[Réglé] Win32:Rootkit-gen [Rtk]

mbouchet · le 13 Oct 2010 18:17

Bonjour

Mon ordinateur est infesté par le virus Win32:Rootkit-gen [Rtk] qui a été détecté par Avast. Cherchant à éliminer le problème j'ai consulté ce site et me suis inspirée de la réponse faite à Amarok le 29 septemnbre 2010.
J'ai donc téléchargé OTL et suivi les consignes.

Voilà les rapports obtenus:

Code: Tout sélectionner: OTL Extras logfile created on: 13/10/2010 18:27:44 - Run 1 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Marlène\Mes documents\Téléchargements Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 502,00 Mb Total Physical Memory | 73,00 Mb Available Physical Memory | 15,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 53,00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 51,39 Gb Total Space | 9,38 Gb Free Space | 18,25% Space Free | Partition Type: NTFS Computer Name: MARLENE | User Name: Marlène | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "12741:TCP" = 12741:TCP:*:Enabled:BitComet 12741 TCP "12741:UDP" = 12741:UDP:*:Enabled:BitComet 12741 UDP "8080:TCP" = 8080:TCP:*:Enabled:@xpsp2res.dll,-22008 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- File not found "C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Disabled:eMule -- File not found "C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC) "C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- File not found "C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- File not found "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found "%windir%\explorer.exe" = %windir%\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation) "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation) "C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{1AA0F610-7226-4C99-85D7-5E75AFD0D5CE}_is1" = Geoplan-Geospace version 1.6 "{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro "{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Gestion de l'alimentation de la carte réseau interne "{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE "{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland "{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19 "{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs "{2F71F2BA-B513-4113-969C-18A84D238E27}" = 1310 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3 "{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA "{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload "{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update "{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live "{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime "{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext "{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail "{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger "{80413011-029C-4D6B-B3AD-725DDE60B81C}" = 1310Trb "{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver "{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6 "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12 "{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007 "{90120000-0015-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007 "{90120000-0016-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007 "{90120000-0018-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007 "{90120000-0019-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007 "{90120000-001A-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007 "{90120000-001B-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007 "{90120000-001F-0401-0000-0000000FF1CE}_ENTERPRISE_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0413-0000-0000000FF1CE}_ENTERPRISE_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007 "{90120000-0044-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}_ENTERPRISE_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007 "{90120000-00A1-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00B2-040C-0000-0000000FF1CE}" = Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007 "{90120000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2007 "{90120000-00BA-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig "{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}" = 924PLC32 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{968D41C3-25BB-4632-A6DF-2E1C8F0143A4}" = Microsoft LifeCam "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio "{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience "{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.0 - Français "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy "{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director "{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live "{E21658D0-8C83-4ADD-937B-6ED07F335ABA}" = 1310Tour "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{E7443920-7E1F-49B2-A8C9-556B27B01977}" = Digital MP300F Audio Player "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{E90BEB5B-CFA0-418E-9ABB-4C4A7B0D9483}" = 1310_Help "{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall "{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi "{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "avast!" = avast! Antivirus "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem "Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924 "ENTERPRISE" = Microsoft Office Enterprise 2007 "GeoGebra" = GeoGebra "HP Photo & Imaging" = HP Image Zone 4.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "LimeWire" = LimeWire 5.2.13 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Oxford Advanced Genie" = Oxford Advanced Genie "PhotoStitch" = Canon Utilities PhotoStitch "ProInst" = Logiciel Intel(R) PROSet/Wireless "RealPlayer 12.0" = RealPlayer "Skype_is1" = Skype 2.5 "StreetPlugin" = Learn2 Player (Uninstall Only) "SynTPDeinstKey" = Synaptics Pointing Device Driver "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VideoLAN VLC media player 0.8.6b "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Lecteur Windows Media 11 "Windows XP Service" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Installation Windows Live "WinRAR archiver" = Archiveur WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 09/09/2010 01:21:01 | Computer Name = MARLENE | Source = Application Error | ID = 1000 Description = Application défaillante installation_pc.exe, version 10.0.2.54, module défaillant installation_pc.exe, version 10.0.2.54, adresse de défaillance 0x002f7eb7. Error - 17/09/2010 03:24:21 | Computer Name = MARLENE | Source = Microsoft Office 12 | ID = 1000 Description = Faulting application winword.exe, version 12.0.6541.5000, stamp 4c38f4a9, faulting module msptls.dll, version 12.0.6421.1000, stamp 4993c9f7, debug? 0, fault address 0x0001379f. Error - 20/09/2010 17:42:06 | Computer Name = MARLENE | Source = Microsoft Office 12 | ID = 1000 Description = Faulting application winword.exe, version 12.0.6541.5000, stamp 4c38f4a9, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x00010001. Error - 12/10/2010 13:29:55 | Computer Name = MARLENE | Source = Application Error | ID = 1000 Description = Application défaillante wlcomm.exe, version 14.0.8064.206, module défaillant apiqq0.dll, version 0.0.0.0, adresse de défaillance 0x00080556. Error - 12/10/2010 13:31:03 | Computer Name = MARLENE | Source = Application Error | ID = 1000 Description = Application défaillante wlcomm.exe, version 14.0.8064.206, module défaillant apiqq0.dll, version 0.0.0.0, adresse de défaillance 0x00080556. Error - 12/10/2010 15:59:04 | Computer Name = MARLENE | Source = Application Error | ID = 1000 Description = Application défaillante wlcomm.exe, version 14.0.8064.206, module défaillant apiqq0.dll, version 0.0.0.0, adresse de défaillance 0x00080556. Error - 13/10/2010 12:14:11 | Computer Name = MARLENE | Source = Application Error | ID = 1000 Description = Application défaillante wlcomm.exe, version 14.0.8064.206, module défaillant apiqq0.dll, version 0.0.0.0, adresse de défaillance 0x00080556. Error - 13/10/2010 12:16:09 | Computer Name = MARLENE | Source = Application Error | ID = 1001 Description = Détecteur d'erreurs 2058697605. Error - 13/10/2010 12:22:57 | Computer Name = MARLENE | Source = Application Error | ID = 1000 Description = Application défaillante wlcomm.exe, version 14.0.8064.206, module défaillant apiqq0.dll, version 0.0.0.0, adresse de défaillance 0x00080556. Error - 13/10/2010 12:41:55 | Computer Name = MARLENE | Source = Application Hang | ID = 1002 Description = Application bloquée msnmsgr.exe, version 14.0.8089.726, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. [ OSession Events ] Error - 02/12/2009 13:25:07 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4720 seconds with 2580 seconds of active time. This session ended with a crash. Error - 18/01/2010 05:19:55 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6938 seconds with 2880 seconds of active time. This session ended with a crash. Error - 28/01/2010 07:37:02 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6696 seconds with 5460 seconds of active time. This session ended with a crash. Error - 30/03/2010 07:00:54 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 63730 seconds with 6420 seconds of active time. This session ended with a crash. Error - 08/04/2010 08:17:40 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 940 seconds with 180 seconds of active time. This session ended with a crash. Error - 14/06/2010 05:18:06 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3592 seconds with 660 seconds of active time. This session ended with a crash. Error - 26/08/2010 08:17:41 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7493 seconds with 2580 seconds of active time. This session ended with a crash. Error - 29/08/2010 08:45:09 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1063 seconds with 1020 seconds of active time. This session ended with a crash. Error - 17/09/2010 03:24:12 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1514 seconds with 900 seconds of active time. This session ended with a crash. Error - 20/09/2010 17:41:50 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9961 seconds with 4500 seconds of active time. This session ended with a crash. [ System Events ] Error - 14/09/2010 14:25:16 | Computer Name = MARLENE | Source = DCOM | ID = 10010 Description = Le serveur {0002DF01-0000-0000-C000-000000000046} ne s'est pas enregistré sur DCOM avant la fin du temps imparti. Error - 19/09/2010 04:01:29 | Computer Name = MARLENE | Source = Disk | ID = 262155 Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk0\D. Error - 23/09/2010 16:49:10 | Computer Name = MARLENE | Source = DCOM | ID = 10010 Description = Le serveur {8BC3F05E-D86B-11D0-A075-00C04FB68820} ne s'est pas enregistré sur DCOM avant la fin du temps imparti. Error - 23/09/2010 16:49:54 | Computer Name = MARLENE | Source = Service Control Manager | ID = 7032 Description = Le Gestionnaire de services de contrôle a essayé d'entreprendre une action corrective (Redémarrer le service) après la fin inattendue du service Infrastructure de gestion Windows, mais cette action a échoué en raison de l'erreur suivante : %%1056 Error - 24/09/2010 15:16:31 | Computer Name = MARLENE | Source = Service Control Manager | ID = 7034 Description = Le service Sygate Personal Firewall s'est terminé de façon inattendue pour la 1ème fois. Error - 26/09/2010 11:31:05 | Computer Name = MARLENE | Source = Disk | ID = 262155 Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk0\D. Error - 06/10/2010 06:48:18 | Computer Name = MARLENE | Source = Disk | ID = 262155 Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk0\D. Error - 10/10/2010 13:42:20 | Computer Name = MARLENE | Source = DCOM | ID = 10010 Description = Le serveur {0002DF01-0000-0000-C000-000000000046} ne s'est pas enregistré sur DCOM avant la fin du temps imparti. Error - 12/10/2010 12:18:07 | Computer Name = MARLENE | Source = Service Control Manager | ID = 7034 Description = Le service Sygate Personal Firewall s'est terminé de façon inattendue pour la 1ème fois. Error - 12/10/2010 12:18:35 | Computer Name = MARLENE | Source = Disk | ID = 262155 Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk0\D. < End of report >

et

Code: Tout sélectionner: OTL logfile created on: 13/10/2010 18:27:44 - Run 1 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Marlène\Mes documents\Téléchargements Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 502,00 Mb Total Physical Memory | 73,00 Mb Available Physical Memory | 15,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 53,00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 51,39 Gb Total Space | 9,38 Gb Free Space | 18,25% Space Free | Partition Type: NTFS Computer Name: MARLENE | User Name: Marlène | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Documents and Settings\Marlène\Mes documents\Téléchargements\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\WINDOWS\vVX1000.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc) PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) PRC - C:\WINDOWS\system32\dlcccoms.exe ( ) PRC - C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell) PRC - C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) PRC - C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.) [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - C:\Documents and Settings\Marlène\Mes documents\Téléchargements\OTL.exe (OldTimer Tools) MOD - C:\Documents and Settings\Marlène\Local Settings\Temp\apiqq0.dll () MOD - C:\WINDOWS\system32\mlang.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\WINDOWS\system32\hccutils.dll (Intel Corporation) MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll () MOD - C:\WINDOWS\system32\SSSensor.dll (Sygate Technologies, Inc.) [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation) SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ( ) SRV - (SmcService) -- C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (VX1000) -- C:\WINDOWS\system32\drivers\VX1000.sys (Microsoft Corporation) DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions) DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions) DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions) DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions) DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions) DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions) DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions) DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions) DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions) DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions) DRV - (wg6n) -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys (Sygate Technologies, Inc.) DRV - (wg5n) -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys (Sygate Technologies, Inc.) DRV - (wg4n) -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys (Sygate Technologies, Inc.) DRV - (wg3n) -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys (Sygate Technologies, Inc.) DRV - (wpsdrvnt) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Sygate Technologies, Inc.) DRV - (Teefer) -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys (Sygate Technologies, Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions) DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions) DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc) DRV - (fbxusb) -- C:\WINDOWS\system32\drivers\fbxusb.sys (FreeBox SA) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.fr/myway IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.fr/myway IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway IE - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp IE - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com IE - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.google.fr/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/17 20:29:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/10 19:41:55 | 000,000,000 | ---D | M] [2008/09/06 10:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Mozilla\Extensions [2010/10/12 20:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Mozilla\Firefox\Profiles\6cs31fyo.default\extensions [2010/05/06 19:51:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marlène\Application Data\Mozilla\Firefox\Profiles\6cs31fyo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008/09/06 14:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Mozilla\Firefox\Profiles\6cs31fyo.default\extensions\FFClickOnce@softwarepunk.com [2010/10/12 20:56:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/07/28 18:19:16 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2010/07/28 18:19:16 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2010/07/28 18:19:16 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2009/08/11 12:35:00 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml [2010/07/28 18:19:16 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2010/07/28 18:19:16 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2004/08/05 13:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (no name) - {7f366713-5be6-4ea5-a306-828188c60ee6} - C:\WINDOWS\System32\ddesmgr.dll File not found O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll File not found O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O3 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc) O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL () O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell) O4 - HKLM..\Run: [Install5G] D:\Install.exe File not found O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ShowLOMControl] File not found O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006..\Run: [api32] C:\Documents and Settings\Marlène\Local Settings\Temp\apiqq.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_1_0_1.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ddesmgr: DllName - ddesmgr.dll - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Marlène\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marlène\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {BD804BDD-9A9E-45F5-B9CD-99832A48603C} - C:\WINDOWS\System32\WMDima.dll File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/20 11:37:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/10/13 18:30:33 | 000,000,061 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{1f0856b4-1909-11dc-9f0a-0015c50e40b0}\Shell\Auto\command - "" = AdobeR.exe e O33 - MountPoints2\{1f0856b5-1909-11dc-9f0a-0015c50e40b0}\Shell\Auto\command - "" = F:\AdobeR.exe -- File not found O33 - MountPoints2\{5aebd073-e622-11da-9d4f-00038a000015}\Shell\AutoRun\command - "" = s3ek.exe O33 - MountPoints2\{5aebd073-e622-11da-9d4f-00038a000015}\Shell\open\Command - "" = s3ek.exe O33 - MountPoints2\{6feac86a-8e33-11dc-9fa1-0015c50e40b0}\Shell\Auto\command - "" = AdobeR.exe e O33 - MountPoints2\{992dbae2-f395-11de-9e3d-0015c50e40b0}\Shell\AutoRun\command - "" = F:\io3yalc.exe -- File not found O33 - MountPoints2\{992dbae2-f395-11de-9e3d-0015c50e40b0}\Shell\open\Command - "" = F:\io3yalc.exe -- File not found O33 - MountPoints2\{b55ddcac-d960-11dc-9ff1-0015c50e40b0}\Shell\Auto\command - "" = AdobeR.exe e O33 - MountPoints2\{e56735ee-aecd-11de-9dd6-0015c50e40b0}\Shell\Auto\command - "" = E:\cleardisk.pif -- File not found O33 - MountPoints2\{f67f111a-af25-11dd-a112-0015c50e40b0}\Shell\AutoRun\command - "" = ranvrgn.exe O33 - MountPoints2\{f67f111a-af25-11dd-a112-0015c50e40b0}\Shell\explore\Command - "" = ranvrgn.exe O33 - MountPoints2\{f67f111a-af25-11dd-a112-0015c50e40b0}\Shell\open\Command - "" = ranvrgn.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation) NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: [b]DMXLauncher[/b] - hkey= - key= - C:\Program Files\Dell\Media Experience\DMXLauncher.exe () MsConfig - StartUpReg: [b]GrooveMonitor[/b] - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: [b]LifeCam[/b] - hkey= - key= - C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) MsConfig - StartUpReg: [b]ModemOnHold[/b] - hkey= - key= - C:\Program Files\NetWaiting\netWaiting.exe File not found MsConfig - StartUpReg: [b]MSKDetectorExe[/b] - hkey= - key= - C:\Program Files\McAfee\SpamKiller\MSKDetct.exe File not found MsConfig - StartUpReg: [b]RealTray[/b] - hkey= - key= - C:\Program Files\Real\RealPlayer\RealPlay.exe File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering) ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: WriteRegStr - Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation) NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/10/13 18:23:10 | 000,000,000 | ---D | C] -- C:\Navilog1 [2010/09/27 20:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlène\Application Data\skypePM [2010/09/27 20:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Skype [2010/09/27 20:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype [2006/04/16 16:22:52 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll [2006/04/16 16:22:52 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll [2006/04/16 16:22:52 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll [2006/04/16 16:22:52 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll [2006/04/16 16:22:52 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll [2006/04/16 16:22:50 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll [2006/04/16 16:22:50 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll [2006/04/16 16:22:50 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll [2006/04/16 16:22:50 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll [3 C:\Documents and Settings\Marlène\Bureau\*.tmp files -> C:\Documents and Settings\Marlène\Bureau\*.tmp -> ] [2 C:\Documents and Settings\Marlène\Mes documents\*.tmp files -> C:\Documents and Settings\Marlène\Mes documents\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/10/13 18:37:12 | 000,000,061 | RHS- | M] () -- C:\autorun.inf [2010/10/13 16:57:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/10/13 16:55:56 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2035062039-3169207473-3815781202-1006.job [2010/10/13 16:55:13 | 526,843,904 | -HS- | M] () -- C:\hiberfil.sys [2010/10/13 16:55:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/10/12 18:12:50 | 000,157,696 | RHS- | M] () -- C:\io3yalc.exe [2010/10/11 22:10:14 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\Copie de WE du 24-25 Oct.xls [2010/10/10 19:41:57 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk [2010/10/06 13:09:59 | 000,516,836 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2010/10/06 13:09:59 | 000,447,046 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/10/06 13:09:59 | 000,087,582 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2010/10/06 13:09:59 | 000,073,582 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/10/03 16:30:21 | 000,031,577 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\Convention collective.docx [2010/09/28 08:06:59 | 004,700,521 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\Sylvain.png [2010/09/27 20:50:42 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat [2010/09/25 10:53:37 | 026,309,694 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\Declic2de_livreProfesseur.pdf [2010/09/22 19:30:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2035062039-3169207473-3815781202-1006.job [2010/09/17 08:59:20 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Marlène\Bureau\~$AP2PP.doc [2010/09/14 22:35:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [3 C:\Documents and Settings\Marlène\Bureau\*.tmp files -> C:\Documents and Settings\Marlène\Bureau\*.tmp -> ] [2 C:\Documents and Settings\Marlène\Mes documents\*.tmp files -> C:\Documents and Settings\Marlène\Mes documents\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/10/13 18:25:30 | 000,157,696 | RHS- | C] () -- C:\io3yalc.exe [2010/10/12 09:50:15 | 000,000,061 | RHS- | C] () -- C:\autorun.inf [2010/10/10 19:41:57 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk [2010/10/03 10:11:35 | 000,031,577 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\Convention collective.docx [2010/09/28 08:06:53 | 004,700,521 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\Sylvain.png [2010/09/27 20:50:42 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010/09/25 10:53:31 | 026,309,694 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\Declic2de_livreProfesseur.pdf [2010/09/19 21:37:18 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\Copie de WE du 24-25 Oct.xls [2010/09/17 08:59:20 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Marlène\Bureau\~$AP2PP.doc [2009/11/12 16:56:07 | 001,826,816 | ---- | C] () -- C:\WINDOWS\System32\geoplan.dll [2008/04/07 12:57:18 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini [2008/02/17 18:29:52 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2007/09/03 14:23:30 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2006/11/30 23:01:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TEXTware.ini [2006/11/30 23:01:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\Twavbx32.dll [2006/11/30 23:01:33 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\idiom010227.dll [2006/11/30 23:01:32 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\UnzDll.dll [2006/11/30 23:01:32 | 000,113,288 | ---- | C] () -- C:\WINDOWS\System32\bass.dll [2006/11/30 23:01:28 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ILXTBS.DLL [2006/10/06 20:34:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI [2006/09/19 15:36:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI [2006/07/28 00:15:08 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2006/07/14 00:08:05 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\9EBD1C6461.sys [2006/05/01 21:18:58 | 000,002,409 | ---- | C] () -- C:\WINDOWS\photoimpression.ini [2006/05/01 15:55:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2006/05/01 10:59:07 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/04/30 23:07:41 | 000,007,570 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2006/04/30 23:07:41 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\61641CBD9E.sys [2006/04/30 23:03:35 | 000,193,024 | ---- | C] () -- C:\Documents and Settings\Marlène\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/04/30 22:36:27 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Marlène\Local Settings\Application Data\fusioncache.dat [2006/04/16 17:00:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/04/16 16:53:50 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006/04/16 16:46:30 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare [2006/04/16 16:22:52 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll [2006/04/16 16:22:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll [2006/04/16 16:22:52 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll [2006/04/16 16:22:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll [2006/04/16 16:22:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll [2006/04/16 16:22:50 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll [2006/04/16 16:22:50 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll [2006/04/16 16:22:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll [2006/04/16 16:22:50 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll [2006/04/16 16:22:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll [2006/04/16 16:22:06 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2006/04/16 16:22:02 | 000,000,536 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/08/02 15:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini [2005/04/09 18:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/10/15 18:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll [2004/08/20 11:45:35 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/20 11:30:35 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2001/01/01 15:31:07 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\mapcar.dll [color=#E56717]========== LOP Check ==========[/color] [2010/08/26 17:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com [2006/04/16 16:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2008/05/29 19:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\BitTorrent [2010/04/25 21:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Canon [2006/05/02 17:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Leadertech [2006/12/04 11:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Oxford [2007/08/01 00:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\uTorrent [2006/05/01 23:30:02 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color] [2010/10/10 19:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2006/07/28 00:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL [2006/11/22 02:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2007/09/03 14:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard [2006/04/16 16:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield [2006/04/16 16:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel [2010/08/26 17:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com [2006/04/16 16:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee [2006/07/07 16:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com [2006/06/16 23:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall [2009/09/16 19:16:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2010/09/14 22:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help [2010/08/24 09:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS [2008/03/31 19:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage [2006/06/27 06:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime [2010/04/26 08:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real [2004/08/20 11:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI [2010/09/27 20:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype [2010/03/30 19:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun [2006/07/06 03:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec [2006/04/16 16:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2006/06/28 01:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2009/10/12 09:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller [2007/04/13 22:58:07 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data\yahoo! [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color] [color=#A23BEC]< %APPDATA%\*. >[/color] [2008/09/22 12:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Adobe [2008/06/04 19:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\AdobeUM [2007/07/21 11:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Apple Computer [2008/05/29 19:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\BitTorrent [2010/04/25 21:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Canon [2006/04/16 16:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Corel [2006/04/30 23:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Corel Photo Album [2006/05/15 04:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\CyberLink [2010/01/21 21:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\dvdcss [2006/05/01 11:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Help [2004/08/20 11:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Identities [2010/06/22 18:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\InstallShield [2006/04/16 16:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Intel [2009/05/08 20:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Lavasoft [2006/05/02 17:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Leadertech [2006/05/01 11:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Macromedia [2006/06/09 23:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\McAfee.com Personal Firewall [2010/02/26 15:35:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Marlène\Application Data\Microsoft [2008/09/06 10:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Mozilla [2006/12/04 11:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Oxford [2010/04/25 21:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Real [2010/10/04 21:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Skype [2010/10/04 20:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\skypePM [2006/08/04 17:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Sonic [2006/04/16 16:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Sun [2006/05/01 11:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Symantec [2007/08/01 00:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\uTorrent [2008/09/06 15:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\vlc [2007/07/30 14:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\WinRAR [2006/11/14 23:34:28 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Marlène\Application Data\yahoo! [2006/04/16 16:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\You've Got Pictures Screensaver [2008/04/27 09:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\ZoomBrowser EX [color=#A23BEC]< %APPDATA%\*.exe /s >[/color] [2007/01/20 16:02:50 | 023,489,040 | ---- | M] ( ) -- C:\Documents and Settings\Marlène\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe [2008/06/04 19:05:46 | 022,023,120 | ---- | M] ( ) -- C:\Documents and Settings\Marlène\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_fr_FR.exe [2007/09/03 14:35:32 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Marlène\Application Data\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2010/10/12 18:12:50 | 000,157,696 | RHS- | M] () -- C:\io3yalc.exe [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2010/10/12 18:12:50 | 000,157,696 | RHS- | M] () -- C:\io3yalc.exe [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys [2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008/09/16 16:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008/09/16 16:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS [2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys [2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008/09/16 16:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/09/16 16:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:cdrom.sys [2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2008/09/16 16:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008/09/16 16:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2004/08/05 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\i386\cdrom.sys [2004/08/05 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: CHANGER.SYS >[/color] [2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:Changer.sys [2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys [2008/09/16 16:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys [2008/09/16 16:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys [2008/04/13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys [color=#A23BEC]< MD5 for: DISK.SYS >[/color] [2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys [2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys [2008/09/16 16:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys [2008/09/16 16:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys [2004/08/05 13:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys [2004/08/05 13:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys [2008/04/13 20:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys [2008/04/13 20:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004/08/05 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\i386\eventlog.dll [2004/08/05 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2004/08/05 13:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=4C33E5B9A6197B6ED215F6CFBA0A2DAA -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007/06/13 15:10:53 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=B795475444D6D57A572C14B9E1A29839 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2007/06/13 15:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2004/08/05 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\i386\ndis.sys [2004/08/05 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll [2004/08/05 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\i386\netlogon.dll [2004/08/05 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [color=#A23BEC]< MD5 for: RASACD.SYS >[/color] [2004/08/05 13:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\i386\rasacd.sys [2004/08/05 13:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys [color=#A23BEC]< MD5 for: RDPWD.SYS >[/color] [2005/06/10 06:06:01 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=047BEA21274C8A4A233674A76C958C2C -- C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys [2008/04/14 04:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys [2008/04/14 04:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\rdpwd.sys [2005/06/10 06:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\i386\rdpwd.sys [2005/06/10 06:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll [2004/08/05 13:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\i386\scecli.dll [2004/08/05 13:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [color=#A23BEC]< MD5 for: SFLOPPY.SYS >[/color] [2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:Sfloppy.sys [2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys [2008/09/16 16:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Sfloppy.sys [2008/09/16 16:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Sfloppy.sys [2004/08/05 13:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\i386\sfloppy.sys [2004/08/05 13:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys [2008/04/13 20:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys [2008/04/13 20:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys [color=#A23BEC]< MD5 for: SPLITTER.SYS >[/color] [2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:splitter.sys [2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys [2008/09/16 16:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:splitter.sys [2008/09/16 16:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:splitter.sys [2006/06/14 10:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\$NtServicePackUninstall$\splitter.sys [2004/08/04 00:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=8E186B8F23295D1E42C573B82B80D548 -- C:\i386\splitter.sys [2004/08/04 00:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=8E186B8F23295D1E42C573B82B80D548 -- C:\WINDOWS\$NtUninstallKB920872$\splitter.sys [2006/06/14 10:50:19 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=9BB1DD670CB7505A90FC4E61D4AA8227 -- C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys [2008/04/13 20:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\ServicePackFiles\i386\splitter.sys [2008/04/13 20:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys [color=#A23BEC]< MD5 for: SWMIDI.SYS >[/color] [2008/09/16 16:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:swmidi.sys [2008/09/16 16:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:swmidi.sys [2008/04/13 20:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\ServicePackFiles\i386\swmidi.sys [2008/04/13 20:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys [2001/08/17 23:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\i386\swmidi.sys [2001/08/17 23:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\$NtServicePackUninstall$\swmidi.sys [color=#A23BEC]< MD5 for: TCPIP.SYS >[/color] [2006/04/20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys [2008/06/20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys [2006/01/13 19:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys [2006/01/13 04:28:14 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=583E063FDC888CA30D05C2724B0D7EF4 -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys [2007/10/30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys [2008/06/20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys [2007/10/30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys [2008/04/13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys [2008/04/13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys [2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys [2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys [2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys [2004/08/05 13:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\i386\tcpip.sys [2004/08/05 13:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys [2008/06/20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys [2006/04/20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys [color=#A23BEC]< MD5 for: TDPIPE.SYS >[/color] [2004/08/05 13:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\i386\tdpipe.sys [2004/08/05 13:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys [2008/04/14 04:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys [2008/04/14 04:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys [color=#A23BEC]< MD5 for: TDTCP.SYS >[/color] [2008/04/14 04:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys [2008/04/14 04:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys [2004/08/05 13:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\i386\tdtcp.sys [2004/08/05 13:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys [color=#A23BEC]< MD5 for: USBPRINT.SYS >[/color] [2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbprint.sys [2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys [2008/09/16 16:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbprint.sys [2008/09/16 16:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbprint.sys [2004/08/04 01:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\WINDOWS\$NtServicePackUninstall$\usbprint.sys [2008/04/13 20:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\ServicePackFiles\i386\usbprint.sys [2008/04/13 20:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys [color=#A23BEC]< MD5 for: USBSCAN.SYS >[/color] [2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbscan.sys [2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys [2008/09/16 16:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbscan.sys [2008/09/16 16:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbscan.sys [2008/04/13 20:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\ServicePackFiles\i386\usbscan.sys [2008/04/13 20:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys [2004/08/03 22:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\$NtServicePackUninstall$\usbscan.sys [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2004/08/05 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\i386\userinit.exe [2004/08/05 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004/08/05 13:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\i386\winlogon.exe [2004/08/05 13:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] < End of report >

Merci pour votre précieuse aide

Marlène

jeanmimigab · le 13 Oct 2010 18:42

Bonsoir Marlène et bienvenue sur PC-Infopratique...

Je jette un œil à tes rapports ... :wink:

à première vue mon petit doigt me dit que tu as choper ça par une clefs USB ou un DD externe, en attendant ma réponse, rassemble tous tes supports externes qui te serve a stocker (clef USB,DD externe...)

DouDou9455 · le 13 Oct 2010 18:46

Bonjour & Bienvenue,

Quel PC? Portable?
Fixe? Monté par un assembleur ou Pc de marque?

Edit : Pwned by Jean. Je te laisse le topic je jette un oeil!

mbouchet · le 13 Oct 2010 19:00

Merci pour vos rapides réponses!

J'ai effectivement surement attrapé ça par ma clé USB que je connecte tous les jours aux ordis de mon établissement scolaire.
L'ordinateur infesté est un PC portable de la marque DELL, Inspiron 6400 Intel Centrino Duo

jeanmimigab · le 13 Oct 2010 19:19

hello

c'est partie alors,

Avant tout place OTL.exe impérativement sur ton bureau (il est actuellement dans ton dossier "téléchargement")

Ensuite...
Branche tous tes périphériques de stockage USB >> clefs USB, DD externe (en position "marche"), carte photos etc...

Télécharge USBFix sur ton bureau,et installe le en faisant un double-clic dessus...cela créera un raccourcie de lancement du tool.
Fais un clic-droit et "exécuter en tant qu'administrateur" sur le raccourci créer par USBFix durant l'installation afin de le lancer.
Fais le choix N°1 (recherche), laisse travailler USBFix et poste le rapport qui sera générer en fin de scan.

@++

EDIT:les deux serveurs d'USBFix sont HS apparament

On va faire autrement...
Branche tous tes périphériques de stockage USB >> clefs USB, DD externe (en position "marche"), carte photos etc...

Refais le même scan OTL que tu a fais tout à l'heure (mais avec OTL sur ton bureau) et poste le rapport qui s'ouvre.
Note:cette fois ci tu n'auras pas de rapport "extrat.txt"

mbouchet · le 13 Oct 2010 19:56

La recherche est lancée
(je n'ai pas branché mon DD externe que je n'utilise que très rarement. Il n'a sans doute pas été infesté)

mbouchet · le 13 Oct 2010 20:07

OUps

Code: Tout sélectionner: OTL logfile created on: 13/10/2010 20:54:53 - Run 2 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Marlène\Bureau Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 502,00 Mb Total Physical Memory | 236,00 Mb Available Physical Memory | 47,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 60,00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 51,39 Gb Total Space | 9,67 Gb Free Space | 18,82% Space Free | Partition Type: NTFS Drive F: | 487,73 Mb Total Space | 73,47 Mb Free Space | 15,06% Space Free | Partition Type: FAT Computer Name: MARLENE | User Name: Marlène | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Documents and Settings\Marlène\Bureau\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\WINDOWS\vVX1000.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc) PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) PRC - C:\WINDOWS\system32\dlcccoms.exe ( ) PRC - C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell) PRC - C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) PRC - C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.) [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - C:\Documents and Settings\Marlène\Bureau\OTL.exe (OldTimer Tools) MOD - C:\Documents and Settings\Marlène\Local Settings\Temp\apiqq0.dll () MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\WINDOWS\system32\SSSensor.dll (Sygate Technologies, Inc.) [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation) SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ( ) SRV - (SmcService) -- C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (VX1000) -- C:\WINDOWS\system32\drivers\VX1000.sys (Microsoft Corporation) DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions) DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions) DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions) DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions) DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions) DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions) DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions) DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions) DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions) DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions) DRV - (wg6n) -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys (Sygate Technologies, Inc.) DRV - (wg5n) -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys (Sygate Technologies, Inc.) DRV - (wg4n) -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys (Sygate Technologies, Inc.) DRV - (wg3n) -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys (Sygate Technologies, Inc.) DRV - (wpsdrvnt) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Sygate Technologies, Inc.) DRV - (Teefer) -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys (Sygate Technologies, Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions) DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions) DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc) DRV - (fbxusb) -- C:\WINDOWS\system32\drivers\fbxusb.sys (FreeBox SA) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.fr/myway IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.fr/myway IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway IE - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp IE - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com IE - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.google.fr/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/17 20:29:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/10 19:41:55 | 000,000,000 | ---D | M] [2008/09/06 10:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Mozilla\Extensions [2010/10/12 20:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Mozilla\Firefox\Profiles\6cs31fyo.default\extensions [2010/05/06 19:51:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marlène\Application Data\Mozilla\Firefox\Profiles\6cs31fyo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008/09/06 14:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Mozilla\Firefox\Profiles\6cs31fyo.default\extensions\FFClickOnce@softwarepunk.com [2010/10/12 20:56:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/07/28 18:19:16 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2010/07/28 18:19:16 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2010/07/28 18:19:16 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2009/08/11 12:35:00 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml [2010/07/28 18:19:16 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2010/07/28 18:19:16 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2004/08/05 13:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (no name) - {7f366713-5be6-4ea5-a306-828188c60ee6} - C:\WINDOWS\System32\ddesmgr.dll File not found O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll File not found O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O3 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc) O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL () O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell) O4 - HKLM..\Run: [Install5G] D:\Install.exe File not found O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ShowLOMControl] File not found O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006..\Run: [api32] C:\Documents and Settings\Marlène\Local Settings\Temp\apiqq.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_1_0_1.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ddesmgr: DllName - ddesmgr.dll - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Marlène\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marlène\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {BD804BDD-9A9E-45F5-B9CD-99832A48603C} - C:\WINDOWS\System32\WMDima.dll File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/20 11:37:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/10/13 20:55:32 | 000,000,061 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010/10/13 20:55:02 | 000,000,061 | RHS- | M] () - F:\autorun.inf -- [ FAT ] O33 - MountPoints2\{1f0856b4-1909-11dc-9f0a-0015c50e40b0}\Shell\Auto\command - "" = AdobeR.exe e O33 - MountPoints2\{1f0856b5-1909-11dc-9f0a-0015c50e40b0}\Shell\Auto\command - "" = F:\AdobeR.exe -- File not found O33 - MountPoints2\{5aebd073-e622-11da-9d4f-00038a000015}\Shell\AutoRun\command - "" = s3ek.exe O33 - MountPoints2\{5aebd073-e622-11da-9d4f-00038a000015}\Shell\open\Command - "" = s3ek.exe O33 - MountPoints2\{6feac86a-8e33-11dc-9fa1-0015c50e40b0}\Shell\Auto\command - "" = AdobeR.exe e O33 - MountPoints2\{992dbae2-f395-11de-9e3d-0015c50e40b0}\Shell\AutoRun\command - "" = F:\io3yalc.exe -- [2010/10/12 18:12:52 | 000,157,696 | RHS- | M] () O33 - MountPoints2\{992dbae2-f395-11de-9e3d-0015c50e40b0}\Shell\open\Command - "" = F:\io3yalc.exe -- [2010/10/12 18:12:52 | 000,157,696 | RHS- | M] () O33 - MountPoints2\{b55ddcac-d960-11dc-9ff1-0015c50e40b0}\Shell\Auto\command - "" = AdobeR.exe e O33 - MountPoints2\{e56735ee-aecd-11de-9dd6-0015c50e40b0}\Shell\Auto\command - "" = E:\cleardisk.pif -- File not found O33 - MountPoints2\{f67f111a-af25-11dd-a112-0015c50e40b0}\Shell\AutoRun\command - "" = ranvrgn.exe O33 - MountPoints2\{f67f111a-af25-11dd-a112-0015c50e40b0}\Shell\explore\Command - "" = ranvrgn.exe O33 - MountPoints2\{f67f111a-af25-11dd-a112-0015c50e40b0}\Shell\open\Command - "" = ranvrgn.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"French" /KBD:2) - C:\WINDOWS\System32\aswBoot.exe (ALWIL Software) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/10/13 18:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlène\Bureau\Virus Win32 [2010/10/13 18:25:56 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marlène\Bureau\OTL.exe [2010/10/13 18:23:10 | 000,000,000 | ---D | C] -- C:\Navilog1 [2010/09/27 20:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlène\Application Data\skypePM [2010/09/27 20:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Skype [2010/09/27 20:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype [2006/04/16 16:22:52 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll [2006/04/16 16:22:52 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll [2006/04/16 16:22:52 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll [2006/04/16 16:22:52 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll [2006/04/16 16:22:52 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll [2006/04/16 16:22:50 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll [2006/04/16 16:22:50 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll [2006/04/16 16:22:50 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll [2006/04/16 16:22:50 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll [3 C:\Documents and Settings\Marlène\Bureau\*.tmp files -> C:\Documents and Settings\Marlène\Bureau\*.tmp -> ] [2 C:\Documents and Settings\Marlène\Mes documents\*.tmp files -> C:\Documents and Settings\Marlène\Mes documents\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/10/13 20:56:24 | 000,000,061 | RHS- | M] () -- C:\autorun.inf [2010/10/13 19:30:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2035062039-3169207473-3815781202-1006.job [2010/10/13 18:25:57 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marlène\Bureau\OTL.exe [2010/10/13 16:57:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/10/13 16:55:56 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2035062039-3169207473-3815781202-1006.job [2010/10/13 16:55:13 | 526,843,904 | -HS- | M] () -- C:\hiberfil.sys [2010/10/13 16:55:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/10/12 18:12:50 | 000,157,696 | RHS- | M] () -- C:\io3yalc.exe.vir [2010/10/12 18:12:50 | 000,157,696 | RHS- | M] () -- C:\io3yalc.exe [2010/10/11 22:10:14 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\Copie de WE du 24-25 Oct.xls [2010/10/10 19:41:57 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk [2010/10/06 13:09:59 | 000,516,836 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2010/10/06 13:09:59 | 000,447,046 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/10/06 13:09:59 | 000,087,582 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2010/10/06 13:09:59 | 000,073,582 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/10/03 16:30:21 | 000,031,577 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\Convention collective.docx [2010/09/28 08:06:59 | 004,700,521 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\Sylvain.png [2010/09/27 20:50:42 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat [2010/09/25 10:53:37 | 026,309,694 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\Declic2de_livreProfesseur.pdf [2010/09/17 08:59:20 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Marlène\Bureau\~$AP2PP.doc [2010/09/14 22:35:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [3 C:\Documents and Settings\Marlène\Bureau\*.tmp files -> C:\Documents and Settings\Marlène\Bureau\*.tmp -> ] [2 C:\Documents and Settings\Marlène\Mes documents\*.tmp files -> C:\Documents and Settings\Marlène\Mes documents\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/10/13 20:53:48 | 000,157,696 | RHS- | C] () -- C:\io3yalc.exe [2010/10/13 19:40:48 | 000,157,696 | RHS- | C] () -- C:\io3yalc.exe.vir [2010/10/12 09:50:15 | 000,000,061 | RHS- | C] () -- C:\autorun.inf [2010/10/10 19:41:57 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk [2010/10/03 10:11:35 | 000,031,577 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\Convention collective.docx [2010/09/28 08:06:53 | 004,700,521 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\Sylvain.png [2010/09/27 20:50:42 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010/09/25 10:53:31 | 026,309,694 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\Declic2de_livreProfesseur.pdf [2010/09/19 21:37:18 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\Copie de WE du 24-25 Oct.xls [2010/09/17 08:59:20 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Marlène\Bureau\~$AP2PP.doc [2009/11/12 16:56:07 | 001,826,816 | ---- | C] () -- C:\WINDOWS\System32\geoplan.dll [2008/04/07 12:57:18 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini [2008/02/17 18:29:52 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2007/09/03 14:23:30 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2006/11/30 23:01:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TEXTware.ini [2006/11/30 23:01:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\Twavbx32.dll [2006/11/30 23:01:33 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\idiom010227.dll [2006/11/30 23:01:32 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\UnzDll.dll [2006/11/30 23:01:32 | 000,113,288 | ---- | C] () -- C:\WINDOWS\System32\bass.dll [2006/11/30 23:01:28 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ILXTBS.DLL [2006/10/06 20:34:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI [2006/09/19 15:36:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI [2006/07/28 00:15:08 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2006/07/14 00:08:05 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\9EBD1C6461.sys [2006/05/01 21:18:58 | 000,002,409 | ---- | C] () -- C:\WINDOWS\photoimpression.ini [2006/05/01 15:55:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2006/05/01 10:59:07 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/04/30 23:07:41 | 000,007,570 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2006/04/30 23:07:41 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\61641CBD9E.sys [2006/04/30 23:03:35 | 000,193,024 | ---- | C] () -- C:\Documents and Settings\Marlène\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/04/30 22:36:27 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Marlène\Local Settings\Application Data\fusioncache.dat [2006/04/16 17:00:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/04/16 16:53:50 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006/04/16 16:46:30 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare [2006/04/16 16:22:52 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll [2006/04/16 16:22:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll [2006/04/16 16:22:52 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll [2006/04/16 16:22:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll [2006/04/16 16:22:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll [2006/04/16 16:22:50 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll [2006/04/16 16:22:50 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll [2006/04/16 16:22:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll [2006/04/16 16:22:50 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll [2006/04/16 16:22:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll [2006/04/16 16:22:06 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2006/04/16 16:22:02 | 000,000,536 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/08/02 15:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini [2005/04/09 18:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/10/15 18:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll [2004/08/20 11:45:35 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/20 11:30:35 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2001/01/01 15:31:07 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\mapcar.dll [color=#E56717]========== LOP Check ==========[/color] [2010/08/26 17:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com [2006/04/16 16:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2008/05/29 19:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\BitTorrent [2010/04/25 21:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Canon [2006/05/02 17:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Leadertech [2006/12/04 11:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Oxford [2007/08/01 00:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\uTorrent [2006/05/01 23:30:02 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job [color=#E56717]========== Purity Check ==========[/color] < End of report >

jeanmimigab · le 13 Oct 2010 20:20

2010/10/13 18:23:10 | 000,000,000 | ---D | C] -- C:\Navilog1

Tu as utiliser Navilog1 ???
Si tu te fais aider sur un autre forum, ne fais pas les deux procédures, tu en choisis une des deux, sinon on risque de planter ton pc.

si tu me suis fais cela...

* Fais un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:Files
C:\io3yalc.exe
C:\cleardisk.pif
C:\io3yalc.exe
C:\s3ek.exe
C:\AdobeR.exe
C:\AdobeR.exe e
C:\ranvrgn.exe
C:\Documents and Settings\Marlène\Local Settings\Temp\apiqq0.dll
C:\WINDOWS\System32\ddesmgr.dll
D:\Install.exe File not found
C:\Documents and Settings\Marlène\Local Settings\Temp\apiqq.exe
E:\cleardisk.pif
E:\io3yalc.exe
E:\s3ek.exe
E:\AdobeR.exe
E:\AdobeR.exe e
E:\ranvrgn.exe
F:\io3yalc.exe
F:\s3ek.exe
F:\AdobeR.exe
F:\AdobeR.exe e
F:\ranvrgn.exe
F:\cleardisk.pif
C:\autorun.inf
C:\WINDOWS\autorun.INI

:OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {7f366713-5be6-4ea5-a306-828188c60ee6} - C:\WINDOWS\System32\ddesmgr.dll File not found
O4 - HKLM\..\Run: [Install5G] D:\Install.exe File not found
O4 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\..\Run: [api32] C:\Documents and Settings\Marlène\Local Settings\Temp\apiqq.exe ()
O32 - AutoRun File - [2004/08/20 11:37:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/13 18:30:33 | 000,000,061 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{1f0856b4-1909-11dc-9f0a-0015c50e40b0}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{1f0856b5-1909-11dc-9f0a-0015c50e40b0}\Shell\Auto\command - "" = F:\AdobeR.exe -- File not found
O33 - MountPoints2\{5aebd073-e622-11da-9d4f-00038a000015}\Shell\AutoRun\command - "" = s3ek.exe
O33 - MountPoints2\{5aebd073-e622-11da-9d4f-00038a000015}\Shell\open\Command - "" = s3ek.exe
O33 - MountPoints2\{6feac86a-8e33-11dc-9fa1-0015c50e40b0}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{992dbae2-f395-11de-9e3d-0015c50e40b0}\Shell\AutoRun\command - "" = F:\io3yalc.exe -- File not found
O33 - MountPoints2\{992dbae2-f395-11de-9e3d-0015c50e40b0}\Shell\open\Command - "" = F:\io3yalc.exe -- File not found
O33 - MountPoints2\{b55ddcac-d960-11dc-9ff1-0015c50e40b0}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{e56735ee-aecd-11de-9dd6-0015c50e40b0}\Shell\Auto\command - "" = E:\cleardisk.pif -- File not found
O33 - MountPoints2\{f67f111a-af25-11dd-a112-0015c50e40b0}\Shell\AutoRun\command - "" = ranvrgn.exe
O33 - MountPoints2\{f67f111a-af25-11dd-a112-0015c50e40b0}\Shell\explore\Command - "" = ranvrgn.exe
O33 - MountPoints2\{f67f111a-af25-11dd-a112-0015c50e40b0}\Shell\open\Command - "" = ranvrgn.exe
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
[3 C:\Documents and Settings\Marlène\Bureau\*.tmp files -> C:\Documents and Settings\Marlène\Bureau\*.tmp -> ]
[2 C:\Documents and Settings\Marlène\Mes documents\*.tmp files -> C:\Documents and Settings\Marlène\Mes documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

:Commands
[emptytemp]
[EMPTYFLASH]
[PURITY]
[RESETHOSTS]

* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport va s'ouvrir "OTL.Txt"
* Copie et colle le rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

mbouchet · le 13 Oct 2010 20:44

Merci

J'ai fait vos instructions, mon ordi a redémarré mais le rapport s'est affiché automatiquement

Code: Tout sélectionner: All processes killed ========== FILES ========== C:\io3yalc.exe moved successfully. File\Folder C:\cleardisk.pif not found. File\Folder C:\io3yalc.exe not found. File\Folder C:\s3ek.exe not found. File\Folder C:\AdobeR.exe not found. File\Folder C:\AdobeR.exe e not found. File\Folder C:\ranvrgn.exe not found. C:\Documents and Settings\Marlène\Local Settings\Temp\apiqq0.dll moved successfully. File\Folder C:\WINDOWS\System32\ddesmgr.dll not found. File\Folder D:\Install.exe File not found not found. C:\Documents and Settings\Marlène\Local Settings\Temp\apiqq.exe moved successfully. File\Folder E:\cleardisk.pif not found. File\Folder E:\io3yalc.exe not found. File\Folder E:\s3ek.exe not found. File\Folder E:\AdobeR.exe not found. File\Folder E:\AdobeR.exe e not found. File\Folder E:\ranvrgn.exe not found. F:\io3yalc.exe moved successfully. File\Folder F:\s3ek.exe not found. File\Folder F:\AdobeR.exe not found. File\Folder F:\AdobeR.exe e not found. File\Folder F:\ranvrgn.exe not found. File\Folder F:\cleardisk.pif not found. C:\autorun.inf moved successfully. C:\WINDOWS\autorun.INI moved successfully. ========== OTL ========== Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7f366713-5be6-4ea5-a306-828188c60ee6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f366713-5be6-4ea5-a306-828188c60ee6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found. Registry value HKEY_USERS\S-1-5-21-2035062039-3169207473-3815781202-1006\\Software\Microsoft\Windows\CurrentVersion\Run\\api32 deleted successfully. File C:\Documents and Settings\Marlène\Local Settings\Temp\apiqq.exe not found. C:\AUTOEXEC.BAT moved successfully. File C:\autorun.inf not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f0856b4-1909-11dc-9f0a-0015c50e40b0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f0856b4-1909-11dc-9f0a-0015c50e40b0}\ not found. File AdobeR.exe e not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f0856b5-1909-11dc-9f0a-0015c50e40b0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f0856b5-1909-11dc-9f0a-0015c50e40b0}\ not found. File F:\AdobeR.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5aebd073-e622-11da-9d4f-00038a000015}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5aebd073-e622-11da-9d4f-00038a000015}\ not found. File s3ek.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5aebd073-e622-11da-9d4f-00038a000015}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5aebd073-e622-11da-9d4f-00038a000015}\ not found. File s3ek.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6feac86a-8e33-11dc-9fa1-0015c50e40b0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6feac86a-8e33-11dc-9fa1-0015c50e40b0}\ not found. File AdobeR.exe e not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{992dbae2-f395-11de-9e3d-0015c50e40b0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{992dbae2-f395-11de-9e3d-0015c50e40b0}\ not found. File F:\io3yalc.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{992dbae2-f395-11de-9e3d-0015c50e40b0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{992dbae2-f395-11de-9e3d-0015c50e40b0}\ not found. File F:\io3yalc.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b55ddcac-d960-11dc-9ff1-0015c50e40b0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b55ddcac-d960-11dc-9ff1-0015c50e40b0}\ not found. File AdobeR.exe e not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e56735ee-aecd-11de-9dd6-0015c50e40b0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e56735ee-aecd-11de-9dd6-0015c50e40b0}\ not found. File E:\cleardisk.pif not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f67f111a-af25-11dd-a112-0015c50e40b0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f67f111a-af25-11dd-a112-0015c50e40b0}\ not found. File ranvrgn.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f67f111a-af25-11dd-a112-0015c50e40b0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f67f111a-af25-11dd-a112-0015c50e40b0}\ not found. File ranvrgn.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f67f111a-af25-11dd-a112-0015c50e40b0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f67f111a-af25-11dd-a112-0015c50e40b0}\ not found. File ranvrgn.exe not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}\ not found. C:\Documents and Settings\Marlène\Bureau\~WRL0001.tmp deleted successfully. C:\Documents and Settings\Marlène\Bureau\~WRL0003.tmp deleted successfully. C:\Documents and Settings\Marlène\Bureau\~WRL3405.tmp deleted successfully. C:\Documents and Settings\Marlène\Mes documents\~WRL0001.tmp deleted successfully. C:\Documents and Settings\Marlène\Mes documents\~WRL1478.tmp deleted successfully. C:\WINDOWS\System32\CONFIG.TMP deleted successfully. C:\WINDOWS\002774_.tmp deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Marlène ->Temp folder emptied: 373761909 bytes ->Temporary Internet Files folder emptied: 178690650 bytes ->Java cache emptied: 84490541 bytes ->FireFox cache emptied: 45992128 bytes ->Flash cache emptied: 69124 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 118496 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 28795594 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64197260 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 602112 bytes Total Files Cleaned = 741,00 mb [EMPTYFLASH] User: All Users User: Default User User: LocalService User: Marlène ->Flash cache emptied: 0 bytes User: NetworkService Total Flash Files Cleaned = 0,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.15.2 log created on 10132010_212437 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Marlène\Local Settings\Temp\ALTEN_DT SI2 not found! Registry entries deleted on Reboot...

J'ai aussi un fichier OTL.txt sur mon bureau, je ne sais pas si c'est le même. En voilà une copie

Code: Tout sélectionner: All processes killed ========== FILES ========== C:\io3yalc.exe moved successfully. File\Folder C:\cleardisk.pif not found. File\Folder C:\io3yalc.exe not found. File\Folder C:\s3ek.exe not found. File\Folder C:\AdobeR.exe not found. File\Folder C:\AdobeR.exe e not found. File\Folder C:\ranvrgn.exe not found. C:\Documents and Settings\Marlène\Local Settings\Temp\apiqq0.dll moved successfully. File\Folder C:\WINDOWS\System32\ddesmgr.dll not found. File\Folder D:\Install.exe File not found not found. C:\Documents and Settings\Marlène\Local Settings\Temp\apiqq.exe moved successfully. File\Folder E:\cleardisk.pif not found. File\Folder E:\io3yalc.exe not found. File\Folder E:\s3ek.exe not found. File\Folder E:\AdobeR.exe not found. File\Folder E:\AdobeR.exe e not found. File\Folder E:\ranvrgn.exe not found. F:\io3yalc.exe moved successfully. File\Folder F:\s3ek.exe not found. File\Folder F:\AdobeR.exe not found. File\Folder F:\AdobeR.exe e not found. File\Folder F:\ranvrgn.exe not found. File\Folder F:\cleardisk.pif not found. C:\autorun.inf moved successfully. C:\WINDOWS\autorun.INI moved successfully. ========== OTL ========== Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7f366713-5be6-4ea5-a306-828188c60ee6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f366713-5be6-4ea5-a306-828188c60ee6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found. Registry value HKEY_USERS\S-1-5-21-2035062039-3169207473-3815781202-1006\\Software\Microsoft\Windows\CurrentVersion\Run\\api32 deleted successfully. File C:\Documents and Settings\Marlène\Local Settings\Temp\apiqq.exe not found. C:\AUTOEXEC.BAT moved successfully. File C:\autorun.inf not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f0856b4-1909-11dc-9f0a-0015c50e40b0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f0856b4-1909-11dc-9f0a-0015c50e40b0}\ not found. File AdobeR.exe e not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f0856b5-1909-11dc-9f0a-0015c50e40b0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f0856b5-1909-11dc-9f0a-0015c50e40b0}\ not found. File F:\AdobeR.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5aebd073-e622-11da-9d4f-00038a000015}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5aebd073-e622-11da-9d4f-00038a000015}\ not found. File s3ek.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5aebd073-e622-11da-9d4f-00038a000015}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5aebd073-e622-11da-9d4f-00038a000015}\ not found. File s3ek.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6feac86a-8e33-11dc-9fa1-0015c50e40b0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6feac86a-8e33-11dc-9fa1-0015c50e40b0}\ not found. File AdobeR.exe e not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{992dbae2-f395-11de-9e3d-0015c50e40b0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{992dbae2-f395-11de-9e3d-0015c50e40b0}\ not found. File F:\io3yalc.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{992dbae2-f395-11de-9e3d-0015c50e40b0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{992dbae2-f395-11de-9e3d-0015c50e40b0}\ not found. File F:\io3yalc.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b55ddcac-d960-11dc-9ff1-0015c50e40b0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b55ddcac-d960-11dc-9ff1-0015c50e40b0}\ not found. File AdobeR.exe e not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e56735ee-aecd-11de-9dd6-0015c50e40b0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e56735ee-aecd-11de-9dd6-0015c50e40b0}\ not found. File E:\cleardisk.pif not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f67f111a-af25-11dd-a112-0015c50e40b0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f67f111a-af25-11dd-a112-0015c50e40b0}\ not found. File ranvrgn.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f67f111a-af25-11dd-a112-0015c50e40b0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f67f111a-af25-11dd-a112-0015c50e40b0}\ not found. File ranvrgn.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f67f111a-af25-11dd-a112-0015c50e40b0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f67f111a-af25-11dd-a112-0015c50e40b0}\ not found. File ranvrgn.exe not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}\ not found. C:\Documents and Settings\Marlène\Bureau\~WRL0001.tmp deleted successfully. C:\Documents and Settings\Marlène\Bureau\~WRL0003.tmp deleted successfully. C:\Documents and Settings\Marlène\Bureau\~WRL3405.tmp deleted successfully. C:\Documents and Settings\Marlène\Mes documents\~WRL0001.tmp deleted successfully. C:\Documents and Settings\Marlène\Mes documents\~WRL1478.tmp deleted successfully. C:\WINDOWS\System32\CONFIG.TMP deleted successfully. C:\WINDOWS\002774_.tmp deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Marlène ->Temp folder emptied: 373761909 bytes ->Temporary Internet Files folder emptied: 178690650 bytes ->Java cache emptied: 84490541 bytes ->FireFox cache emptied: 45992128 bytes ->Flash cache emptied: 69124 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 118496 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 28795594 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64197260 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 602112 bytes Total Files Cleaned = 741,00 mb [EMPTYFLASH] User: All Users User: Default User User: LocalService User: Marlène ->Flash cache emptied: 0 bytes User: NetworkService Total Flash Files Cleaned = 0,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.15.2 log created on 10132010_212437 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Marlène\Local Settings\Temp\ALTEN_DT SI2 not found! Registry entries deleted on Reboot...

jeanmimigab · le 13 Oct 2010 20:55

Ok c'est cool,

télécharges >> Malwarebytes <<
Installes le et mets le à jours avant le scan
Choisis "exécuter un examen rapide" et à la fin du scan , coches tous les éléments trouvés,et cliques sur supprimer la sélection.
Postes moi le rapport stp.

Si tu as besoin, tu as un excellent tuto de Danakil ici
tutoriel-malwarebytes-anti-malware-vt-46564.html

mbouchet · le 13 Oct 2010 21:17

Voila qui est fait

Code: Tout sélectionner: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4814 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 13/10/2010 22:16:25 mbam-log-2010-10-13 (22-16-25).txt Type d'examen: Examen rapide Elément(s) analysé(s): 142108 Temps écoulé: 13 minute(s), 33 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 4 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 3 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\io3yalc.exe.vir (Worm.Magania) -> Quarantined and deleted successfully.

Je redémarre mon ordi maintenant

jeanmimigab · le 13 Oct 2010 21:21

re,

Il nous reste quelque truc a faire, est ce que tu as toujours ces alertes d'Avast pour le rootkit ?

mbouchet · le 13 Oct 2010 21:26

C'est bon, j'ai redémarré et pour l'instant pas d'alerte!

jeanmimigab · le 13 Oct 2010 21:29

ok,

J'ai un petit doute,
Télécharge >>> AD-Remover <<< ( de C_XX ) sur ton bureau.

- Double-clique sur le fichier AD-R.exe

pour lancer le tool.

- Cliques sur "Nettoyer".

- Ensuite laisse le scan s'effectuer tranquillement sans te servir du PC

- Poste le rapport.txt qui s'ouvre.

au cas ou,le rapport est sauvegarder ici
C:\AD-Report-scan+"date"

Si jamais tu dois relancer AD-R.exe tu devras te servir du raccourci

créer durant son installation

mbouchet · le 13 Oct 2010 21:44

voila

Code: Tout sélectionner: ======= RAPPORT D'AD-REMOVER 2.0.0.1,F | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par C_XX le 16/09/10 à 13:30 Contact: AdRemover.contact[AT]gmail.com Site web: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 22:32:37 le 13/10/2010, Mode normal Microsoft Windows XP Édition familiale Service Pack 3 (X86) Marlène@MARLENE ( ) ============== ACTION(S) ============== 0,Dossier supprimé: C:\Documents and Settings\All Users\Application Data\Viewpoint 0,Dossier supprimé: C:\Program Files\Viewpoint (!) -- Fichiers temporaires supprimés. 0,Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl 0,Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1 0,Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary 0,Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1 0,Clé supprimée: HKLM\Software\MetaStream 0,Clé supprimée: HKLM\Software\Viewpoint 0,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Zango 0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer ============== SCAN ADDITIONNEL ============== ** Mozilla Firefox Version [3.6.10 (fr)] ** -- C:\Documents and Settings\Marlène\Application Data\Mozilla\FireFox\Profiles\6cs31fyo.default\Prefs.js -- browser.download.lastDir, C:\\Documents and Settings\\Marlène\\Bureau\\2010-2011 browser.search.defaultenginename, Yahoo! Search browser.search.selectedEngine, Google browser.startup.homepage, hxxp://www.google.fr/ browser.startup.homepage_override.mstone, rv:1.9.2.10 ======================================== ** Internet Explorer Version [8.0.6001.18702] ** [HKCU\Software\Microsoft\Internet Explorer\Main] Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\Main] Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm ======================================== C:\Program Files\Ad-Remover\Quarantine: 61 Fichier(s) C:\Program Files\Ad-Remover\Backup: 13 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 13/10/2010 (603 Octet(s)) Fin à: 22:36:40, 13/10/2010 ============== E.O.F ==============

[Réglé] Win32:Rootkit-gen [Rtk]

[Réglé] Win32:Rootkit-gen [Rtk]

Re: Win32:Rootkit-gen [Rtk]

Re: Win32:Rootkit-gen [Rtk]

Re: Win32:Rootkit-gen [Rtk]

Re: Win32:Rootkit-gen [Rtk]

Re: Win32:Rootkit-gen [Rtk]

Re: Win32:Rootkit-gen [Rtk]

Re: Win32:Rootkit-gen [Rtk]

Re: Win32:Rootkit-gen [Rtk]

Re: Win32:Rootkit-gen [Rtk]

Re: Win32:Rootkit-gen [Rtk]

Re: Win32:Rootkit-gen [Rtk]

Re: Win32:Rootkit-gen [Rtk]

Re: Win32:Rootkit-gen [Rtk]

Re: Win32:Rootkit-gen [Rtk]

Sujets similaires

Qui est en ligne