Il y a actuellement 397 visiteurs
Mardi 05 Novembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

Virus GEMEO

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

Virus GEMEO

Message le 31 Oct 2010 18:09

Bonjour

J'ai un virus qui me redirige quand je fais des recherches sur Google sur d'autres sites bizarres
pouvez vous m'aider , par avance

MERCI

j'ai fait un scan avec MALWAREBYTES
Code: Tout sélectionner
Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Version de la base de données: 4957

Windows 6.0.6000
Internet Explorer 7.0.6000.16982

27/10/2010 22:48:42
mbam-log-2010-10-27 (22-48-42).txt[/color]

Type d'examen: Examen rapide
Elément(s) analysé(s): 151258
Temps écoulé: 6 minute(s), 49 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)[/color]

UN AUTRE SCAN AVEC hijackthis.log
Code: Tout sélectionner
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:05:13, on 31/10/2010
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
C:\Program Files\Fluendo\Moovida\spointer\moovida_air.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Interest recogniser for Moovida (powered by Spointer) - {E2A7BD67-0EAF-497f-B05B-748D7BF3C421} - C:\Program Files\Fluendo\Moovida\spointer\extensions\moovida_air_ie.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: OfferBox - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Program Files\OfferBox\OfferBoxBHO.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BboxUpdate] C:\Program Files\BboxUpdate\eStantAutoRunV.exe
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eStantLaunchService - TechCity Solutions France - C:\Program Files\BboxUpdate\eSRunService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 8073 bytes





Code: Tout sélectionner

un dernier avec OTL



OTL logfile created on: 31/10/2010 17:29:29 - Run 1
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\user\Downloads
Windows Vista Business Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93,16 Gb Total Space | 51,85 Gb Free Space | 55,66% Space Free | Partition Type: NTFS
 
Computer Name: PC-DE-ADMIN | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\user\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Fluendo\Moovida\spointer\moovida_air.exe (Moovida)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
PRC - C:\Program Files\BboxUpdate\BTLiveUpdate.exe (TechCity Solutions France)
PRC - C:\Program Files\BboxUpdate\eSRunService.exe (TechCity Solutions France)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\user\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (eStantLaunchService) -- C:\Program Files\BboxUpdate\eSRunService.exe (TechCity Solutions France)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (ZDCNDIS5) -- C:\Windows\System32\ZDCndis5.sys (ZDC., Inc. (ZDC))
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NETw3v32) Pilote de carte Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2D 4E 84 14 7C B8 0F 45 A7 80 06 11 50 8C C4 36  [binary data]
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2D 4E 84 14 7C B8 0F 45 A7 80 06 11 50 8C C4 36  [binary data]
 
IE - HKU\S-1-5-21-2876503895-1609111011-3768751282-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-2876503895-1609111011-3768751282-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2876503895-1609111011-3768751282-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2D 4E 84 14 7C B8 0F 45 A7 80 06 11 50 8C C4 36  [binary data]
IE - HKU\S-1-5-21-2876503895-1609111011-3768751282-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2876503895-1609111011-3768751282-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: moovida@spointer.com:3.4.1545.153
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.4.1
FF - prefs.js..extensions.enabledItems: {acdbca56-f824-4152-9216-d98724ba0701}:1.0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/09/13 20:23:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\moovida@spointer.com: C:\Program Files\Fluendo\Moovida\spointer\extensions\moovida@spointer.com [2010/09/21 22:41:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\offerboxffx@offerbox.com: C:\Program Files\OfferBox\offerboxffx@offerbox.com [2010/10/23 23:32:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/10/24 19:06:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/26 00:39:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 12:50:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 12:50:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/10/28 16:16:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010/08/31 13:25:59 | 000,000,000 | ---D | M]
 
[2010/09/21 21:35:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2010/08/31 17:54:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/21 21:35:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/10/30 20:16:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\kd3c9nwi.default\extensions
[2010/09/03 09:10:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\kd3c9nwi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/24 19:53:09 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\kd3c9nwi.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2010/10/25 20:04:55 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\kd3c9nwi.default\extensions\{acdbca56-f824-4152-9216-d98724ba0701}
[2010/10/30 20:16:17 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/09/25 23:13:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/31 13:59:39 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010/08/31 13:59:37 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2010/09/25 23:13:09 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/23 01:44:11 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/07/23 01:44:11 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/07/23 01:44:11 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/07/23 01:44:11 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/07/23 01:44:11 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (Interest recogniser for Moovida (powered by Spointer)) - {E2A7BD67-0EAF-497f-B05B-748D7BF3C421} - C:\Program Files\Fluendo\Moovida\spointer\extensions\moovida_air_ie.dll (Moovida)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (OfferBox) - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Program Files\OfferBox\OfferBoxBHO.dll (Secure Digital Services Limited)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-2876503895-1609111011-3768751282-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2876503895-1609111011-3768751282-1000\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BboxUpdate] C:\Program Files\BboxUpdate\eStantAutoRunV.exe (TechCity Solutions France)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2876503895-1609111011-3768751282-1000..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe File not found
O4 - HKU\S-1-5-21-2876503895-1609111011-3768751282-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil9f.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/10/31 17:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/28 15:23:05 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Smart Panel
[2010/10/27 22:08:13 | 000,000,000 | ---D | C] -- C:\Ad-Remover
[2010/10/26 22:40:59 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/10/25 21:47:20 | 000,125,440 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpf3l02t.dll
[2010/10/25 20:56:39 | 000,454,504 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2010/10/25 18:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/25 18:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2010/10/24 19:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/10/24 19:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/10/24 18:58:32 | 000,970,752 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpwtiop4.dll
[2010/10/24 18:58:32 | 000,718,336 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpwwiax5.dll
[2010/10/24 18:58:32 | 000,372,736 | ---- | C] (Hewlett Packard) -- C:\Windows\System32\hppldcoi.dll
[2010/10/23 23:32:35 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\OfferBox
[2010/10/23 23:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\OfferBox
[2010/10/23 19:36:48 | 000,000,000 | ---D | C] -- C:\Program Files\BboxUpdate
[2010/10/23 19:36:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bbox
[2010/10/23 19:08:39 | 001,069,056 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\System32\libeay32.dll
[2010/10/23 19:08:39 | 000,397,312 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtlLib.dll
[2010/10/23 19:08:39 | 000,208,896 | ---- | C] (Realtek) -- C:\Windows\System32\RtlIhvOid.dll
[2010/10/23 19:08:39 | 000,200,704 | ---- | C] (Realtek) -- C:\Windows\System32\IpLib.dll
[2010/10/23 19:08:32 | 000,094,208 | ---- | C] (ZDC., Inc. (ZDC)) -- C:\Windows\System32\ZDCN50.dll
[2010/10/23 19:08:32 | 000,041,280 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\ZDCNDIS6a64.sys
[2010/10/23 19:08:32 | 000,032,256 | ---- | C] (ZDC., Inc. (ZDC)) -- C:\Windows\System32\Zdcndis5a64.sys
[2010/10/23 19:08:32 | 000,020,736 | ---- | C] (ZDC., Inc. (ZDC)) -- C:\Windows\System32\ZDCndis5.sys
[2010/10/23 18:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\Techcity
[2010/10/22 14:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoFiltre Studio
[2010/10/22 14:43:27 | 001,283,974 | ---- | C] (EoRezo                                                      ) -- C:\Users\user\Documents\__WDINST.ZIP
[2010/10/20 20:34:52 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\PIGES
[2010/10/19 09:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2010/10/19 09:41:36 | 000,131,072 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\Epcmlib.dll
[2010/10/19 09:34:05 | 000,073,216 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\ADE.DLL
[2010/10/19 09:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Smart Panel
[2010/10/19 09:33:48 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/10/19 09:32:57 | 000,413,696 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICSDK.dll
[2010/10/19 09:32:57 | 000,114,688 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EpPicPrt.dll
[2010/10/19 09:32:57 | 000,065,536 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EPPicMgr.dll
[2010/10/19 09:30:04 | 000,046,080 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\escimgd.dll
[2010/10/19 09:30:04 | 000,022,528 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\esccmd.dll
[2010/10/19 08:50:40 | 000,000,000 | ---D | C] -- C:\Windows\eigen
[2010/10/17 11:22:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\dvdcss
[2010/10/15 20:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ConeXware
[2010/10/10 23:05:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\vlc
[2010/10/09 15:10:25 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\COMPTA Martine
[2010/10/03 21:01:05 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\OpenCandy
[2010/10/03 21:01:04 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\OpenCandy
[2010/10/03 20:57:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\FrostWire
[2010/10/03 20:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\eMule
[2010/10/03 20:28:19 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/10/03 20:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\Free Download Manager
[2010/10/03 20:13:36 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[1 C:\Users\user\Documents\*.tmp files -> C:\Users\user\Documents\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/10/31 17:25:26 | 000,000,742 | ---- | M] () -- C:\Users\user\Desktop\ad-remover_ad_remover_2010_2.0.0.0_anglais_313780.exe - Raccourci.lnk
[2010/10/31 17:24:57 | 000,000,506 | ---- | M] () -- C:\Users\user\Desktop\OTL - Raccourci.lnk
[2010/10/31 17:04:39 | 000,001,874 | ---- | M] () -- C:\Users\user\Desktop\HijackThis.lnk
[2010/10/31 16:43:56 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/31 16:43:56 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/31 09:43:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/29 08:42:21 | 000,000,108 | -HS- | M] () -- C:\Windows\KLIF.spi
[2010/10/28 16:41:10 | 2145,513,472 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/28 16:40:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/10/28 15:23:08 | 000,000,029 | ---- | M] () -- C:\Windows\DEBUGSM.INI
[2010/10/28 15:04:55 | 000,690,832 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/10/28 15:04:55 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/28 15:04:55 | 000,117,572 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/10/28 15:04:55 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/28 13:02:16 | 000,024,206 | ---- | M] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2010/10/27 22:55:57 | 235,416,941 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/27 21:41:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/27 21:41:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/10/27 21:33:31 | 000,025,088 | ---- | M] () -- C:\Users\user\Desktop\ad remover.doc
[2010/10/27 21:07:12 | 000,017,920 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/26 22:01:18 | 001,283,974 | ---- | M] (EoRezo                                                      ) -- C:\Users\user\Documents\__WDINST.ZIP
[2010/10/26 08:29:38 | 000,025,088 | ---- | M] () -- C:\Users\user\Desktop\Cher maître.doc
[2010/10/25 21:53:58 | 000,224,112 | ---- | M] () -- C:\Windows\hpwins22.dat
[2010/10/25 20:04:56 | 000,000,024 | ---- | M] () -- C:\Windows\System32\854887913
[2010/10/25 18:49:09 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/25 18:21:02 | 000,000,840 | ---- | M] () -- C:\Users\user\Desktop\MediaCoder.lnk
[2010/10/24 20:24:26 | 000,078,264 | ---- | M] () -- C:\Windows\hpqins05.dat
[2010/10/23 18:31:49 | 000,000,680 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2010/10/22 14:47:57 | 000,000,045 | -H-- | M] () -- C:\Windows\dsez8213.dat
[2010/10/22 13:42:33 | 000,186,368 | ---- | M] () -- C:\Users\user\Desktop\liste pieces propriétaire.doc
[2010/10/19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/10/19 09:40:37 | 000,001,697 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Smart Panel.lnk
[2010/10/19 09:31:05 | 000,443,573 | ---- | M] () -- C:\Windows\System32\EPSETUP.CAB
[2010/10/19 09:31:05 | 000,288,201 | ---- | M] () -- C:\Windows\System32\EPPRTDRV.CAB
[2010/10/19 09:31:05 | 000,008,284 | ---- | M] () -- C:\Windows\System32\eps_icon.avi
[2010/10/19 09:29:27 | 000,000,025 | ---- | M] () -- C:\Windows\CDE CX6600FGD.ini
[2010/10/19 08:55:28 | 000,166,252 | ---- | M] () -- C:\Windows\hpwins11.dat
[2010/10/18 20:47:33 | 000,026,112 | ---- | M] () -- C:\Users\user\Desktop\ANNONCE 1.doc
[2010/10/15 11:57:49 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/10/13 09:55:50 | 000,142,848 | ---- | M] () -- C:\Users\user\Desktop\Calculette financière.xls
[2010/10/12 21:53:30 | 000,036,100 | ---- | M] () -- C:\Users\user\Desktop\Fax_du_20101012085926441.pdf
[2010/10/10 23:03:31 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/08 07:38:55 | 000,015,428 | ---- | M] () -- C:\Users\user\RefEdit.exd
[2010/10/07 11:21:33 | 000,026,112 | ---- | M] () -- C:\Users\user\Desktop\LETTRE VERSCHUERE.doc
[2010/10/04 09:20:40 | 000,025,088 | ---- | M] () -- C:\Users\user\Desktop\Logement a titre gratuit.doc
[2010/10/02 08:33:54 | 000,025,915 | ---- | M] () -- C:\Users\user\Documents\location 4.jpg
[2010/10/02 08:33:34 | 000,025,927 | ---- | M] () -- C:\Users\user\Documents\location 3.jpg
[2010/10/02 08:33:16 | 000,039,875 | ---- | M] () -- C:\Users\user\Documents\location 2.jpg
[2010/10/02 08:32:53 | 000,039,217 | ---- | M] () -- C:\Users\user\Documents\location 1.jpg
[2010/10/02 08:32:33 | 000,021,825 | ---- | M] () -- C:\Users\user\Documents\location PLAN.jpg
[1 C:\Users\user\Documents\*.tmp files -> C:\Users\user\Documents\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/10/31 17:25:26 | 000,000,742 | ---- | C] () -- C:\Users\user\Desktop\ad-remover_ad_remover_2010_2.0.0.0_anglais_313780.exe - Raccourci.lnk
[2010/10/31 17:24:57 | 000,000,506 | ---- | C] () -- C:\Users\user\Desktop\OTL - Raccourci.lnk
[2010/10/31 17:04:39 | 000,001,874 | ---- | C] () -- C:\Users\user\Desktop\HijackThis.lnk
[2010/10/29 08:42:21 | 000,000,108 | -HS- | C] () -- C:\Windows\KLIF.spi
[2010/10/28 15:23:08 | 000,000,029 | ---- | C] () -- C:\Windows\DEBUGSM.INI
[2010/10/28 13:02:16 | 000,024,206 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2010/10/27 22:55:33 | 235,416,941 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/27 21:41:09 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/10/27 21:41:09 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/10/27 21:33:31 | 000,025,088 | ---- | C] () -- C:\Users\user\Desktop\ad remover.doc
[2010/10/26 08:29:37 | 000,025,088 | ---- | C] () -- C:\Users\user\Desktop\Cher maître.doc
[2010/10/25 21:41:14 | 000,224,112 | ---- | C] () -- C:\Windows\hpwins22.dat
[2010/10/25 21:41:14 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat
[2010/10/25 20:04:56 | 000,000,024 | ---- | C] () -- C:\Windows\System32\854887913
[2010/10/25 18:49:09 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/25 18:21:02 | 000,000,840 | ---- | C] () -- C:\Users\user\Desktop\MediaCoder.lnk
[2010/10/24 20:23:52 | 000,078,264 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/10/24 19:24:02 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2010/10/22 14:47:57 | 000,000,045 | -H-- | C] () -- C:\Windows\dsez8213.dat
[2010/10/22 13:42:33 | 000,186,368 | ---- | C] () -- C:\Users\user\Desktop\liste pieces propriétaire.doc
[2010/10/19 09:40:37 | 000,001,697 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Smart Panel.lnk
[2010/10/19 09:34:05 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll
[2010/10/19 09:34:05 | 000,003,136 | ---- | C] () -- C:\Windows\Ade001.bin
[2010/10/19 09:34:05 | 000,000,072 | ---- | C] () -- C:\Windows\System32\epDPE.ini
[2010/10/19 09:32:57 | 000,030,605 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/10/19 09:32:57 | 000,027,030 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/10/19 09:32:57 | 000,005,934 | ---- | C] () -- C:\Windows\System32\EPPICLocal_FR.cfg
[2010/10/19 09:32:57 | 000,000,022 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/10/19 09:31:05 | 000,008,284 | ---- | C] () -- C:\Windows\System32\eps_icon.avi
[2010/10/19 09:31:04 | 000,443,573 | ---- | C] () -- C:\Windows\System32\EPSETUP.CAB
[2010/10/19 09:31:04 | 000,288,201 | ---- | C] () -- C:\Windows\System32\EPPRTDRV.CAB
[2010/10/19 09:29:27 | 000,000,025 | ---- | C] () -- C:\Windows\CDE CX6600FGD.ini
[2010/10/19 08:49:19 | 000,166,252 | ---- | C] () -- C:\Windows\hpwins11.dat
[2010/10/19 08:49:19 | 000,000,522 | ---- | C] () -- C:\Windows\hpwmdl11.dat
[2010/10/19 08:49:00 | 000,444,777 | ---- | C] () -- C:\Windows\System32\autorun.inf
[2010/10/18 20:47:32 | 000,026,112 | ---- | C] () -- C:\Users\user\Desktop\ANNONCE 1.doc
[2010/10/15 11:57:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/12 21:53:30 | 000,036,100 | ---- | C] () -- C:\Users\user\Desktop\Fax_du_20101012085926441.pdf
[2010/10/10 23:03:31 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/08 07:38:55 | 000,015,428 | ---- | C] () -- C:\Users\user\RefEdit.exd
[2010/10/07 11:20:54 | 000,026,112 | ---- | C] () -- C:\Users\user\Desktop\LETTRE VERSCHUERE.doc
[2010/10/04 09:06:38 | 000,025,088 | ---- | C] () -- C:\Users\user\Desktop\Logement a titre gratuit.doc
[2010/10/02 08:33:53 | 000,025,915 | ---- | C] () -- C:\Users\user\Documents\location 4.jpg
[2010/10/02 08:33:33 | 000,025,927 | ---- | C] () -- C:\Users\user\Documents\location 3.jpg
[2010/10/02 08:33:15 | 000,039,875 | ---- | C] () -- C:\Users\user\Documents\location 2.jpg
[2010/10/02 08:32:52 | 000,039,217 | ---- | C] () -- C:\Users\user\Documents\location 1.jpg
[2010/10/02 08:32:32 | 000,021,825 | ---- | C] () -- C:\Users\user\Documents\location PLAN.jpg
[2010/09/29 08:22:57 | 000,000,680 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2010/09/13 20:06:29 | 000,007,342 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/09/13 13:53:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010/09/10 21:47:46 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010/09/10 21:24:23 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/09/01 22:09:14 | 000,017,920 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/01 14:24:56 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/02/03 05:05:00 | 000,147,456 | ---- | C] () -- C:\Windows\System32\EPSPTDV.DLL
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/08/31 14:10:40 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Thunderbird
[2010/10/04 23:53:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FrostWire
[2010/09/21 22:47:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\gtk-2.0
[2010/09/26 14:57:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\moovida-1
[2010/10/29 20:06:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OfferBox
[2010/10/03 21:01:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy
[2010/10/28 15:25:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Smart Panel
[2010/08/31 17:54:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thunderbird
[2010/09/05 12:07:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Uniblue
[2010/09/26 23:06:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Windows Live Writer
[2010/10/28 16:41:25 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[2010/05/06 23:19:02 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\drivers\kl1.sys
[2010/05/06 23:19:06 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\drivers\kl2.sys
[2010/08/31 13:25:03 | 000,475,224 | ---- | M] (Kaspersky Lab)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\drivers\klif.sys
[2010/04/22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\drivers\klim6.sys
[2009/11/02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\drivers\klmouflt.sys
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2010/09/01 12:35:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Adobe
[2010/09/21 22:22:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Apple Computer
[2010/10/22 14:53:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\dvdcss
[2010/10/04 23:53:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FrostWire
[2010/09/21 22:47:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\gtk-2.0
[2010/10/24 19:17:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HP
[2010/07/13 06:32:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Identities
[2010/09/01 12:24:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Macromedia
[2010/09/01 19:36:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2010/09/21 22:43:35 | 000,000,000 | --SD | M] -- C:\Users\user\AppData\Roaming\Microsoft
[2010/09/26 14:57:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\moovida-1
[2010/09/01 10:58:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla
[2010/10/29 20:06:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OfferBox
[2010/10/03 21:01:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy
[2010/10/28 15:25:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Smart Panel
[2010/08/31 17:54:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thunderbird
[2010/09/05 12:07:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Uniblue
[2010/10/26 14:04:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\vlc
[2010/09/26 23:06:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Windows Live Writer
 
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2010/09/21 22:43:35 | 000,110,592 | R--- | M] (Acresso Software Inc.) -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\ARPPRODUCTICON.exe
[2010/09/21 22:43:35 | 000,102,400 | R--- | M] (Acresso Software Inc.) -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\NewShortcut2_B4703F8364D440ADB60E472AD5422128.exe
[2010/09/21 22:43:35 | 000,102,400 | R--- | M] (Acresso Software Inc.) -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\NewShortcut3_BCB4A930B9F04A2480525A437423D92B.exe
[2010/09/21 22:43:35 | 000,102,400 | R--- | M] (Acresso Software Inc.) -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\NewShortcut4_A414E067513C43BA8786F3DC788BC961.exe
[2010/09/21 22:43:35 | 000,102,400 | R--- | M] (Acresso Software Inc.) -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\NewShortcut5_F4EE65F1A6CD4124B059E9FA9A98EBF7.exe
[2010/09/21 22:43:35 | 000,102,400 | R--- | M] (Acresso Software Inc.) -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\NewShortcut6_206049A8CD534D8B87D5F66190F05AB3.exe
[2010/10/24 19:54:03 | 000,010,134 | R--- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
[2006/05/16 10:58:14 | 001,708,856 | ---- | M] (Microsoft Corporation) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kd3c9nwi.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\instmsia.exe
[2006/05/16 10:58:16 | 001,822,520 | ---- | M] (Microsoft Corporation) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kd3c9nwi.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\instmsiw.exe
[2010/10/08 12:07:54 | 000,300,600 | ---- | M] (Hewlett-Packard Company                                   ) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kd3c9nwi.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\setup.exe
[2010/10/03 21:01:05 | 000,331,304 | ---- | M] () -- C:\Users\user\AppData\Roaming\OpenCandy\OpenCandy_69EC4BC13DAE41849C5C6EBFEFC50B6E\DLMgr_3_1.6.44.exe
[2010/03/05 22:42:22 | 004,004,928 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\user\AppData\Roaming\OpenCandy\OpenCandy_69EC4BC13DAE41849C5C6EBFEFC50B6E\registrybooster(8).exe
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2010/09/01 09:18:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2010/09/01 09:18:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2010/09/01 09:18:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2010/09/01 09:18:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2008/01/19 06:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2006/11/02 09:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\drivers\cdrom.sys
[2006/11/02 09:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2008/01/19 08:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 10:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\drivers\disk.sys
[2006/11/02 10:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2010/09/01 09:17:40 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2010/09/01 09:17:40 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010/09/01 09:17:39 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010/09/01 09:17:38 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010/09/01 09:42:50 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2010/09/01 09:42:50 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2010/09/01 09:17:39 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2006/11/02 10:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\System32\drivers\ndis.sys
[2006/11/02 10:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008/01/19 08:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
 
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2008/01/19 06:56:31 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=147D7F9C556D259924351FEB0DE606C3 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasacd.sys
[2006/11/02 09:58:13 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=BD7B30F55B3649506DD8B3D38F571D2A -- C:\Windows\System32\drivers\rasacd.sys
[2006/11/02 09:58:13 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=BD7B30F55B3649506DD8B3D38F571D2A -- C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6000.16386_none_0da33cba68680e8f\rasacd.sys
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2006/11/02 09:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=46ED8E91793B2E6F848015445A0AC188 -- C:\Windows\System32\drivers\sfloppy.sys
[2006/11/02 09:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=46ED8E91793B2E6F848015445A0AC188 -- C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_7a4ca8e4\sfloppy.sys
[2008/01/19 06:49:48 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=C33BFBD6E9E41FCD9FFEF9729E9FAED6 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_flpydisk.inf_31bf3856ad364e35_6.0.6001.18000_none_e70a102d7a7bbf43\sfloppy.sys
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2010/09/01 09:44:03 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2010/09/01 09:44:00 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2010/09/01 09:05:20 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010/09/01 09:05:19 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2010/09/01 09:44:03 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2010/09/01 09:05:19 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010/09/01 09:05:20 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\System32\drivers\tcpip.sys
[2010/09/01 09:05:20 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2010/09/01 09:14:11 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
[2010/09/01 09:14:11 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
[2010/09/01 09:44:02 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2010/09/01 09:44:00 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010/09/01 09:05:19 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2006/11/02 09:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[2010/09/01 09:05:19 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2008/01/19 08:43:39 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2010/09/01 09:44:02 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys
 
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2008/01/19 07:01:08 | 000,029,184 | ---- | M] (Microsoft Corporation) MD5=389C63E32B3CEFED425B61ED92D3F021 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.0.6001.18000_none_dbac376c44b742d7\tdtcp.sys
[2006/11/02 10:02:01 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=7D2C1AE1648A60FCE4AA0F7982E419D3 -- C:\Windows\System32\drivers\tdtcp.sys
[2006/11/02 10:02:01 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=7D2C1AE1648A60FCE4AA0F7982E419D3 -- C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.0.6000.16386_none_d975757047cc3203\tdtcp.sys
 
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2006/11/02 10:14:58 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=B51E52ACF758BE00EF3A58EA452FE360 -- C:\Windows\System32\drivers\usbprint.sys
[2006/11/02 10:14:58 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=B51E52ACF758BE00EF3A58EA452FE360 -- C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_35521f61\usbprint.sys
[2008/01/19 07:14:40 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=E75C4B5269091D15A2E7DC0B6D35F2F5 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_usbprint.inf_31bf3856ad364e35_6.0.6001.18000_none_32f9c26ac169fb1e\usbprint.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2008/01/19 07:14:09 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_sti.inf_31bf3856ad364e35_6.0.6001.18000_none_59ded168e0c6a0d3\usbscan.sys
[2006/11/02 10:14:17 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=B1F95285C08DDFE00C0B955462637EC7 -- C:\Windows\System32\drivers\usbscan.sys
[2006/11/02 10:14:17 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=B1F95285C08DDFE00C0B955462637EC7 -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_727905e0\usbscan.sys
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< End of report >




Code: Tout sélectionner
OTL Extras logfile created on: 31/10/2010 17:29:29 - Run 1
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\user\Downloads
Windows Vista Business Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93,16 Gb Total Space | 51,85 Gb Free Space | 55,66% Space Free | Partition Type: NTFS
 
Computer Name: PC-DE-ADMIN | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2876503895-1609111011-3768751282-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10DAB074-863C-44B7-981B-B02403F8DFCD}" = rport=138 | protocol=17 | dir=out | app=system |
"{247EA67D-6425-4B61-8209-5824987A6144}" = rport=137 | protocol=17 | dir=out | app=system |
"{477FDB47-3CCA-4D0D-B9A3-BD2A1E7DF796}" = lport=139 | protocol=6 | dir=in | app=system |
"{576CF6B5-3CCC-4756-B324-BDAD2CCD5BBD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{68BDD0A1-6F82-4AF7-AD28-25666AF3434C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6B27A321-8ECA-4192-AF57-0825697EDE87}" = rport=445 | protocol=6 | dir=out | app=system |
"{6BCDAB1E-DD70-4C85-ABF0-1D7370373CDC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{84C776DF-514A-4CF4-A693-E7AAC63700DC}" = lport=445 | protocol=6 | dir=in | app=system |
"{87B1F4A7-4E6E-4E9B-8C6E-F9252AEF7E64}" = lport=137 | protocol=17 | dir=in | app=system |
"{8AA09D78-3280-4C27-A021-F1AB87ADAD8B}" = rport=139 | protocol=6 | dir=out | app=system |
"{8BFF09A0-83E0-486C-8610-FF054DB53C11}" = lport=138 | protocol=17 | dir=in | app=system |
"{9FB28040-E547-4B47-81E8-9DCE6D24A09A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{E0894178-1C66-4D8F-BAFA-37CF97C97829}" = lport=2869 | protocol=6 | dir=in | app=system |
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AEF76D6-7915-4C06-A88B-C630ACC8AC92}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0C73839C-9B72-489E-B092-C81AB1A1DBAE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{2AE7D647-60E7-453A-8E4B-7CA2601285D4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2C6AC8AD-1241-4279-A6FA-F7E13EE793B6}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{2F58A96F-0330-491E-B223-C7E76A2B10BB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{344A0560-30B6-4079-A1BD-C2B978337B75}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{3FCCB748-EC3D-4753-9D5D-99C5F7733FCB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{4C0E358F-57FE-41D7-B5BF-81F3722103D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{4FB4CA61-310B-4FCB-8249-0368887257D3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{560C944E-BCAC-47B7-AC18-C8A755E1EC92}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{579F86C5-8534-4CF1-B54C-8EAFA963B72A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{6A0DED2B-71AF-43B0-9EE2-552E5D43A92D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{6C93438A-57D6-496D-AB5B-6AE0F90292F2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{6E2A8E75-821D-494A-B4F9-48BDDBBC8F88}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{6E8A8B61-33DD-4B53-80AA-951FEAE19591}" = protocol=6 | dir=in | app=d:\data\eskernel.exe |
"{6FC1EF47-DC7A-4BBE-89FD-EBAE17612571}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{753D5C29-4F8B-403E-A2B6-B6802AA5856C}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{7774D183-9117-4980-8319-E7DDA7C45D88}" = protocol=17 | dir=in | app=d:\data\eskernel.exe |
"{7D15D800-FFF1-4F77-BBF2-56A85FED91D0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{84E25E47-D287-4535-A1BD-2506477A6DA6}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{8770F204-C348-46CA-BA43-4D9DD733A30E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8D102950-9023-4B5D-A2F6-FE5F6D69C78D}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{8DCCB445-3BAB-4FB4-92EA-5479FFA79A0D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{8F3BF1A5-A98E-4F5F-A15E-BE03B4949083}" = protocol=17 | dir=in | app=c:\program files\bbox\eskernel.exe |
"{97E7E9B5-9CDB-4C81-9326-C6CB0DB4D260}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{9C8DB3BD-28F0-4CAF-AA90-612A54D21D62}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A8FA3694-6E53-4412-801F-0C3CA921A00D}" = protocol=6 | dir=in | app=c:\program files\bbox\eskernel.exe |
"{B4763670-64B5-4EE2-8F5F-A45F67B8C3AE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{B80F6549-4A1D-4F4E-AE55-D3E95DA7220D}" = protocol=17 | dir=in | app=c:\program files\bboxupdate\btliveupdate.exe |
"{BA1BAE2C-73B2-49BC-900C-FA5849B59BBF}" = dir=in | app=c:\windows\system32\kbdfc32.exe |
"{BBA1253C-9AF3-4A2E-8551-0049F7FE11A4}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{C2DFA2FE-16C8-44B0-B54F-BA4E53995331}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{C3639A03-2D85-4EC7-A902-9FEFBE16BE54}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{CC41267C-1082-490C-ADCB-45F5C4F2F638}" = protocol=6 | dir=in | app=c:\program files\bboxupdate\btliveupdate.exe |
"{D5194DF3-1D88-4873-A3AA-2BD078D97A9F}" = dir=in | app=c:\windows\system32\kbdfc32.exe |
"{E06F6336-65BC-4B72-A384-85E4ABE9FA98}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{E265E45F-8584-4903-89AB-33905C922D25}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{ED687E5B-BDF8-4369-878F-A5A3A07BC4E8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FB0AAE17-CC3A-4A98-8BF8-9527AD9EA056}" = dir=in | app=c:\windows\system32\kbdfc32.exe |
"{FEB0AE59-20DA-44F3-83C5-BA2750341A27}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Barre d'outils Bing
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Assistant de connexion Windows Live ID
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0CA49C4E-7B1C-460c-9DB8-4A7160CDF8D1}" = ProductContext
"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
"{1DEF8B27-D75B-4f2a-B723-C506047D1438}" = K8600
"{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}" = Galerie de photos Windows Live
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{230B83A5-7D88-4B95-B71E-F44C0C78B002}" = Windows Live Movie Maker
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3A98125E-B0AC-47E4-80D7-75DF75B13AA1}" = BPDSoftware_Ini
"{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
"{44B44E0E-B7F8-45D2-9B1F-B073D337A097}" = BPD_HPSU
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8AB184-EE5E-4277-BB68-C352BE13DD7B}" = 8600_Help
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{6084C211-01A1-464E-97A0-09772E122B50}" = Moovida
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{643F4F69-5A6A-4B52-BD56-5909800B556F}" = 8500A909_Help_BasicWeb
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69B078F7-E057-4488-AE6B-CB7BBEEE8DA6}" = HP Officejet Pro K8600 Series
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare
"{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}" = PIF DESIGNER2.1
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D10D317-F8E0-4493-99AE-F6ADBB223553}" = BPDSoftware
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{9028040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional avec FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{978AFF1A-B939-4177-B85A-C87B1867AC5C}" = 8500A909_BasicWeb
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9D6524E6-15CF-4852-BF70-04FE973A3DE1}" = Windows Live Toolbar
"{9FF9FDF7-F84A-4F99-B4BB-066B6F95F33D}" = Windows Live Contrôle parental
"{A7A02E23-805C-4AAC-B408-D59A1D53AEA6}" = BPDSoftware
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.4 - Français
"{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
"{B1054C0C-0C16-41E1-8A9D-35F065793E92}" = HP Officejet Pro 8500 A909 Series
"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFB61C36-61C9-46E9-8AA3-6E5A896AC989}" = 8600_Readme
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ad-Remover" = Ad-Remover By C_XX
"BboxUpdate" =
"Bouygues Telecom - désinstallation Bbox" =
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"EPSON Scanner" = EPSON Scan
"ESCX6600 Guide de réf." = ESCX6600 Guide de réf.
"ESCX6600 Guide des logiciels" = ESCX6600 Guide des logiciels
"HijackThis" = HijackThis 2.0.2
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.6.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"OfferBox" = OfferBox
"PhotoFiltre Studio" = PhotoFiltre Studio
"Picasa 3" = Picasa 3
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Installation Windows Live
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 28/10/2010 11:39:55 | Computer Name = PC-de-admin | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 28/10/2010 11:39:55 | Computer Name = PC-de-admin | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 28/10/2010 11:39:55 | Computer Name = PC-de-admin | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 28/10/2010 11:39:56 | Computer Name = PC-de-admin | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 28/10/2010 11:41:58 | Computer Name = PC-de-admin | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 28/10/2010 11:43:01 | Computer Name = PC-de-admin | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 29/10/2010 15:06:06 | Computer Name = PC-de-admin | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 7.0.6000.16982, horodatage
 0x4b2b56f5, module défaillant unknown, version 0.0.0.0, horodatage 0x00000000,
code d’exception 0xc0000005, décalage d’erreur 0x03675d8c,  ID du processus 0xe34,
 heure de début de l’application 0x01cb779c4717e940.
 
Error - 29/10/2010 17:42:32 | Computer Name = PC-de-admin | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 7.0.6000.16982, horodatage
 0x4b2b56f5, module défaillant unknown, version 0.0.0.0, horodatage 0x00000000,
code d’exception 0xc0000005, décalage d’erreur 0x02a05d8c,  ID du processus 0x17a8,
 heure de début de l’application 0x01cb779c472af440.
 
Error - 31/10/2010 06:59:49 | Computer Name = PC-de-admin | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 7.0.6000.16982, horodatage
 0x4b2b56f5, module défaillant unknown, version 0.0.0.0, horodatage 0x00000000,
code d’exception 0xc0000005, décalage d’erreur 0x02775d8c,  ID du processus 0x10ac,
 heure de début de l’application 0x01cb78de10d66530.
 
Error - 31/10/2010 07:00:04 | Computer Name = PC-de-admin | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 7.0.6000.16982, horodatage
 0x4b2b56f5, module défaillant unknown, version 0.0.0.0, horodatage 0x00000000,
code d’exception 0xc0000005, décalage d’erreur 0x02aa5d6c,  ID du processus 0x1484,
 heure de début de l’application 0x01cb78eac1b69580.
 
[ System Events ]
Error - 25/10/2010 15:37:53 | Computer Name = PC-de-admin | Source = Service Control Manager | ID = 7023
Description =
 
Error - 25/10/2010 15:38:23 | Computer Name = PC-de-admin | Source = DCOM | ID = 10010
Description =
 
Error - 25/10/2010 15:41:38 | Computer Name = PC-de-admin | Source = DCOM | ID = 10010
Description =
 
Error - 25/10/2010 15:42:18 | Computer Name = PC-de-admin | Source = Service Control Manager | ID = 7026
Description =
 
Error - 25/10/2010 15:42:18 | Computer Name = PC-de-admin | Source = Service Control Manager | ID = 7023
Description =
 
Error - 25/10/2010 15:42:18 | Computer Name = PC-de-admin | Source = Service Control Manager | ID = 7023
Description =
 
Error - 25/10/2010 15:43:03 | Computer Name = PC-de-admin | Source = Service Control Manager | ID = 7023
Description =
 
Error - 25/10/2010 15:57:22 | Computer Name = PC-de-admin | Source = Service Control Manager | ID = 7023
Description =
 
Error - 25/10/2010 16:36:50 | Computer Name = PC-de-admin | Source = Service Control Manager | ID = 7023
Description =
 
Error - 26/10/2010 02:44:17 | Computer Name = PC-de-admin | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
Patrick 31
Visiteur
Visiteur
 
Messages: 8
Inscription: 31 Oct 2010 17:40
 


Re: Virus GEMEO

Message le 31 Oct 2010 18:27

Merci de penser au balises :
[code][/code]

la prochaine fois, ton sujet était parfaitement illisible. :roll:
Avatar de l'utilisateur
H3bus
Moderateur
Moderateur
 
Messages: 12195
Inscription: 08 Avr 2008 15:13
Localisation: /home/h3bus
 

Re: Virus GEMEO

Message le 31 Oct 2010 19:00

Salut !

Affiche les fichiers et dossiers cachés

Image Rends toi sur VirusTotal


  • Upload ces fichiers

    C:\Windows\system32\wininit.exe

  • Copie et colle le rapport de VirusTotal

++
XxNicoxX
Visiteur
Visiteur
 
Messages: 1
Inscription: 31 Oct 2010 18:56
 

Re: Virus GEMEO

Message le 02 Nov 2010 16:05

Code: Tout sélectionner
 user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
wininit.exe
Submission date:
2010-11-02 08:53:56 (UTC)
Current status:
finished
Result:
1 /43 (2.3%)
   
VT Community

goodware
 Safety score: 100.0%
Compact
Print results
Antivirus    Version    Last Update    Result
AhnLab-V3    2010.11.02.00    2010.11.01    -
AntiVir    7.10.13.77    2010.11.01    -
Antiy-AVL    2.0.3.7    2010.11.01    -
Authentium    5.2.0.5    2010.11.01    -
Avast    4.8.1351.0    2010.11.01    -
Avast5    5.0.594.0    2010.11.01    -
AVG    9.0.0.851    2010.11.01    -
BitDefender    7.2    2010.11.01    -
CAT-QuickHeal    11.00    2010.10.26    -
ClamAV    0.96.2.0-git    2010.11.01    -
Comodo    6580    2010.11.01    -
DrWeb    5.0.2.03300    2010.11.01    -
Emsisoft    5.0.0.50    2010.11.01    -
eSafe    7.0.17.0    2010.11.01    -
eTrust-Vet    36.1.7947    2010.11.01    -
F-Prot    4.6.2.117    2010.11.01    -
F-Secure    9.0.16160.0    2010.11.01    -
Fortinet    4.2.249.0    2010.11.01    -
GData    21    2010.11.01    -
Ikarus    T3.1.1.90.0    2010.11.01    -
Jiangmin    13.0.900    2010.11.01    -
K7AntiVirus    9.67.2882    2010.11.01    -
Kaspersky    7.0.0.125    2010.11.01    -
McAfee    5.400.0.1158    2010.11.01    -
McAfee-GW-Edition    2010.1C    2010.11.01    Heuristic.BehavesLike.Win32.Suspicious.H
Microsoft    1.6301    2010.11.01    -
NOD32    5583    2010.11.01    -
Norman    6.06.10    2010.11.01    -
nProtect    2010-11-01.01    2010.11.01    -
Panda    10.0.2.7    2010.11.01    -
PCTools    7.0.3.5    2010.11.01    -
Prevx    3.0    2010.11.02    -
Rising    22.71.06.04    2010.11.01    -
Sophos    4.59.0    2010.11.01    -
Sunbelt    7187    2010.11.01    -
SUPERAntiSpyware    4.40.0.1006    2010.11.01    -
Symantec    20101.2.0.161    2010.11.01    -
TheHacker    6.7.0.1.075    2010.11.01    -
TrendMicro    9.120.0.1004    2010.11.01    -
TrendMicro-HouseCall    9.120.0.1004    2010.11.01    -
VBA32    3.12.14.1    2010.11.01    -
ViRobot    2010.10.4.4074    2010.11.01    -
VirusBuster    12.70.15.0    2010.11.01    -
Additional information
Show all
MD5   : d4385b03e8cccee6f0ee249f827c1f3e
SHA1  : a832ced7749d8d6973117a78dfb3b6d0c0545459
SHA256: ae9040704a7cefebfddc776f08ab41aafda9d353bf3f4749bbbee7137ed042f2
ssdeep: 1536:Qd7zKDEtSt6KH9HKC3MEd0bCVulnRTnebnu0zUz3c93fCZNqn:Q5zfo66hJdZulnRTn6nQ
c93f+wn
File size : 95744 bytes
First seen: 2007-09-25 22:58:02
Last seen : 2010-11-02 08:53:56
Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows Start-Up Application
original name: WinInit.exe
internal name: WinInit
file version.: 6.0.6000.16386 (vista_rtm.061101-2205)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x5C70
timedatestamp....: 0x4549AFF9 (Thu Nov 02 08:44:41 2006)
machinetype......: 0x14C (Intel I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x13B94, 0x13C00, 6.31, 73a017f9b9c55795cfb9c2f94cc21e43
.data, 0x15000, 0x93C, 0x800, 1.69, d1db604fe4104ead40a134ec9d62b7d1
.rsrc, 0x16000, 0x1750, 0x1800, 3.95, a23c716cdf070f2c3432a5cc470034d4
.reloc, 0x18000, 0x14E8, 0x1600, 6.67, 95686f7aac326b58b3c211a6f5268530

[[ 7 import(s) ]]
advapi32.dll: TraceMessage, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegCloseKey, RegDeleteValueW, RegOpenKeyExW, RegSetValueExW, RegQueryValueExW, EventRegister, EventUnregister, EventWrite, EventEnabled, RegOpenKeyW, LsaGetUserName, EventWriteEndScenario, EventWriteStartScenario, EventActivityIdControl, CheckTokenMembership, RevertToSelf, ImpersonateLoggedOnUser, EqualSid, GetTokenInformation, DeregisterEventSource, RegisterEventSourceW, RegEnumValueW, RegQueryInfoKeyW, RegQueryInfoKeyA, RegQueryValueExA, QueryTraceW, EnableTrace, ControlTraceW, StartTraceW, OpenSCManagerW, OpenServiceW, QueryServiceStatus, NotifyServiceStatusChangeW, CloseServiceHandle, NotifyBootConfigStatus, OpenProcessToken, CreateWellKnownSid, LookupAccountSidW, RegDeleteTreeW, CreateProcessAsUserW, DuplicateTokenEx, I_ScSendTSMessage, ReportEventW
kernel32.dll: HeapAlloc, HeapFree, Sleep, SetThreadExecutionState, MoveFileExW, DeleteFileW, GetSystemDirectoryW, GetCurrentProcessId, SleepEx, CreateThread, InterlockedExchange, CreateProcessW, WaitForSingleObject, FindClose, FindFirstFileW, GetWindowsDirectoryW, GetTickCount, HeapDestroy, SetErrorMode, CreateTimerQueueTimer, SetEvent, HeapSetInformation, QueueUserWorkItem, DeleteTimerQueueTimer, GetVersionExW, GetDateFormatW, GetTimeFormatW, FileTimeToSystemTime, SystemTimeToFileTime, GetLocalTime, LockResource, LoadResource, FindResourceExW, ExpandEnvironmentStringsW, lstrlenW, LocalFree, ReadFile, LocalAlloc, CreateFileW, GetShortPathNameW, lstrcmpiW, FindVolumeClose, FindNextVolumeW, GetDriveTypeW, FindFirstVolumeW, LocalReAlloc, LocalSize, InterlockedCompareExchange, LoadLibraryA, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, DelayLoadFailureHook, HeapCreate, GetCurrentThreadId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, GetProcessHeap, SetLastError, ResumeThread, CreateRemoteThread, GetModuleHandleW, OpenProcess, SetTimerQueueTimer, GetFileAttributesW, LoadLibraryW, GetProcAddress, FreeLibrary, GetComputerNameW, SetEnvironmentVariableW, GetLastError, GetCurrentProcess, SetPriorityClass, GetCurrentThread, SetThreadPriority, GetExitCodeProcess, CloseHandle, WaitForMultipleObjectsEx, CreateEventW, QueryPerformanceCounter
msvcrt.dll: _vsnwprintf, _wcsicmp, memcpy, memmove, wcschr, __getmainargs, _cexit, _exit, _XcptFilter, _ismbblead, exit, _acmdln, _initterm, _amsg_exit, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler4_common, _terminate@@YAXXZ, _controlfp, memset, wcsstr
ntdll.dll: RtlFreeHeap, NtShutdownSystem, RtlDeregisterWaitEx, NtOpenProcessToken, RtlRemovePrivileges, NtClose, NtCreatePagingFile, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, NtAllocateLocallyUniqueId, RtlFreeSid, RtlSetSaclSecurityDescriptor, RtlAddMandatoryAce, RtlCreateAcl, RtlDosPathNameToNtPathName_U, NtQueryInformationProcess, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, RtlSetDaclSecurityDescriptor, RtlAddAce, TpSimpleTryPost, RtlUnhandledExceptionFilter, RtlInitUnicodeString, NtQuerySystemInformation, RtlNtStatusToDosError, RtlDestroyEnvironment, NtSetValueKey, NtCreateKey, RtlSetThreadIsCritical, RtlSetProcessIsCritical, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlCompareUnicodeString, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, RtlAllocateAndInitializeSid, RtlInitializeCriticalSection, NtQueryInformationToken, RtlSetEnvironmentVariable, RtlQueryEnvironmentVariable_U, RtlInitUnicodeStringEx, RtlCreateEnvironment, NtCreateEvent, RtlAdjustPrivilege, NtSystemDebugControl, DbgBreakPoint, RtlCreateSecurityDescriptor, RtlRegisterWait
rpcrt4.dll: RpcServerUseProtseqEpW, RpcServerRegisterIfEx, RpcServerListen, RpcServerInqCallAttributesW, RpcImpersonateClient, RpcRevertToSelf, RpcBindingServerFromClient, RpcBindingToStringBindingW, RpcStringBindingParseW, RpcBindingFree, NdrServerCall2, RpcServerUseProtseqW, RpcBindingSetAuthInfoExW, RpcBindingFromStringBindingW, RpcStringBindingComposeW, RpcMgmtIsServerListening, NdrClientCall2, RpcBindingUnbind, RpcAsyncCompleteCall, RpcAsyncCancelCall, RpcAsyncInitializeHandle, RpcBindingBind, RpcBindingCreateW, RpcBindingCopy, NdrAsyncClientCall, I_RpcBindingIsClientLocal, RpcAsyncAbortCall, RpcServerTestCancel, NdrAsyncServerCall, RpcServerInqDefaultPrincNameW, RpcServerRegisterAuthInfoW, RpcStringFreeW, RpcServerInqBindings, UuidFromStringW, RpcEpRegisterW, RpcServerUnregisterIf, RpcEpUnregister, RpcBindingVectorFree
user32.dll: RecordShutdownReason, UnhookWindowsHookEx, RegisterLogonProcess, SetThreadDesktop, ExitWindowsEx, UpdatePerUserSystemParameters, SetWindowsHookExW, LoadLocalFonts, SetWindowStationUser, SwitchDesktopWithFade, SwitchDesktop, SetUserObjectSecurity, CloseWindowStation, CloseDesktop, CreateDesktopW, SetProcessWindowStation, CreateWindowStationW, GetAsyncKeyState
userenv.dll: GetAllUsersProfileDirectoryW, -, -, GetUserProfileDirectoryW
ThreatExpert:
http://www.threatexpert.com/report.aspx?md5=d4385b03e8cccee6f0ee249f827c1f3e
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 80896
CompanyName: Microsoft Corporation
EntryPoint: 0x5c70
FileDescription: Windows Start-Up Application
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 94 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 6.0.6000.16386 (vista_rtm.061101-2205)
FileVersionNumber: 6.0.6000.16386
ImageVersion: 6.0
InitializedDataSize: 14336
InternalName: WinInit
LanguageCode: English (U.S.)
LegalCopyright: Microsoft Corporation. All rights reserved.
LinkerVersion: 8.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 6.0
ObjectFileType: Executable application
OriginalFilename: WinInit.exe
PEType: PE32
ProductName: Microsoft Windows Operating System
ProductVersion: 6.0.6000.16386
ProductVersionNumber: 6.0.6000.16386
Subsystem: Windows GUI
SubsystemVersion: 6.0
TimeStamp: 2006:11:02 09:44:41+01:00
UninitializedDataSize: 0
RDS: NSRL Reference Data Set

Microsoft
Installed Vista Ultimate, NSRL: wininit.exe, x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce_wininit.exe_7a527f28

VT Community

1

    User:
    Anonymous
    Reputation:
    1 credits
    Comment date:
    2010-08-25 15:23:31 (UTC)
    Tags: Goodware,

Was this comment helpful? Yes (0) | No (0) | Report abuse Reported as abuseful

    User:
    Anonymous
    Reputation:
    1 credits
    Comment date:
    2010-08-25 15:23:31 (UTC)
    Tags: Goodware,

Was this comment helpful? Yes (0) | No (0) | Report abuse Reported as abuseful
Loading...

Prev1Next

Patrick 31
Visiteur
Visiteur
 
Messages: 8
Inscription: 31 Oct 2010 17:40
 

Re: Virus GEMEO

Message le 02 Nov 2010 20:08

Bonsoir a tous

Patrick 31 fait ceci s.t.p


Télécharger AD-Remover (créé par C_XX) :

http://www.teamxscript.org/adremoverTelechargement.html

Cliquez sur "DOWNLOAD " et enregistrez-le "sur votre bureau"

Une fois téléchargé sur votre bureau, double-cliquez sur son icone pour lancer l'installation.

Sous vista et Windows7 : clic droit sur son icone et sélectionnez "Exécuter en tant qu'administrateur".
L'installation se fera automatiquement.

A l'écran principal, cliquez sur Nettoyer pour exécuter le nettoyage.

Une fois l'ordinateur redémarré, il ne vous reste plus qu'à copier/coller le rapport sur le forum comme le précédent.
Le rapport se trouve à cet endroit : C:\Ad-Report-CLEAN[1].txt


Ensuite ceci.



Installe Malewarebytes' Antimalware,
Téléchargement



*** Met-le à jour puis choisi, Exécuter un examen complet

*** Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection

Poste le rapport final.
*** il est conseillé de désactivé Tea-Timer si tu as Spybot-S&D juste le temps du scan.
Voici comment faire: Lancez Spybot-S&D, passez en Mode avancé via le Menu Mode (en haut) → cliquez sur Oui--> choisissez Outils dans la barre de navigation sur la gauche -->Résident et là vous pouvez décocher les cases situées devant les deux outils.



Ensuite dis moi comment cela va de ton coté.
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: Virus GEMEO

Message le 03 Nov 2010 08:50

Bonjour

voici les rapports, un trojan que j'ai supprimé depuis

Code: Tout sélectionner
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 5026

Windows 6.0.6000
Internet Explorer 7.0.6000.16982

03/11/2010 08:39:36
mbam-log-2010-11-03 (08-39-36).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 246249
Temps écoulé: 1 heure(s), 15 minute(s), 1 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\user\Documents\BIT35B0.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.


Code: Tout sélectionner
======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 19/05/10 à 19:20
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 00:46:58 le 03/11/2010 | Mode normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\ADR.exe
SE: Microsoft® Windows Vista™ Professionnel  ( - X86)
Nom du PC: PC-DE-ADMIN (Dell Inc. Latitude D820)
Utilisateur actuel: user
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.

(!) -- Fichiers temporaires supprimés.
.
.
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.6.12 (fr) *
.
C:\Users\user\..\kd3c9nwi.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.12
C:\Users\admin\..\9vniw293.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.8
.
.
* Internet Explorer Version 7.0.6000.16982 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\Windows\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
========================================
.
C:\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Ad-Remover\Backup: 28 Fichier(s)
.
C:\Ad-Report-CLEAN[1].txt - 2205 Octet(s)
C:\Ad-Report-CLEAN[2].txt - 2290 Octet(s)
C:\Ad-Report-CLEAN[3].txt - 2165 Octet(s)
C:\Ad-Report-SCAN[1].txt - 2199 Octet(s)
C:\Ad-Report-SCAN[2].txt - 2284 Octet(s)
C:\Ad-Report-SCAN[3].txt - 2326 Octet(s)
.
Fin à: 00:54:34, 03/11/2010
.
============== E.O.F - CLEAN[3] ==============
Patrick 31
Visiteur
Visiteur
 
Messages: 8
Inscription: 31 Oct 2010 17:40
 

Re: Virus GEMEO

Message le 03 Nov 2010 09:36

RE

Gomeo toujours présent
Patrick 31
Visiteur
Visiteur
 
Messages: 8
Inscription: 31 Oct 2010 17:40
 

Re: Virus GEMEO

Message le 03 Nov 2010 12:36

ok fait ceci.



Démarrer IE-->>Outils-->>Options Internet-->>Onglet avancé-->>REINITIALISER


Pour FireFox :
Démarre FireFox --> Outil Options --> Onglet général--> Restaurer la configuration par défaut.


Puis::


Télécharge >>OTM<< (de Old_Timer) sur ton Bureau.


>> Pour VISTA : Clic-droit et choisis "Exécuter en tant qu'administrateur".

>> AVAST reconnait ce logiciel comme un intrus, donc le désactiver le temps des manipulations.

Double-clique sur OTM pour le lancer. Image

Copie la liste qui se trouve en citation ci-dessous:

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.fr"
"First Home Page"="http://www.google.fr"


:Commands
[emptytemp]


et colle-la dans le cadre de gauche de OTM sous ceci:

Image

Clique sur Image pour lancer la suppression.
attendre la fin du travail de l'outil puis fermer OTM

Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTM\MovedFiles\06092009_130526.log "Exemple"

NB: Il te sera peut-être demandé de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Oui/Yes.


Refait un essai et dis moi.
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: Virus GEMEO

Message le 03 Nov 2010 13:57

voici le rapport OTM, je vais refaire des essais pour voir, je te tiens au courant

a plus


Code: Tout sélectionner
All processes killed
========== REGISTRY ==========
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"http://www.google.fr" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"First Home Page"|"http://www.google.fr" /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: admin
->Temp folder emptied: 13112988 bytes
->Temporary Internet Files folder emptied: 23586083 bytes
->FireFox cache emptied: 60032585 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: user
->Temp folder emptied: 33105065 bytes
->Temporary Internet Files folder emptied: 7890455 bytes
->Java cache emptied: 180668 bytes
->FireFox cache emptied: 44820904 bytes
->Flash cache emptied: 2454 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 321632 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 175,00 mb
 
 
OTM by OldTimer - Version 3.1.17.2 log created on 11032010_135056

Files moved on Reboot...
File C:\Windows\temp\klsFD6.tmp not found!

Registry entries deleted on Reboot...
Patrick 31
Visiteur
Visiteur
 
Messages: 8
Inscription: 31 Oct 2010 17:40
 

Re: Virus GEMEO

Message le 03 Nov 2010 14:24

Bernard,

je ne sais pas si ça peut t'aider mais je n'ai le problème qu'avec Firefox
si je passe par EI je ne suis pas redirigé sur d'autres sites (gomeo et autres.......)

a plus

Ps: rien n'a changé je suis toujours redirigé....
Patrick 31
Visiteur
Visiteur
 
Messages: 8
Inscription: 31 Oct 2010 17:40
 

Re: Virus GEMEO

Message le 03 Nov 2010 19:56

ok fait ceci alors.



Télécharge ComboFix <ICI>>

Pour les Utilisateurs de VISTA: Clic-droit et choisis "Exécuter en tant qu'administrateur".
Pour VISTA : pas d'installation de la console de récupération.

>> Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée.

Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir préinstallée sur votre PC avant toute suppression de nuisibles.
Elle permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.

Suis les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela est demandé, accepte le Contrat de Licence Utilisateur Final pour l'installer.
>> Une fois sur ton bureau double clique dessus pour le lancer.
Note importante : Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.

Lorsque le scan sera complet, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt

>>Ne pas cliquer dans la fenêtre de Combofix durant l’analyse, ceci provoquerait le gel du programme
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: Virus GEMEO

Message le 03 Nov 2010 20:54

ComboFix 10-11-02.06 - user 03/11/2010 20:35:30.2.2 - x86
Code: Tout sélectionner
Microsoft® Windows Vista™ Professionnel   6.0.6000.0.1252.33.1036.18.2046.1257 [GMT 1:00]
Lancé depuis: c:\users\user\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Internet Security *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9vniw293.default\extensions\{acdbca56-f824-4152-9216-d98724ba0701}
c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9vniw293.default\extensions\{acdbca56-f824-4152-9216-d98724ba0701}\chrome.manifest
c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9vniw293.default\extensions\{acdbca56-f824-4152-9216-d98724ba0701}\chrome\xulcache.jar
c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9vniw293.default\extensions\{acdbca56-f824-4152-9216-d98724ba0701}\defaults\preferences\xulcache.js
c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9vniw293.default\extensions\{acdbca56-f824-4152-9216-d98724ba0701}\install.rdf
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kd3c9nwi.default\extensions\{acdbca56-f824-4152-9216-d98724ba0701}
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kd3c9nwi.default\extensions\{acdbca56-f824-4152-9216-d98724ba0701}\chrome.manifest
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kd3c9nwi.default\extensions\{acdbca56-f824-4152-9216-d98724ba0701}\chrome\xulcache.jar
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kd3c9nwi.default\extensions\{acdbca56-f824-4152-9216-d98724ba0701}\defaults\preferences\xulcache.js
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kd3c9nwi.default\extensions\{acdbca56-f824-4152-9216-d98724ba0701}\install.rdf
c:\windows\system32\AutoRun.inf

.
(((((((((((((((((((((((((((((   Fichiers créés du 2010-10-03 au 2010-11-03  ))))))))))))))))))))))))))))))))))))
.

2010-11-03 19:46 . 2010-11-03 19:46   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-11-03 19:46 . 2010-11-03 19:46   --------   d-----w-   c:\users\admin\AppData\Local\temp
2010-11-03 12:50 . 2010-11-03 12:50   --------   d-----w-   C:\_OTM
2010-11-02 08:00 . 2010-10-07 23:21   6146896   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C2E1338-77A6-4C3A-A374-AABFFA60FA82}\mpengine.dll
2010-10-31 16:04 . 2010-10-31 16:04   --------   d-----w-   c:\program files\Trend Micro
2010-10-28 14:23 . 2010-10-28 14:25   --------   d-----w-   c:\users\user\AppData\Roaming\Smart Panel
2010-10-27 21:08 . 2010-11-02 23:54   --------   d-----w-   C:\Ad-Remover
2010-10-26 21:40 . 2010-10-26 21:40   --------   d-----w-   c:\windows\Sun
2010-10-25 20:52 . 2010-05-14 12:56   319488   ----a-w-   c:\windows\system32\Spool\prtprocs\w32x86\hpfpp02t.dll
2010-10-25 20:47 . 2010-05-14 12:56   125440   ----a-w-   c:\windows\system32\hpf3l02t.dll
2010-10-25 19:56 . 2010-04-26 08:52   454504   ----a-w-   c:\windows\system32\hpzids01.dll
2010-10-25 17:20 . 2010-10-25 17:25   --------   d-----w-   c:\program files\MediaCoder
2010-10-24 18:06 . 2010-10-24 18:06   --------   d-----w-   c:\program files\MSN Toolbar
2010-10-24 18:06 . 2010-10-24 18:06   --------   d-----w-   c:\program files\Bing Bar Installer
2010-10-24 17:58 . 2010-05-13 10:29   372736   ----a-w-   c:\windows\system32\hppldcoi.dll
2010-10-24 17:58 . 2010-05-13 10:25   970752   ----a-w-   c:\windows\system32\hpwtiop4.dll
2010-10-24 17:58 . 2010-05-13 10:25   718336   ----a-w-   c:\windows\system32\hpwwiax5.dll
2010-10-23 22:32 . 2010-11-02 22:04   --------   d-----w-   c:\users\user\AppData\Roaming\OfferBox
2010-10-23 22:32 . 2010-10-23 22:32   --------   d-----w-   c:\program files\OfferBox
2010-10-23 18:36 . 2010-10-23 18:36   --------   d-----w-   c:\program files\Bbox
2010-10-23 18:08 . 2009-06-03 13:52   397312   ------w-   c:\windows\system32\RtlLib.dll
2010-10-23 18:08 . 2009-04-29 13:01   208896   ------w-   c:\windows\system32\RtlIhvOid.dll
2010-10-23 18:08 . 2009-01-21 10:33   200704   ------w-   c:\windows\system32\IpLib.dll
2010-10-23 18:08 . 2008-05-16 10:51   1069056   ------w-   c:\windows\system32\libeay32.dll
2010-10-23 18:08 . 2010-10-23 18:08   21361   ----a-w-   c:\windows\system32\drivers\AegisP.sys
2010-10-23 18:08 . 2009-06-24 13:12   94208   ------w-   c:\windows\system32\ZDCN50.dll
2010-10-23 18:08 . 2009-06-24 13:12   20736   ------w-   c:\windows\system32\ZDCndis5.sys
2010-10-23 18:08 . 2008-10-28 08:54   41280   ------w-   c:\windows\system32\ZDCNDIS6a64.sys
2010-10-23 18:08 . 2007-05-10 10:59   32256   ------w-   c:\windows\system32\Zdcndis5a64.sys
2010-10-23 17:51 . 2010-10-23 17:51   --------   d-----w-   c:\program files\Techcity
2010-10-22 13:47 . 2010-10-22 13:48   --------   d-----w-   c:\program files\PhotoFiltre Studio
2010-10-19 08:42 . 2010-10-19 08:42   --------   d-----w-   c:\programdata\UDL
2010-10-19 08:41 . 2003-07-01 23:00   131072   ----a-w-   c:\windows\system32\Epcmlib.dll
2010-10-19 08:36 . 2002-12-05 12:12   692224   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2010-10-19 08:36 . 2002-12-05 12:10   155648   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2010-10-19 08:36 . 2002-12-02 13:22   5632   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2010-10-19 08:36 . 2002-12-02 11:33   57344   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2010-10-19 08:36 . 2002-12-02 11:33   237568   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2010-10-19 08:36 . 2010-10-19 08:36   282756   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2010-10-19 08:36 . 2010-10-19 08:36   163972   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2010-10-19 08:34 . 1999-12-07 00:03   73216   ----a-w-   c:\windows\ADE.DLL
2010-10-19 08:34 . 1999-06-15 09:31   96768   ----a-w-   c:\windows\SlantAdj.dll
2010-10-19 08:34 . 1999-04-26 22:17   3136   ----a-w-   c:\windows\Ade001.bin
2010-10-19 08:33 . 2010-10-19 08:40   --------   d-----w-   c:\program files\Smart Panel
2010-10-19 08:33 . 2010-10-24 21:41   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-10-19 08:33 . 2001-09-05 02:18   225280   ----a-w-   c:\program files\Common Files\InstallShield\IScript\iscript.dll
2010-10-19 08:33 . 2001-09-05 02:14   176128   ----a-w-   c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2010-10-19 08:33 . 2001-09-05 02:13   32768   ----a-w-   c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2010-10-19 08:33 . 2001-09-05 02:18   77824   ----a-w-   c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2010-10-19 08:33 . 2002-07-25 16:07   614532   ----a-w-   c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2010-10-19 08:32 . 2004-01-31 23:00   413696   ----a-w-   c:\windows\system32\PICSDK.dll
2010-10-19 08:32 . 2002-11-14 22:00   65536   ----a-w-   c:\windows\system32\EPPicMgr.dll
2010-10-19 08:32 . 2002-11-14 22:00   114688   ----a-w-   c:\windows\system32\EpPicPrt.dll
2010-10-19 08:30 . 2003-06-30 22:00   46080   ----a-w-   c:\windows\system32\escimgd.dll
2010-10-19 08:30 . 2003-06-30 22:00   22528   ----a-w-   c:\windows\system32\esccmd.dll
2010-10-19 07:50 . 2010-10-19 07:50   --------   d-----w-   c:\windows\eigen
2010-10-17 10:22 . 2010-10-22 13:53   --------   d-----w-   c:\users\user\AppData\Roaming\dvdcss
2010-10-15 19:20 . 2010-10-15 19:20   --------   d-----w-   c:\programdata\ConeXware
2010-10-15 10:45 . 2010-10-18 19:07   --------   d-----w-   c:\windows\system32\config\systemprofile\Tracing
2010-10-15 10:41 . 2010-10-15 10:41   --------   d-----w-   c:\users\admin\AppData\Roaming\Apple Computer
2010-10-10 22:05 . 2010-11-01 15:56   --------   d-----w-   c:\users\user\AppData\Roaming\vlc

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2010-08-30 15:30   222080   ------w-   c:\windows\system32\MpSigStub.exe
2010-09-25 22:13 . 2010-09-25 22:13   423656   ----a-w-   c:\windows\system32\deployJava1.dll
2010-09-21 21:43 . 2010-09-21 21:43   110592   ----a-r-   c:\users\user\AppData\Roaming\Microsoft\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\ARPPRODUCTICON.exe
2010-09-21 21:43 . 2010-09-21 21:43   102400   ----a-r-   c:\users\user\AppData\Roaming\Microsoft\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\NewShortcut6_206049A8CD534D8B87D5F66190F05AB3.exe
2010-09-21 21:43 . 2010-09-21 21:43   102400   ----a-r-   c:\users\user\AppData\Roaming\Microsoft\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\NewShortcut5_F4EE65F1A6CD4124B059E9FA9A98EBF7.exe
2010-09-21 21:43 . 2010-09-21 21:43   102400   ----a-r-   c:\users\user\AppData\Roaming\Microsoft\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\NewShortcut4_A414E067513C43BA8786F3DC788BC961.exe
2010-09-21 21:43 . 2010-09-21 21:43   102400   ----a-r-   c:\users\user\AppData\Roaming\Microsoft\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\NewShortcut3_BCB4A930B9F04A2480525A437423D92B.exe
2010-09-21 21:43 . 2010-09-21 21:43   102400   ----a-r-   c:\users\user\AppData\Roaming\Microsoft\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\NewShortcut2_B4703F8364D440ADB60E472AD5422128.exe
2010-09-08 09:17 . 2010-09-08 09:17   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17   69632   ----a-w-   c:\windows\system32\QuickTime.qts
2010-09-01 14:37 . 2010-09-01 14:37   378368   ----a-w-   c:\windows\system32\winhttp.dll
2010-09-01 14:37 . 2010-09-01 14:37   268800   ----a-w-   c:\windows\system32\es.dll
2010-09-01 14:36 . 2010-09-01 14:36   40960   ----a-w-   c:\windows\system32\drivers\fr-FR\http.sys.mui
2010-09-01 14:26 . 2010-09-01 14:26   97800   ----a-w-   c:\windows\system32\infocardapi.dll
2010-09-01 14:26 . 2010-09-01 14:26   622080   ----a-w-   c:\windows\system32\icardagt.exe
2010-09-01 14:26 . 2010-09-01 14:26   37384   ----a-w-   c:\windows\system32\infocardcpl.cpl
2010-09-01 14:26 . 2010-09-01 14:26   11264   ----a-w-   c:\windows\system32\icardres.dll
2010-09-01 14:26 . 2010-09-01 14:26   105016   ----a-w-   c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-09-01 14:26 . 2010-09-01 14:26   326160   ----a-w-   c:\windows\system32\PresentationHost.exe
2010-09-01 14:26 . 2010-09-01 14:26   781344   ----a-w-   c:\windows\system32\PresentationNative_v0300.dll
2010-09-01 14:26 . 2010-09-01 14:26   43544   ----a-w-   c:\windows\system32\PresentationHostProxy.dll
2010-09-01 13:57 . 2010-09-01 13:57   96760   ----a-w-   c:\windows\system32\dfshim.dll
2010-09-01 13:57 . 2010-09-01 13:57   41984   ----a-w-   c:\windows\system32\netfxperf.dll
2010-09-01 13:57 . 2010-09-01 13:57   83968   ----a-w-   c:\windows\system32\mscories.dll
2010-09-01 13:57 . 2010-09-01 13:57   282112   ----a-w-   c:\windows\system32\mscoree.dll
2010-09-01 13:57 . 2010-09-01 13:57   158720   ----a-w-   c:\windows\system32\mscorier.dll
2010-09-01 08:51 . 2010-09-01 08:51   34304   ----a-w-   c:\windows\system32\atmlib.dll
2010-09-01 08:51 . 2010-09-01 08:51   289792   ----a-w-   c:\windows\system32\atmfd.dll
2010-09-01 08:51 . 2010-09-01 08:51   24064   ----a-w-   c:\windows\system32\lpk.dll
2010-09-01 08:51 . 2010-09-01 08:51   156672   ----a-w-   c:\windows\system32\t2embed.dll
2010-09-01 08:51 . 2010-09-01 08:51   72704   ----a-w-   c:\windows\system32\fontsub.dll
2010-09-01 08:51 . 2010-09-01 08:51   10240   ----a-w-   c:\windows\system32\dciman32.dll
2010-09-01 08:49 . 2010-09-01 08:49   72704   ----a-w-   c:\windows\system32\admparse.dll
2010-09-01 08:49 . 2010-09-01 08:49   52736   ----a-w-   c:\windows\apppatch\iebrshim.dll
2010-09-01 08:49 . 2010-09-01 08:49   832512   ----a-w-   c:\windows\system32\wininet.dll
2010-09-01 08:49 . 2010-09-01 08:49   389120   ----a-w-   c:\windows\system32\html.iec
2010-09-01 08:49 . 2010-09-01 08:49   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-09-01 08:49 . 2010-09-01 08:49   48128   ----a-w-   c:\windows\system32\mshtmler.dll
2010-09-01 08:49 . 2010-09-01 08:49   1383424   ----a-w-   c:\windows\system32\mshtml.tlb
2010-09-01 08:49 . 2010-09-01 08:49   1830912   ----a-w-   c:\windows\system32\inetcpl.cpl
2010-09-01 08:49 . 2010-09-01 08:49   26624   ----a-w-   c:\windows\system32\ieUnatt.exe
2010-09-01 08:49 . 2010-09-01 08:49   56320   ----a-w-   c:\windows\system32\iesetup.dll
2010-09-01 08:48 . 2010-09-01 08:48   61440   ----a-w-   c:\windows\system32\winipsec.dll
2010-09-01 08:48 . 2010-09-01 08:48   361984   ----a-w-   c:\windows\system32\IPSECSVC.DLL
2010-09-01 08:48 . 2010-09-01 08:48   28672   ----a-w-   c:\windows\system32\FwRemoteSvr.dll
2010-09-01 08:48 . 2010-09-01 08:48   272896   ----a-w-   c:\windows\system32\polstore.dll
2010-09-01 08:47 . 2010-09-01 08:47   8192   ----a-w-   c:\windows\system32\riched32.dll
2010-09-01 08:47 . 2010-09-01 08:47   38400   ----a-w-   c:\windows\system32\kmddsp.tsp
2010-09-01 08:47 . 2010-09-01 08:47   20480   ----a-w-   c:\windows\system32\drivers\ndistapi.sys
2010-09-01 08:47 . 2010-09-01 08:47   77824   ----a-w-   c:\windows\system32\rascfg.dll
2010-09-01 08:47 . 2010-09-01 08:47   61952   ----a-w-   c:\windows\system32\drivers\wanarp.sys
2010-09-01 08:47 . 2010-09-01 08:47   52736   ----a-w-   c:\windows\system32\rasdiag.dll
2010-09-01 08:47 . 2010-09-01 08:47   49664   ----a-w-   c:\windows\system32\ndptsp.tsp
2010-09-01 08:47 . 2010-09-01 08:47   48640   ----a-w-   c:\windows\system32\drivers\ndproxy.sys
2010-09-01 08:47 . 2010-09-01 08:47   384000   ----a-w-   c:\windows\system32\netcfgx.dll
2010-09-01 08:47 . 2010-09-01 08:47   32768   ----a-w-   c:\windows\system32\rasmxs.dll
2010-09-01 08:47 . 2010-09-01 08:47   22016   ----a-w-   c:\windows\system32\rasser.dll
2010-09-01 08:47 . 2010-09-01 08:47   286208   ----a-w-   c:\windows\system32\ipnathlp.dll
2010-09-01 08:47 . 2010-09-01 08:47   13824   ----a-w-   c:\windows\system32\icsunattend.exe
2010-09-01 08:47 . 2010-09-01 08:47   70144   ----a-w-   c:\windows\system32\drivers\pacer.sys
2010-09-01 08:47 . 2010-09-01 08:47   619008   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2010-09-01 08:47 . 2010-09-01 08:47   36864   ----a-w-   c:\windows\system32\cdd.dll
2010-09-01 08:47 . 2010-09-01 08:47   33280   ----a-w-   c:\windows\system32\traffic.dll
2010-09-01 08:47 . 2010-09-01 08:47   15360   ----a-w-   c:\windows\system32\pacerprf.dll
2010-09-01 08:47 . 2010-09-01 08:47   13824   ----a-w-   c:\windows\system32\wshqos.dll
2010-09-01 08:47 . 2010-09-01 08:47   134656   ----a-w-   c:\windows\system32\dps.dll
2010-09-01 08:46 . 2010-09-01 08:46   84992   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2010-09-01 08:46 . 2010-09-01 08:46   306688   ----a-w-   c:\windows\system32\drivers\srv.sys
2010-09-01 08:45 . 2010-09-01 08:45   95232   ----a-w-   c:\windows\system32\PortableDeviceClassExtension.dll
2010-09-01 08:45 . 2010-09-01 08:45   241152   ----a-w-   c:\windows\system32\PortableDeviceApi.dll
2010-09-01 08:45 . 2010-09-01 08:45   160768   ----a-w-   c:\windows\system32\PortableDeviceTypes.dll
2010-09-01 08:45 . 2010-09-01 08:45   87040   ----a-w-   c:\windows\system32\msoert2.dll
2010-09-01 08:45 . 2010-09-01 08:45   39424   ----a-w-   c:\windows\system32\ACCTRES.dll
2010-09-01 08:45 . 2010-09-01 08:45   205824   ----a-w-   c:\windows\system32\msoeacct.dll
2010-09-01 08:44 . 2010-09-01 08:44   9728   ----a-w-   c:\windows\system32\TCPSVCS.EXE
2010-09-01 08:44 . 2010-09-01 08:44   8704   ----a-w-   c:\windows\system32\HOSTNAME.EXE
2010-09-01 08:44 . 2010-09-01 08:44   27136   ----a-w-   c:\windows\system32\NETSTAT.EXE
2010-09-01 08:44 . 2010-09-01 08:44   19968   ----a-w-   c:\windows\system32\ARP.EXE
2010-09-01 08:44 . 2010-09-01 08:44   17920   ----a-w-   c:\windows\system32\ROUTE.EXE
2010-09-01 08:44 . 2010-09-01 08:44   15360   ----a-w-   c:\windows\system32\netevent.dll
2010-09-01 08:44 . 2010-09-01 08:44   11264   ----a-w-   c:\windows\system32\MRINFO.EXE
2010-09-01 08:44 . 2010-09-01 08:44   103936   ----a-w-   c:\windows\system32\netiohlp.dll
2010-09-01 08:44 . 2010-09-01 08:44   10240   ----a-w-   c:\windows\system32\finger.exe
2010-09-01 08:42 . 2010-09-01 08:42   704000   ----a-w-   c:\windows\system32\PhotoScreensaver.scr
2010-09-01 08:42 . 2010-09-01 08:42   356352   ----a-w-   c:\windows\system32\wbem\wbemcomn.dll
2010-09-01 08:42 . 2010-09-01 08:42   24064   ----a-w-   c:\windows\system32\wtsapi32.dll
2010-09-01 08:42 . 2010-09-01 08:42   258232   ----a-w-   c:\windows\system32\drivers\acpi.sys
2010-09-01 08:42 . 2010-09-01 08:42   20920   ----a-w-   c:\windows\system32\drivers\compbatt.sys
2010-09-01 08:42 . 2010-09-01 08:42   14208   ----a-w-   c:\windows\system32\drivers\CmBatt.sys
2010-09-01 08:42 . 2010-09-01 08:42   11264   ----a-w-   c:\windows\system32\drivers\wmiacpi.sys
2010-09-01 08:42 . 2010-09-01 08:42   28344   ----a-w-   c:\windows\system32\drivers\battc.sys
2010-09-01 08:42 . 2010-09-01 08:42   542720   ----a-w-   c:\windows\system32\sysmain.dll
2010-09-01 08:42 . 2010-09-01 08:42   194560   ----a-w-   c:\windows\system32\WebClnt.dll
2010-09-01 08:42 . 2010-09-01 08:42   110080   ----a-w-   c:\windows\system32\drivers\mrxdav.sys
2010-09-01 08:41 . 2010-09-01 08:41   47104   ----a-w-   c:\windows\system32\wlanapi.dll
2010-09-01 08:41 . 2010-09-01 08:41   123904   ----a-w-   c:\windows\system32\L2SecHC.dll
2010-09-01 08:41 . 2010-09-01 08:41   67584   ----a-w-   c:\windows\system32\wlanhlp.dll
2010-09-01 08:41 . 2010-09-01 08:41   502272   ----a-w-   c:\windows\system32\wlansvc.dll
2010-09-01 08:41 . 2010-09-01 08:41   297984   ----a-w-   c:\windows\system32\wlansec.dll
2010-09-01 08:41 . 2010-09-01 08:41   290816   ----a-w-   c:\windows\system32\wlanmsm.dll
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}]
2010-08-19 12:24   135840   ----a-w-   c:\program files\Fluendo\Moovida\spointer\extensions\moovida_air_ie.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}]
2010-10-08 16:23   135000   ----a-w-   c:\program files\OfferBox\OfferBoxBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2010-09-01 1006264]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-05-07 344736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BboxUpdate"="c:\program files\BboxUpdate\eStantAutoRunV.exe" [2008-04-14 6144]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-05-06 132184]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S2 eStantLaunchService;eStantLaunchService;c:\program files\BboxUpdate\eSRunService.exe [2008-04-29 20480]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ      PLA DPS BFE mpssvc
bthsvcs   REG_MULTI_SZ      BthServ
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
HPService   REG_MULTI_SZ      HPSLPSVC
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Ajouter à l'Anti-bannière - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kd3c9nwi.default\
FF - component: c:\program files\Fluendo\Moovida\spointer\extensions\moovida@spointer.com\components\moovida_air_ff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kd3c9nwi.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-03 20:46
Windows 6.0.6000  NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2010-11-03  20:50:48
ComboFix-quarantined-files.txt  2010-11-03 19:50

Avant-CF: 54 080 094 208 octets libres
Après-CF: 54 008 479 744 octets libres

- - End Of File - - 70848167BA217E88FFB354A4C0FD651B
Patrick 31
Visiteur
Visiteur
 
Messages: 8
Inscription: 31 Oct 2010 17:40
 

Re: Virus GEMEO

Message le 03 Nov 2010 21:23

ok comment cela va maintenant?

si tu as encore le soucis fait ceci.


Télécharge >>OTM<< (de Old_Timer) sur ton Bureau.


>> Pour VISTA : Clic-droit et choisis "Exécuter en tant qu'administrateur".

>> AVAST reconnait ce logiciel comme un intrus, donc le désactiver le temps des manipulations.

Double-clique sur OTM pour le lancer. Image

Copie la liste qui se trouve en citation ci-dessous:

:Files
c:\program files\Fluendo\Moovida\spointer\extensions\moovida_air_ie.dll
c:\program files\OfferBox\OfferBoxBHO.dll
:Commands
[purity]
[emptytemp]
[Reboot]


et colle-la dans le cadre de gauche de OTM sous ceci:

Image

Clique sur Image pour lancer la suppression.
attendre la fin du travail de l'outil puis fermer OTM

Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTM\MovedFiles\06092009_130526.log "Exemple"

NB: Il te sera peut-être demandé de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Oui/Yes.
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: Virus GEMEO

Message le 03 Nov 2010 23:15

Salut Bernard

je crois que tu lui a fait la peau, j'ai lancé plusieurs fois Google et chaque fois je tombe sur le bon site sans être redirigé vers des sites de merd...
je te remercie beaucoup pour ta compétence et ta disponibilité tu es super !!!!
je garde quand même tes coordonnées au cas où ?????

merci encore tu as toute ma gratitude
bien cordialement
Patrick
Patrick 31
Visiteur
Visiteur
 
Messages: 8
Inscription: 31 Oct 2010 17:40
 

Re: Virus GEMEO

Message le 04 Nov 2010 12:37

Ok content que cette fois tout va. :wink:


Fait ceci pour supprimer les logiciels qui ont servis à cette désinfection.
>> Télécharge ToolsCleaner (de A.Rothstein & dj QUIOU) http://pc-system.fr/TC/ToolsCleaner2.exe

>> Double-clique dessus pour lancer le programme

>> Clique sur Recherche et laisse le scan se terminer (il peut durer une dizaine de minutes au maximum).

>> Une fois la recherche lancée, ne clique pas dans la fenêtre, cela provoquerait un léger bug du programme.

>> Si toutes fois la mention (ne réponds pas) apparaissait dans le titre de la fenêtre ToolsCleaner, ne t'en occupes pas et laisse quand même le programme terminer son travail

** Clique sur Suppression pour finaliser.

• Tu peux, si tu le souhaites, te servir des Options facultatives.

**Poste-moi le rapport qui apparait



Puis::


Bon maintenant on va mettre la restauration du système propre.
Pour cela:

1- Valides les touches Windows et Pause en même temps.

Puis Protection du système

Sur cette fenêtre décoches la case concernant le DD ou est installé ton système normalement C:

Valide et acceptes les demandes suivantes.

***Pour Windows 7** il faut valider l'onglet Configurer puis valider la désactivation de la restauration.

**Toujours sur cette même fenêtre : Il te faut donc maintenant recrée un nouveau point de restauration.

Coche cette même case et valides cela par l’onglet APPLIQUER puis onglet « CREER »

Nommes ce point PC- Clean: Valides.

Vous pouvez maintenant fermer toutes les fenêtres.

Bonne journée
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 



Sujets similaires

Message [Réglé] choix anti virus
bonjour a tous, je viens de changer mon pc et j'aimerai vos avis sur le choix de l anti virus.
Réponses: 8

Message HELP je pense avoir un virus
Bonsoir,Première fois que ce genre de chose m'arrive, j'ai d'abord été hackée sur Instagram, pensant que ca s'arrêterait làEnsuite ca a été au tour de STEAM malgré le steam guard ( identification à 2 facteurs) puis Linkedin !! Je n'ai eu aucune alerte de connexion, que ce soit par sms ou email !! J' ...
Réponses: 12

Message Aide suite à une analyse FRST contre un virus vbc.exe
Bonjour tout le monde, J'ai récemment constaté que j'étais infecté par un virus lié à vbc.exe, ce qui entraîne une utilisation du CPU allant jusqu'à 30% voire 40%. J'ai donc effectué mes analyses FRST et voici les rapports obtenus : - FRST.txt: https://pjjoint.malekal.com/files.php?id=FRST_20240315_ ...
Réponses: 3

Message [Réglé] Petite vérification virus
Salut Heravles ,Merci et bonne année a toi également et aussi a toute ta famille.Oui désolé j'ai pas fais attention quand j'ai téléchargé le logiciel alors que je sais très bien qu'il fallait le faire sur le bureau. Je ferais plus attention la prochaine fois.Nickel si mon Pc et pas infecté.Je t'envo ...
Réponses: 5

Message 22h2 bogues tpm et centre de sécurité: virus?
Salut,J'ai refait iso et formaté override le disque. Un reset électrique du PC.Je suis sur W11 PRO 64 v22621.525 (même bogue sur la première iso 22h2 fournie par Microsoft en 22621.382).WU est désactivé avant connexion a internet via gpedit.msc.J'ai installé à neuf en compte local. J'installe sans i ...
Réponses: 17

Message anti virus gratuit
Bonjour,Avez-vous un anti virus nettoyeur gratuit en français a me conseiller pour mon j3 2016 samsung.Cordialement.
Réponses: 3

Message Des VIRUS (encore ?)
Bonjour Bernard,merci pour ton aide, j'ai donc supprimé les logiciels adobe que j'avais cracké,voici les nouvelles analyses:Addition : https://cjoint.com/c/LKduLSQQmLnFRST : https://cjoint.com/c/LKduNhgM1vnShortcut : https://cjoint.com/c/LKduNycdWwnCordialement
Réponses: 7


Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 16 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.