC4273521B83AD9EFE56C11B4626 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\DRIVERS\IASTOR.SYS
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2008/04/14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008/04/14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2005/03/25 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=FDB9275EB5E75A456BD26F4479103C19 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\DRIVERS\NDIS.SYS
[2005/03/25 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=FDB9275EB5E75A456BD26F4479103C19 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\DRIVERS\NDIS.SYS
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2008/04/14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2005/03/25 14:00:00 | 000,419,328 | ---- | M] (Microsoft Corporation) MD5=9DA343027F3B72029AB499D3F7FFACAA -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\NETLOGON.DLL
[2005/03/25 14:00:00 | 000,419,328 | ---- | M] (Microsoft Corporation) MD5=9DA343027F3B72029AB499D3F7FFACAA -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\NETLOGON.DLL
 
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2005/03/25 14:00:00 | 000,010,752 | ---- | M] (Microsoft Corporation) MD5=48EE7B6802C0306F9A66F34DB7E9EF75 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\DRIVERS\RASACD.SYS
[2005/03/25 14:00:00 | 000,010,752 | ---- | M] (Microsoft Corporation) MD5=48EE7B6802C0306F9A66F34DB7E9EF75 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\DRIVERS\RASACD.SYS
[2008/04/14 13:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys
[2008/04/14 13:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys
 
[color=#A23BEC]< MD5 for: RDPCLIP.EXE  >[/color]
[2008/04/14 13:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=B46EF6930DDE7393FB4BD0150BCC786C -- C:\WINDOWS\system32\dllcache\rdpclip.exe
[2008/04/14 13:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=B46EF6930DDE7393FB4BD0150BCC786C -- C:\WINDOWS\system32\rdpclip.exe
 
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2011/06/24 15:09:15 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=3348E61A78BA4F79C795AAD6565D3B6F -- C:\WINDOWS\SoftwareDistribution\Download\2da9cfedece4fa796545bf065a958699\SP3QFE\rdpwd.sys
[2008/04/14 13:00:00 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\dllcache\rdpwd.sys
[2008/04/14 13:00:00 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2011/06/24 15:10:47 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=FC105DD312ED64EB66BFF111E8EC6EAC -- C:\WINDOWS\SoftwareDistribution\Download\2da9cfedece4fa796545bf065a958699\SP3GDR\rdpwd.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2005/03/25 14:00:00 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=71FB876580530E7B0429312A8BCE5E04 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\SCECLI.DLL
[2005/03/25 14:00:00 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=71FB876580530E7B0429312A8BCE5E04 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\SCECLI.DLL
[2008/04/14 13:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 13:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2008/04/14 13:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Sfloppy.sys
[2008/04/14 13:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:Sfloppy.sys
[2005/03/25 14:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=831826DC54FA225F0B654EF2F1E13AF9 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\DRIVERS\SFLOPPY.SYS
[2005/03/25 14:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=831826DC54FA225F0B654EF2F1E13AF9 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\DRIVERS\SFLOPPY.SYS
[2008/04/14 13:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys
 
[color=#A23BEC]< MD5 for: SPLITTER.SYS  >[/color]
[2008/04/14 13:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:splitter.sys
[2008/04/14 13:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:splitter.sys
[2008/04/13 11:45:08 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\dllcache\splitter.sys
[2008/04/13 11:45:08 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys
 
[color=#A23BEC]< MD5 for: SWMIDI.SYS  >[/color]
[2008/04/14 13:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:swmidi.sys
[2008/04/14 13:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:swmidi.sys
[2008/04/13 11:45:10 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\dllcache\swmidi.sys
[2008/04/13 11:45:10 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2008/04/14 13:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB2509553$\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\SoftwareDistribution\Download\f96addb4e216f2399cbadef9606eabb2\sp3gdr\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008/06/20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008/06/20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\SoftwareDistribution\Download\f96addb4e216f2399cbadef9606eabb2\sp3qfe\tcpip.sys
[2005/03/25 14:00:00 | 000,333,312 | ---- | M] (Microsoft Corporation) MD5=EC676733442B122F1828FCD03B86C20B -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\DRIVERS\TCPIP.SYS
[2005/03/25 14:00:00 | 000,333,312 | ---- | M] (Microsoft Corporation) MD5=EC676733442B122F1828FCD03B86C20B -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\DRIVERS\TCPIP.SYS
 
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2008/04/14 13:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\dllcache\tdpipe.sys
[2008/04/14 13:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys
 
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2008/04/14 13:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\dllcache\tdtcp.sys
[2008/04/14 13:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys
 
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2008/04/14 13:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbprint.sys
[2008/04/14 13:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:usbprint.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2008/04/14 13:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbscan.sys
[2008/04/14 13:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:usbscan.sys
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2005/03/25 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=29A1877F2D0EACFF20B6507A3C00F31B -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\USERINIT.EXE
[2005/03/25 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=29A1877F2D0EACFF20B6507A3C00F31B -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\USERINIT.EXE
[2008/04/14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe
 
[color=#A23BEC]< MD5 for: VOLSNAP.SYS  >[/color]
[2005/03/25 14:00:00 | 000,152,576 | ---- | M] (Microsoft Corporation) MD5=364CBB5F273A0355D0A841635D66B764 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\DRIVERS\VOLSNAP.SYS
[2005/03/25 14:00:00 | 000,152,576 | ---- | M] (Microsoft Corporation) MD5=364CBB5F273A0355D0A841635D66B764 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\DRIVERS\VOLSNAP.SYS
[2008/04/14 13:00:00 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=46DE1126684369BACE4849E4FC8C43CA -- C:\WINDOWS\system32\dllcache\volsnap.sys
[2008/04/14 13:00:00 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=46DE1126684369BACE4849E4FC8C43CA -- C:\WINDOWS\system32\drivers\volsnap.sys
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2005/03/25 14:00:00 | 000,508,928 | ---- | M] (Microsoft Corporation) MD5=325FD6D25FC1D77C363E87B445C8B023 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\I386\SYSTEM32\WINLOGON.EXE
[2005/03/25 14:00:00 | 000,508,928 | ---- | M] (Microsoft Corporation) MD5=325FD6D25FC1D77C363E87B445C8B023 -- C:\WINDOWS\RE_DRIVE\recoverycd_iso\STAGE\MININT\SYSTEM32\WINLOGON.EXE
[2008/04/14 13:00:00 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 13:00:00 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe
 
[color=#A23BEC]< MD5 for: WSCNTFY.EXE  >[/color]
[2008/04/14 13:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) MD5=02DA31AB433A6C1110A736C85701DECA -- C:\WINDOWS\system32\dllcache\wscntfy.exe
[2008/04/14 13:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) MD5=02DA31AB433A6C1110A736C85701DECA -- C:\WINDOWS\system32\wscntfy.exe
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]

< End of report >



merciii
Avatar de l'utilisateur
nana-lyly
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 29
Inscription: 18 Oct 2011 11:24
 

Re: cheval de troie impossible a nettoyer Help

Message le 30 Oct 2011 13:48

re , :)


Image Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case " Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"
:OTL
[2011/10/30 11:19:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Local Settings\Application Data\Conduit
[2011/10/30 11:25:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Local Settings\Application Data\ConduitEngine
O3 - HKLM\..\Toolbar: (Eazel-FR Toolbar) - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\prxtbEaz0.dll (Conduit Ltd.)
O2 - BHO: (Eazel-FR Toolbar) - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\prxtbEaz0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-77741532-2183571156-2852241321-1005\..\URLSearchHook: {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\prxtbEaz0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-77741532-2183571156-2852241321-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2095689
O33 - MountPoints2\{c3c6463b-025b-11e1-9b2a-002185b62c1f}\Shell\AutoRun\command - "" = F:\setup.exe
O32 - AutoRun File - [2011/10/18 19:33:49 | 000,000,000 | -H-- | M] () - D:\AUTORUN.INF -- [ NTFS ]
File not found -- C:\Documents and Settings\Sandra\Bureau\CAWT8RC7.
File not found -- C:\Documents and Settings\Sandra\Bureau\CAWT8RC7.
O3 - HKU\S-1-5-21-77741532-2183571156-2852241321-1005\..\Toolbar\WebBrowser: (Eazel-FR Toolbar) - {A8F9752D-E2B8-4E7A-86B5-499F4330E2FE} - C:\Program Files\Eazel-FR\prxtbEaz0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-77741532-2183571156-2852241321-1005\..\Toolbar\WebBrowser: (Eazel-FR Toolbar) - {A8F9752D-E2B8-4E7A-86B5-499F4330E2FE} - C:\Program Files\Eazel-FR\prxtbEaz0.dll (Conduit Ltd.)
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-77741532-2183571156-2852241321-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:Files
C:\Program Files\ConduitEngine
C:\Program Files\Conduit
C:\Program Files\Eazel-FR\prxtbEaz0.dll




:Commands
[emptytemp]
[emptyflash]

* Cliques sur l'icône Correction (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport s'ouvrir "OTL.log"
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Puis :::

Télécharger MBR.exe de Gmer à cette adresse : http://www2.gmer.net/mbr/mbr.exe

Placez le fichier sur votre bureau
/!\Désactiver tous les programmes de protection (antivirus, antispyware etc.)/!\
- Double-cliquez sur mbr.exe.. une fenêtre de l'invité de commande va s'ouvrir et se refermer.
- Un rapport sera généré => mbr.log.
Poste-moi le rapport

Bonne journée ! ;)
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Re: cheval de troie impossible a nettoyer Help

Message le 30 Oct 2011 15:04

c est normal que le logiciel ne met rien mis au bout d une heure ??

l ordi a pas planter car la souris bouge , mais les icones de bureau eux on disparu !!
Avatar de l'utilisateur
nana-lyly
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 29
Inscription: 18 Oct 2011 11:24
 

Re: cheval de troie impossible a nettoyer Help

Message le 30 Oct 2011 15:16

Concernant OTL ?
Redémarre ton pc puis recommence , essaye en Mode sans Échec !
Si les deux cas ne fonctionne pas on feras autrement...

Fais se qui suit concernant MBR.EXE , sa pourrais être à cause d'un rootkit... !

++ ;)
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Re: cheval de troie impossible a nettoyer Help

Message le 30 Oct 2011 16:33

bon je reviens vers toi et je te remercie de m aider !!

donc j ai executer tes demande je te poste donc le premier rapport

Code: Tout sélectionner
Error: Unable to interpret <OTL logfile created on: 30/10/2011 12:05:36 - Run 1> in the current context!
Error: Unable to interpret <OTL by OldTimer - Version 3.2.31.0     Folder = C:\Documents and Settings\Sandra\Bureau> in the current context!
Error: Unable to interpret <Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation> in the current context!
Error: Unable to interpret <Internet Explorer (Version = 8.0.6001.18702)> in the current context!
Error: Unable to interpret <Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <1013,23 Mb Total Physical Memory | 482,94 Mb Available Physical Memory | 47,66% Memory free> in the current context!
Error: Unable to interpret <2,38 Gb Paging File | 1,95 Gb Available in Paging File | 81,82% Paging File free> in the current context!
Error: Unable to interpret <Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files> in the current context!
Error: Unable to interpret <Drive C: | 39,07 Gb Total Space | 28,12 Gb Free Space | 71,99% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive D: | 106,07 Gb Total Space | 105,94 Gb Free Space | 99,87% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive E: | 963,50 Mb Total Space | 961,00 Mb Free Space | 99,74% Space Free | Partition Type: FAT32> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Computer Name: NOM-B6390CADFAE | User Name: Sandra | Logged in as Administrator.> in the current context!
Error: Unable to interpret <Boot Mode: Normal | Scan Mode: All users> in the current context!
Error: Unable to interpret <Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[color=#E56717]========== Processes (SafeList) ==========[/color]> in the current context!
Error: Unable to interpret < > in the current context!
Error:             to interpret <PRC - C:\Documents and Settings\Sandra\Bureau\OTL.exe (OldTimer Tools)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files\System Control Manager\MSIService.exe ()> in the current context!
Error: Unable to interpret <PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[color=#E56717]========== Modules (No Company Name) ==========[/color]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <MOD - C:\Program Files\System Control Manager\MGKBHook.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Program Files\System Control Manager\MSIService.exe ()> in the current context!
Error: Unable to interpret <MOD - C:\Program Files\System Control Manager\MSIWmiAcpi.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\Program Files\WinRAR 3.61 Multi\RarExt.dll ()> in the current context!
Error: Unable to interpret <MOD - C:\WINDOWS\system32\TosCommAPI.dll ()> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[color=#E56717]========== Win32 Services (SafeList) ==========[/color]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <SRV - (HidServ) --  File not found> in the current context!
Error: Unable to interpret <SRV - (AppMgmt) --  File not found> in the current context!
Error: Unable to interpret <SRV - (maconfservice) -- C:\Program Files\ma-config.com\maconfservice.exe (CybelSoft)> in the current context!
Error: Unable to interpret <SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)> in the current context!
Error: Unable to interpret <SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)> in the current context!
Error: Unable to interpret <SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)> in the current context!
Error: Unable to interpret <SRV - (Micro Star SCM) -- C:\Program Files\System Control Manager\MSIService.exe ()> in the current context!
Error: Unable to interpret <SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)> in the current context!
Error: Unable to interpret <SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[color=#E56717]========== Driver Services (SafeList) ==========[/color]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <DRV - (AntiAries) -- C:\WINDOWS\system32\drivers\RKL330.tmp.sys (Lavasoft AB)> in the current context!
Error: Unable to interpret <DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)> in the current context!
Error: Unable to interpret <DRV - (driverhardwarev2) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (CybelSoft)> in the current context!
Error: Unable to interpret <DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)> in the current context!
Error: Unable to interpret <DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)> in the current context!
Error: Unable to interpret <DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)> in the current context!
Error: Unable to interpret <DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )> in the current context!
Error: Unable to interpret <DRV - (rtl8187Se) -- C:\WINDOWS\system32\drivers\rtl8187Se.sys (Realtek Semiconductor Corporation                           )> in the current context!
Error: Unable to interpret <DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RTS5121.sys (Realtek Semiconductor Corporation)> in the current context!
Error: Unable to interpret <DRV - (RT80x86) -- C:\WINDOWS\system32\drivers\rt2860.sys (Ralink Technology, Corp.)> in the current context!
Error: Unable to interpret <DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)> in the current context!
Error: Unable to interpret <DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)> in the current context!
Error: Unable to interpret <DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)> in the current context!
Error: Unable to interpret <DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)> in the current context!
Error: Unable to interpret <DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)> in the current context!
Error: Unable to interpret <DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)> in the current context!
Error: Unable to interpret <DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)> in the current context!
Error: Unable to interpret <DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)> in the current context!
Error: Unable to interpret <DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)> in the current context!
Error: Unable to interpret <DRV - (ULCDRHlp) -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys (Ulead Systems, Inc.)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[color=#E56717]========== Standard Registry (SafeList) ==========[/color]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[color=#E56717]========== Internet Explorer ==========[/color]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw> in the current context!
Error: Unable to interpret <IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-77741532-2183571156-2852241321-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2095689> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-77741532-2183571156-2852241321-1005\..\URLSearchHook: {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\prxtbEaz0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-77741532-2183571156-2852241321-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/10/29 19:32:13 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts> in the current context!
Error: Unable to interpret <O1 - Hosts: 127.0.0.1       localhost> in the current context!
Error: Unable to interpret <O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)> in the current context!
Error: Unable to interpret <O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O2 - BHO: (Eazel-FR Toolbar) - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\prxtbEaz0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Eazel-FR Toolbar) - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\prxtbEaz0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-77741532-2183571156-2852241321-1005\..\Toolbar\WebBrowser: (Eazel-FR Toolbar) - {A8F9752D-E2B8-4E7A-86B5-499F4330E2FE} - C:\Program Files\Eazel-FR\prxtbEaz0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Mise à jour des licences ESET.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe (GuillerSoft)> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323> in the current context!
Error: Unable to interpret <O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present> in the current context!
Error: Unable to interpret <O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323> in the current context!
Error: Unable to interpret <O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-21-77741532-2183571156-2852241321-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-21-77741532-2183571156-2852241321-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-21-77741532-2183571156-2852241321-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863> in the current context!
Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C6288C3-F3BD-449F-8552-0D6010F2D1E8}: DhcpNameServer = 192.168.1.254> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O24 - Desktop Components:0 (Ma page d'accueil) - About:Home> in the current context!
Error: Unable to interpret <O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Wall Paper.bmp> in the current context!
Error: Unable to interpret <O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Wall Paper.bmp> in the current context!
Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2005/03/08 08:48:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2011/10/18 19:33:49 | 000,000,000 | -H-- | M] () - D:\AUTORUN.INF -- [ NTFS ]> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{c3c6463b-025b-11e1-9b2a-002185b62c1f}\Shell\AutoRun\command - "" = F:\setup.exe> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *)> in the current context!
Error: Unable to interpret <O35 - HKLM\..comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35 - HKLM\..exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...com [@ = comfile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <NetSvcs: 6to4 -  File not found> in the current context!
Error: Unable to interpret <NetSvcs: AppMgmt -  File not found> in the current context!
 
OTL by OldTimer - Version 3.2.31.0 log created on 10302011_155211


et pour le MBR

Code: Tout sélectionner
Stealth MBR  rootkit/Mebroot /Sinowal/TDL4 detecteur 0.4.2 by Gmer , http:www.gmer
.net
Windows 5 . 1 . 2600 Disk / VDC_WD1600BEVT-22ZCTO rev .11.01A11 - >harddisk0 - > \D
evice \Ide\IdeDevicePOTOLO-3

device:   opened successfully
user:    MBR read successfully
kernel: MBR read successfully
user & kernel MDR OK


J ai du le copier moi meme car il planté le mode sans echec tout autant que le normal ..
Avatar de l'utilisateur
nana-lyly
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 29
Inscription: 18 Oct 2011 11:24
 

Re: cheval de troie impossible a nettoyer Help

Message le 30 Oct 2011 19:13

Bonsoir , :)

OK pour Gmer mais pas pour OTL :cry:
Recommencer la procédure svp...

Bonne soirée !
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Re: cheval de troie impossible a nettoyer Help

Message le 31 Oct 2011 09:04

bonjour :D
je te remercie de ta patience ..

voila tous ce qu il me donne !!

Code: Tout sélectionner
All processes killed
========== OTL ==========
C:\Documents and Settings\Sandra\Local Settings\Application Data\Conduit\Community Alerts\Log folder moved successfully.
C:\Documents and Settings\Sandra\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Documents and Settings\Sandra\Local Settings\Application Data\Conduit\Community Alerts\Feeds folder moved successfully.
C:\Documents and Settings\Sandra\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully.
C:\Documents and Settings\Sandra\Local Settings\Application Data\Conduit folder moved successfully.
Folder C:\Documents and Settings\Sandra\Local Settings\Application Data\ConduitEngine\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}\ not found.
File FR\prxtbEaz0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}\ not found.
File C:\Program Files\Eazel-FR\prxtbEaz0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_USERS\S-1-5-21-77741532-2183571156-2852241321-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}\ not found.
File C:\Program Files\Eazel-FR\prxtbEaz0.dll not found.
HKU\S-1-5-21-77741532-2183571156-2852241321-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3c6463b-025b-11e1-9b2a-002185b62c1f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3c6463b-025b-11e1-9b2a-002185b62c1f}\ not found.
File F:\setup.exe not found.
D:\AUTORUN.INF moved successfully.
Registry value HKEY_USERS\S-1-5-21-77741532-2183571156-2852241321-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A8F9752D-E2B8-4E7A-86B5-499F4330E2FE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8F9752D-E2B8-4E7A-86B5-499F4330E2FE}\ not found.
File FR\prxtbEaz0.dll not found.
Registry value HKEY_USERS\S-1-5-21-77741532-2183571156-2852241321-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A8F9752D-E2B8-4E7A-86B5-499F4330E2FE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8F9752D-E2B8-4E7A-86B5-499F4330E2FE}\ not found.
File FR\prxtbEaz0.dll not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry key HKEY_USERS\S-1-5-21-77741532-2183571156-2852241321-1005\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully.
C:\WINDOWS\System32\ConduitEngine.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\ConduitEngine not found.
File\Folder C:\Program Files\Conduit not found.
File\Folder C:\Program Files\Eazel-FR\prxtbEaz0.dll not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Sandra
->Temp folder emptied: 15888380 bytes
->Temporary Internet Files folder emptied: 34187840 bytes
->Java cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 99742 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 48,00 mb
 
 
[EMPTYFLASH]
 
User: Administrateur
 
User: All Users
 
User: Default User
 
User: LocalService
 
User: NetworkService
 
User: Sandra
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 10312011_085319

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


bonne journée et merci
Avatar de l'utilisateur
nana-lyly
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 29
Inscription: 18 Oct 2011 11:24
 

Re: cheval de troie impossible a nettoyer Help

Message le 31 Oct 2011 11:35

Bonjour , :)

OK pour OTL ! ;)

On va utiliser un autre scanneur...

Image Télécharge ZHPDiag par Nicolas Coolman et sauvegarde-le sur le Bureau.

  • Laisse toi guider lors de l'installation, le programme se lancera automatiquement à la fin.
  • /!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag:
    « exécuter en tant qu'Administrateur »/!\

  • Cliquer sur l'icône représentant une loupeLancer le diagnostic »)
  • /!\Ne touche pas au pc lors du Scan ,celui-ci provoquerait un Gel du programme/!\
  • Enregistrer le rapport sur le Bureau à l'aide de l'icône représentant une disquette
  • Va sur le site http://www.cijoint.fr/
  • Clique sur le bouton Parcourir et sélectionne le dernier rapport ZHPDiag.txt qui est sur ton bureau.
  • Clique ensuite sur cliquez-ici pour déposer le fichier (vers le bas de la page)
  • Patiente puis copie/colle dans ta réponse le lien qui apparait

Note: pour les utilisateurs d'Avast : Cet antivirus génère des alertes, il s'agit de faux positif (fausses alertes) délivrés par l'antivirus lorsqu'il rencontre une base de donnée PARADOX Delphi Borland.


Bonne journée ! ;)
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Re: cheval de troie impossible a nettoyer Help

Message le 01 Nov 2011 10:01

bonjour

merci de ton aide !!

je pense avoir résolu le probleme en formatant le netbook !!

eset ne me met plus le cheval de troie donc sa a l air bon !!

juste un petit hic je ne trouve plus les pilotes modem

le controleur wifi

controleur vidéo et les péripherique audio !!!


la marque du netbook et MSI U100 tu pourrai peut etre m aider ou faut j ouvre une nouvelle conversation ?!

viewtopic.php?f=8&t=60176 la discution ce trouve la !!
Avatar de l'utilisateur
nana-lyly
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 29
Inscription: 18 Oct 2011 11:24
 

Re: cheval de troie impossible a nettoyer Help

Message le 01 Nov 2011 12:44

Bonjour , :)

Sa marche ! :wink:
Tu est entre de bonnes mains ... !

Nous allons maintenant procéder au nettoyage des outils de désinfection !

Image Télécharge ->> DelFix <<- de Xplode

  • Lance le.
  • Choisit l'option "Suppression"
  • Un rapport va s'ouvrir à la fin, colle le dans la réponse ...
  • Ensuite pour le désinstaller ; tu relances et tu passes à l'option "Désinstallation"

Puis :::

1) Créer un point de restauration

Télécharge OneClick2RestorePoint de Laddy sur ton Bureau
  • Double-cliquez dessus pour l'exécuter (Sous Vista/Seven, fais un clic droit et choisir Exécuter en tant qu'administrateur).
  • Entrez la description suivante : "Pc-Propre"
  • Cliquez sur le bouton "Créer", puis sur le bouton OK.
  • Cliquez sur le bouton "Quitter" pour fermez l'application.

2) Purge de la restauration système

  • Double-cliquez sur One Click 2 Restor Point pour l'exécuter (Sous Vista/Seven, fais un clic droit et choisir Exécuter en tant qu'administrateur).
  • Cliquez sur le bouton "Purger", l'outil de nettoyage de Windows va ensuite s'ouvrir.
  • Choisissez votre disque dur principal (en général C:\), puis patientez durant le scan.
  • Rendez-vous dans l'onglet "Autres options".
  • Dans la zone restauration système, cliquez sur le bouton "Nettoyer" puis sur le bouton "Supprimer".
  • Les points de restauration système seront purgés sauf le dernier créé.

=======================================================

Pour le bien de votre PC:

  • Penser à effectuer la Mise à jours de Windows Update:
  • Démarrer => Tous les programmes => Windows Update

  • Mettez votre JaVa à jours.

  • Mettre à jours son navigateur intenet:
  • Mozilla Firefox
  • Internet explorer

  • Effectuer un Scan complet de votre pc avec votre Antivirus(Tous les 15J~)
  • Effectuer un Scan complet ou rapide avec Malwarebytes' Antimalware
    utilisé lors de la désinfection en prenant soin de le mettre à jours avant chaque utilisations.

  • Ne cliquer pas sur des liens qu'on vous envoie bêtement.
  • Faite attention à vos téléchargement & à votre navigation sur internet:
    (Site douteux: Pubs , porno , Émoticône... )
  • Fait attention aux Toolbars que vous installé => http://forum.malekal.com/les-toolbars-e ... t6173.html

Bonne continuation ! ;)
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Re: cheval de troie impossible a nettoyer Help

Message le 01 Nov 2011 18:02

merci j ai trouver !!

bonne continuation
Avatar de l'utilisateur
nana-lyly
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 29
Inscription: 18 Oct 2011 11:24
 



Sujets similaires

Message [Réglé] Votre avis sur les disques durs "INN®" (ou Innovtec)
Bonjour à tousFaisant des recherches sur le net en vue d'acheter un disque dur externe de 6 ou 8 To, je suis tombé sur des annonces - sur le site Cdiscount de la marque Innovtec et, vu les tarifs affichés, je m'interroge sur la qualité du produit.Par exemple, celui-ci : https://www.cdiscount.com/inf ...
Réponses: 8

Message [Réglé] Mauvaise performance SSD NVME
Bonjour, j'ai un WDC PC SN530 SDBPNPZ-512G, et quand je fais des benchmark où je ne comprends rien, ils m'indiquent dès résultat pas terrible, y a t'il moyen d'arranger ça ?https://www.userbenchmark.com/UserRun/68904129Merci de votre aide.
Réponses: 10

Message [Réglé] Suite de mon sujet Démarrage PC parfois difficile
Bonjour,j'avais ouvert un sujet suite au démarrage très lent de mon PC. Votre aide m'a permis d'améliorer la situation mais ce n'est pas parfait (plus de 2 minutes avant la fenêtre de saisie du code d'accès Windows).On m'a conseillé de demander une désinfection. J'ai suivi la procédure et je joins l ...
Réponses: 34

Message [Réglé] Clé usb qui s'affiche pas
Bonjour a tous ,Tout d'abord désolé si je me suis trompé de section.Voila j'ai un collègue qui m'a passé une clé usb avec une vidéo dessus pour que je change le formas et que la clé puisse lire la vidéo sur sa télé. Jusqu'à la tout va bien mais une fois que je met la clé dans mon ordi ( Windows 11 ) ...
Réponses: 13

Message [Réglé] Mini PC pour la 4k HDR
Bonjour (et bonne année a tous ),Actuellement, j'ai mon bon vieux mini PC (I5-4210U) , fonctionnel mais hélas devenu trop limité en performance pour la 4K (j'arrive à lire des fichiers en H264 avec très peu voir pas de lags tout dépend le lecteur) et on parle même pas avec du H265 (saccadé à mort) ...
Réponses: 6

Message [Réglé] android auto
Bonjour Je possede un tel. samsung S7 . Je viens d'intaller android auto et chaque fois que je branche mon tel. sur mon vehicule , mon telephone me dit de mettre android à jour. En fouillant un peu sur le net j'ai cru voir que samsung avait arreté les mises à jour sur les S7 . Est ce vrai , sinon co ...
Réponses: 3

Message [Réglè] HELP
Bonjour a tous,j'ai voulu désinstaller les pilotes AMD high définition audio device dans le gestionnaire croyant que les pilotes realtek prendraient la place j'ai redémarré mon PC et depuis je n'ai plus de son l?icône est affublée d'une belle croix rouge (aucun haut parleur ou casque n'est branché) ...
Réponses: 7


Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 28 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.