[OK] Infection?

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Rapports OTL

Messagede genesis973 » 26 Juil 2010, 07:22

Bonjour,


OTL logfile created on: 2010-07-26 08:05:58 - Run 8
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Philippe\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 54.83 Gb Total Space | 14.54 Gb Free Space | 26.53% Space Free | Partition Type: FAT32
Drive D: | 36.45 Gb Total Space | 36.44 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 465.65 Gb Total Space | 322.39 Gb Free Space | 69.24% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: PHILIPPE_ELO
Current User Name: Philippe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-07-21 19:38:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Philippe\Bureau\OTL.scr
PRC - [2010-06-15 16:33:44 | 000,141,624 | ---- | M] (Apple Inc.) -- H:\Programmes\iTunesHelper.exe
PRC - [2010-06-10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010-05-20 20:56:46 | 000,943,600 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Philippe\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010-04-03 00:15:22 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
PRC - [2010-02-26 07:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\Philippe\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2010-01-08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009-07-21 14:34:00 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009-05-13 16:47:42 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009-03-02 13:08:12 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008-04-14 04:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-06-20 21:08:48 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
PRC - [2006-03-23 00:13:46 | 001,591,808 | ---- | M] (YourWare Solutions (TM)) -- C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
PRC - [2005-12-28 11:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005-12-28 11:45:02 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005-12-28 11:44:24 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005-11-10 06:47:20 | 000,102,400 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
PRC - [2005-11-09 22:11:36 | 002,170,880 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2005-10-05 17:50:22 | 000,086,016 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Asus\Power4 Gear\BatteryLife.exe
PRC - [2005-02-16 16:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
PRC - [2003-11-26 22:44:20 | 000,061,440 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2002-06-03 11:38:12 | 000,049,152 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\opware32.exe


========== Modules (SafeList) ==========

MOD - [2010-07-21 19:38:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Philippe\Bureau\OTL.scr
MOD - [2008-04-14 04:32:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2002-06-03 11:37:50 | 000,167,936 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010-06-10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010-04-27 13:43:48 | 000,611,840 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010-01-08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009-09-03 11:53:00 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009-07-21 14:34:00 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009-05-13 16:47:42 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2006-06-20 21:08:48 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005-12-28 11:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2005-12-28 11:45:02 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2005-12-28 11:44:24 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2003-11-26 22:44:20 | 000,061,440 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\threadPRIORITY.sys -- (ThreadPriority)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\R-Drive Image\R-ImageDisk.sys -- (R-ImageDisk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\hcw95rc.sys -- (hcw95rc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\hcw95bda.sys -- (hcw95bda)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\R-Drive Image\DrvSnSht.sys -- (DrvSnSht)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys -- (BTKRNL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio)
DRV - [2010-02-26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010-02-26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010-02-26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010-02-26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010-02-26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010-02-26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009-11-25 12:19:04 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009-08-24 12:22:58 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)
DRV - [2009-08-24 12:22:58 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)
DRV - [2009-06-17 17:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009-06-17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009-06-17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009-05-11 10:11:54 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-03-30 10:32:48 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009-03-05 09:14:50 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009-02-13 12:34:34 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009-01-30 09:12:00 | 006,250,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-08-11 16:17:48 | 000,037,440 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdklbf.drv -- (PsSdkLBF)
DRV - [2008-08-11 16:17:48 | 000,030,272 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk31.drv -- (PsSdk31)
DRV - [2008-04-13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008-04-13 18:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2008-04-03 19:07:34 | 000,010,240 | ---- | M] (Atola) [Kernel | On_Demand | Stopped] -- H:\Program\LiberKey\Apps\PartitionFindandMount\App\PartitionFindandMount\slicedisk.sys -- (SliceDisk5)
DRV - [2007-09-25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- H:\Programmes\LiberKey\Apps\MediaCoder\App\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007-05-02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007-05-02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007-05-02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005-12-28 13:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005-12-13 15:10:00 | 000,007,040 | ---- | M] (Freecom) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gonzales.sys -- (Gonzales)
DRV - [2005-12-05 00:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005-11-28 21:55:46 | 000,012,160 | ---- | M] (Freecom) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Bonifay.sys -- (Bonifay)
DRV - [2005-11-16 03:08:16 | 000,078,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTL8023xp)
DRV - [2005-10-21 02:13:08 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005-09-08 02:20:52 | 003,959,808 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005-08-24 13:49:04 | 000,030,189 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2005-07-14 12:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys -- (risdptsk)
DRV - [2005-07-12 19:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005-05-26 19:19:00 | 000,839,724 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005-04-18 06:24:44 | 000,646,656 | R--- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2005-02-17 10:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2004-03-08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003-12-05 11:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003-07-29 07:18:32 | 000,028,518 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://fr.gdark.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.gdark.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com

IE - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter =
IE - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.gdark.com
IE - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Gdark
IE - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://fr.gdark.com/search.php?cx=partn ... e=UTF-8&q={searchTerms}
IE - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
IE - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://fr.gdark.com
IE - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Chercher Malin"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.1.6
FF - prefs.js..extensions.enabledItems: {75493B06-1504-4976-9A55-B6FE240FF0BF}:2.2
FF - prefs.js..extensions.enabledItems: bettergmail2@ginatrapani.org:1.2
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: en-CA@dictionaries.addons.mozilla.org:1.1.5
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.7
FF - prefs.js..extensions.enabledItems: fr-FR@dictionaries.addons.mozilla.org:3.5
FF - prefs.js..extensions.enabledItems: fr@dictionaries.addons.mozilla.org:3.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: en-AU@dictionaries.addons.mozilla.org:2.1.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: tagmarks@felipc.com:1.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {372765b9-6955-41a7-a0c9-062e4d323756}:1.03
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.8.1
FF - prefs.js..extensions.enabledItems: gmailthis@lazyrussian.com:2.2.9
FF - prefs.js..extensions.enabledItems: {A5C87640-F7CF-11DA-974D-0800200C9A66}:0.2.1
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3
FF - prefs.js..keyword.URL: "http://redirecterror.sfr.fr/?q="

FF - user.js..keyword.URL: "http://redirecterror.sfr.fr/?q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-04-03 00:16:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2006-08-22 17:34:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2006-08-22 17:34:38 | 000,000,000 | ---D | M]

[2008-08-09 13:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Extensions
[2006-08-22 17:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions
[2007-06-11 18:09:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\{0784CD66-62FE-4cef-ABF4-F8ED9B654ACC}
[2010-03-08 20:00:16 | 000,000,000 | ---D | M] (Radio France Toolbar) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\{1a2cd84f-2175-4ae8-bd60-ce0d04442b4f}
[2010-04-30 09:45:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-02-28 20:28:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010-04-04 15:40:54 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\{372765b9-6955-41a7-a0c9-062e4d323756}
[2009-10-15 21:14:26 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010-02-11 23:34:24 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2010-01-23 15:38:04 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2009-02-10 22:13:50 | 000,000,000 | ---D | M] (Barre de confiance) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\{75493B06-1504-4976-9A55-B6FE240FF0BF}
[2009-06-03 20:23:06 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010-05-27 08:46:58 | 000,000,000 | ---D | M] (Mobile Barcoder) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\{A5C87640-F7CF-11DA-974D-0800200C9A66}
[2010-04-23 18:02:16 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2008-06-17 23:30:52 | 000,000,000 | ---D | M] (MEDIADICO Familial) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\{b055c535-4a3a-11db-9659-00e08161165f}
[2010-04-23 18:02:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010-04-23 18:00:38 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010-03-30 23:50:56 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010-04-23 18:02:02 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009-09-12 21:41:38 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010-04-23 18:02:12 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010-05-19 19:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\autopager@mozilla.org
[2010-05-19 19:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\bettergmail2@ginatrapani.org
[2008-02-19 19:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\en-AU@dictionaries.addons.mozilla.org
[2009-11-11 09:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\en-CA@dictionaries.addons.mozilla.org
[2006-12-19 21:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2008-01-03 22:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\ffe_opaque_clrtabs@game-point.net
[2010-05-19 19:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\firebug@software.joehewitt.com
[2010-02-12 00:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\fr@dictionaries.addons.mozilla.org
[2010-02-12 00:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\fr-FR@dictionaries.addons.mozilla.org
[2010-04-04 15:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\gmailthis@lazyrussian.com
[2010-04-23 18:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\personas@christopher.beard
[2010-03-20 17:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\piclens@cooliris.com
[2008-12-14 22:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\rtmgmail@rememberthemilk.com
[2008-08-31 19:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\tagmarks@felipc.com
[2007-06-11 13:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\videodowloader@videodownloader.net
[2010-03-20 17:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\wikilook@testpilot
[2010-02-11 23:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions
[2010-02-11 23:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2010-02-11 23:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions
[2010-02-11 23:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2008-12-30 19:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Sunbird\Profiles\yi305cgi.default\extensions
[2008-11-17 08:51:24 | 000,005,179 | ---- | M] () -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\searchplugins\BitTorrent.xml
[2009-05-27 23:24:12 | 000,001,571 | ---- | M] () -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\searchplugins\Gdark.xml
[2009-07-30 20:32:04 | 000,002,375 | ---- | M] () -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\4mriagw0.default\searchplugins\Chercher Malin.xml
[2010-05-20 13:58:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007-02-26 18:25:58 | 000,000,000 | ---D | M] (MSN Pictures Displayer) -- C:\Program Files\Mozilla Firefox\extensions\{0497D7FA-B45F-11DB-9DCC-3D3756D89593}
[2010-07-18 17:26:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008-05-22 05:56:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru
[2006-10-10 22:57:38 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2008-06-30 22:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2005-12-05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2010-04-12 17:29:20 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-04-01 19:07:30 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010-04-01 19:07:30 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010-04-01 19:07:30 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010-04-01 19:07:30 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010-04-01 19:07:30 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2009-10-14 11:48:48 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\Neuf\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.EXE (ASYSTeK Computer INC.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] H:\Programmes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions (TM))
O4 - Startup: C:\Documents and Settings\Philippe\Menu Démarrer\Programmes\Démarrage\Dropbox.lnk = C:\Documents and Settings\Philippe\Application Data\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O7 - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-3148158295-4140714283-3407515131-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download Video on This Page - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html ()
O8 - Extra context menu item: Download Video This Links To - C:\Program Files\Tomato\YouTube Video Downloader\IELink.html ()
O9 - Extra Button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - Reg Error: Key error. File not found
O9 - Extra Button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html ()
O9 - Extra 'Tools' menuitem : Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Philippe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Philippe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006-06-05 22:00:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{0657d734-32d3-11df-84d2-0013024a62be}\Shell\AutoRun\command - "" = F:\PenInkViewer\Viewer_for_Windows\PenInkViewer.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-07-25 23:09:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Philippe\Recent
[2010-07-25 23:02:46 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010-07-25 23:02:46 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010-07-25 23:02:46 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010-07-25 23:02:45 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010-07-25 23:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010-07-25 23:02:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010-07-24 22:42:51 | 000,000,000 | ---D | C] -- C:\Avenger
[2010-07-24 22:17:16 | 000,288,654 | ---- | C] ( ) -- C:\Documents and Settings\Philippe\Bureau\SafeBootKeyRepair.exe
[2010-07-22 22:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Bureau\Reports incident du 20 juillet
[2010-07-22 07:55:36 | 000,000,000 | ---D | C] -- C:\FyK
[2010-07-21 19:38:24 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Philippe\Bureau\OTL.scr
[2010-07-21 19:38:08 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Philippe\Bureau\OTH.scr
[2010-07-21 14:55:30 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2010-07-21 11:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Bureau\tsc
[2010-07-21 11:20:28 | 001,870,896 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Philippe\Bureau\HousecallLauncher.exe
[2010-07-20 20:17:10 | 000,000,000 | -HSD | C] -- C:\FOUND.000
[2010-07-19 21:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Application Data\DiskAid
[2010-07-19 21:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\DigiDNA
[2010-07-18 19:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Bureau
[2010-07-18 17:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010-07-18 17:26:30 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010-07-18 17:26:30 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-07-18 17:26:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-07-18 17:26:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-07-18 14:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010-07-18 14:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Bureau\MyDocuments
[2010-07-15 01:17:55 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010-07-03 20:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Application Data\AVS4YOU
[2010-07-03 20:35:10 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2010-07-03 20:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\AVSMedia
[2010-07-03 20:35:09 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2010-07-03 20:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010-07-03 20:35:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010-06-27 16:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Local Settings\Application Data\Orange
[2010-06-27 16:43:54 | 000,094,208 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\w32n50.dll
[2010-06-27 16:43:54 | 000,034,688 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\pcampr5.sys
[2010-06-27 16:43:54 | 000,032,128 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\pcandis5.sys
[2010-06-27 16:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\Orange
[2010-06-27 16:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\France Telecom

========== Files - Modified Within 30 Days ==========

[2010-07-26 03:30:02 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-07-26 03:30:02 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-07-25 23:12:26 | 000,193,994 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-07-25 23:12:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-07-25 23:11:56 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3148158295-4140714283-3407515131-1005.job
[2010-07-25 23:11:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-07-25 23:11:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-07-25 23:10:58 | 2146,881,536 | -HS- | M] () -- C:\hiberfil.sys
[2010-07-25 23:09:04 | 014,942,208 | ---- | M] () -- C:\Documents and Settings\Philippe\ntuser.dat
[2010-07-25 23:09:04 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\Philippe\ntuser.ini
[2010-07-25 23:03:02 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2010-07-25 22:55:58 | 002,105,910 | -H-- | M] () -- C:\Documents and Settings\Philippe\Local Settings\Application Data\IconCache.db
[2010-07-25 14:23:28 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CDBB5654-9B23-4C30-A2A5-C4D62D6B5C11}.job
[2010-07-25 12:54:40 | 047,817,536 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\cureit.exe
[2010-07-24 22:24:02 | 1610,612,736 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010-07-24 22:16:54 | 000,288,654 | ---- | M] ( ) -- C:\Documents and Settings\Philippe\Bureau\SafeBootKeyRepair.exe
[2010-07-24 12:27:24 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Philippe\Mes documents\PDVD_MediaDisc.PlayList
[2010-07-23 17:10:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-07-22 23:28:20 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Anti-Malware.job
[2010-07-22 07:54:58 | 001,332,009 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\Setup.exe
[2010-07-21 22:26:30 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3148158295-4140714283-3407515131-1005.job
[2010-07-21 20:49:18 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010-07-21 19:38:38 | 000,000,371 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\scan.zip
[2010-07-21 19:38:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Philippe\Bureau\OTL.scr
[2010-07-21 19:38:10 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Philippe\Bureau\OTH.scr
[2010-07-21 11:22:18 | 002,331,463 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\tsc.zip
[2010-07-21 11:20:32 | 001,870,896 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Philippe\Bureau\HousecallLauncher.exe
[2010-07-20 21:12:06 | 000,001,208 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-07-20 21:12:02 | 000,164,597 | ---- | M] () -- C:\Documents and Settings\Philippe\Mes documents\Save Compte.SAV.CM
[2010-07-20 20:08:28 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Philippe\Local Settings\Application Data\housecall.guid.cache
[2010-07-20 20:05:48 | 000,178,688 | ---- | M] () -- C:\Documents and Settings\Philippe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-07-20 19:30:24 | 000,071,268 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010-07-19 08:14:56 | 000,360,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-07-18 19:30:04 | 000,098,824 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2010-07-18 17:28:30 | 015,204,352 | ---- | M] () -- C:\Documents and Settings\Philippe\ntuser.bak
[2010-07-12 14:48:16 | 004,571,980 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\dossier randos les croix.odt
[2010-07-03 20:57:54 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-07-01 11:03:18 | 000,025,713 | ---- | M] () -- C:\WINDOWS\CSTBox.INI

========== Files Created - No Company Name ==========

[2010-07-25 23:03:01 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2010-07-25 12:56:10 | 047,817,536 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\cureit.exe
[2010-07-24 22:16:22 | 000,731,136 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\avenger.exe
[2010-07-24 12:27:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Philippe\Mes documents\PDVD_MediaDisc.PlayList
[2010-07-22 07:54:57 | 001,332,009 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\Setup.exe
[2010-07-21 19:38:35 | 000,000,371 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\scan.zip
[2010-07-21 11:22:17 | 002,331,463 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\tsc.zip
[2010-07-21 10:51:56 | 1610,612,736 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2010-07-20 21:11:57 | 000,164,597 | ---- | C] () -- C:\Documents and Settings\Philippe\Mes documents\Save Compte.SAV.CM
[2010-07-20 20:08:27 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Philippe\Local Settings\Application Data\housecall.guid.cache
[2010-07-18 16:59:02 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Philippe\ntuser.rhk.LOG
[2010-07-12 14:48:09 | 004,571,980 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\dossier randos les croix.odt
[2010-06-29 08:40:03 | 000,183,776 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009-08-03 19:40:11 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009-08-03 19:40:11 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009-03-31 21:30:18 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-03-31 21:30:14 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-03-31 21:30:14 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-03-31 21:30:13 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-03-31 21:30:10 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-03-31 21:30:10 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-07-14 14:51:47 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008-05-26 22:23:32 | 000,016,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008-05-26 22:23:30 | 000,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008-05-26 22:23:28 | 000,016,036 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008-05-20 15:49:26 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008-05-06 18:23:58 | 000,032,825 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008-05-06 18:23:39 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2008-05-06 18:19:57 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008-02-14 23:08:11 | 000,000,023 | -HS- | C] () -- C:\WINDOWS\System32\ffbfec7_g.dll
[2008-02-07 20:42:14 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008-02-07 20:25:26 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007-12-11 22:22:15 | 000,000,064 | ---- | C] () -- C:\WINDOWS\yesmessenger.ini
[2007-12-03 09:13:29 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2007-10-25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007-08-03 00:08:30 | 000,000,259 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2007-06-14 19:52:24 | 000,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2007-04-05 18:42:37 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007-03-07 21:39:16 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2007-03-07 21:39:13 | 000,028,518 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2007-03-07 21:39:13 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2007-01-07 18:22:14 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006-11-22 22:44:01 | 000,000,111 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006-11-19 14:17:00 | 000,000,371 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006-11-03 15:15:34 | 000,000,708 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-11-03 15:15:33 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006-11-03 15:15:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2006-10-03 23:52:51 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006-09-20 21:24:54 | 000,000,049 | ---- | C] () -- C:\WINDOWS\MobileDB_PC.ini
[2006-08-16 20:55:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006-08-16 18:36:31 | 000,000,058 | ---- | C] () -- C:\WINDOWS\RTEDiag.INI
[2006-08-16 11:03:39 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\RTELM.dll
[2006-08-12 22:26:55 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2006-06-05 22:28:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006-06-05 22:03:40 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006-06-05 16:30:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006-01-02 21:16:32 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\ABLKSR.ini
[2005-12-07 12:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005-11-21 10:51:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005-11-21 10:51:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005-11-21 10:51:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005-11-21 10:51:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005-05-26 19:12:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2005-05-26 19:12:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2005-05-26 19:12:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2005-05-26 19:12:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2005-05-26 19:12:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2005-05-26 19:12:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2005-05-26 19:12:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2005-05-26 19:12:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2005-05-26 19:12:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2005-03-14 14:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005-02-17 10:07:48 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2004-09-20 17:49:44 | 000,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS
[2004-09-20 17:49:44 | 000,002,538 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003-09-22 01:49:36 | 000,015,190 | R--- | C] () -- C:\WINDOWS\M2000Twn.ini
[2000-04-14 16:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1998-06-11 14:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[1997-11-19 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997-11-19 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
<End>
genesis973
 
Messages: 36
Inscription: 21 Juil 2010, 10:03

OTL Extra

Messagede genesis973 » 26 Juil 2010, 07:26

Voilà la suite,

Pour info, le PC se comporte "normalement".
Le WiFi fonctionne, la gestion des périphériques "son" est revenu. Il n'est pas ralentit.
J'ai réinstallé Avira, car je n'avais plus d'anti-virus fonctionnel.
Kerio ne fonctionne tjrs pas.


OTL Extras logfile created on: 2010-07-26 08:05:58 - Run 8
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Philippe\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 54.83 Gb Total Space | 14.54 Gb Free Space | 26.53% Space Free | Partition Type: FAT32
Drive D: | 36.45 Gb Total Space | 36.44 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 465.65 Gb Total Space | 322.39 Gb Free Space | 69.24% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: PHILIPPE_ELO
Current User Name: Philippe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hta [@ = ] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3148158295-4140714283-3407515131-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\Tasks\explorer.exe" = C:\WINDOWS\Tasks\explorer.exe:*:Enabled:Explorer -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Palm\HOTSYNC.EXE" = C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application -- File not found
"C:\Program Files\Messenger\MSMSGS.EXE" = C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger -- File not found
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe" = C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI -- File not found
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe" = C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0 -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- File not found
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- File not found
"C:\Documents and Settings\Philippe\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Philippe\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"C:\Program Files\sfr\Media Center\httpd\httpd.exe" = C:\Program Files\sfr\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR) -- (Apache Software Foundation)
"H:\Programmes\iTunes.exe" = H:\Programmes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
"{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}" = REALTEK PCIE NIC Driver
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA
"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = BisonCam, NB Pro
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photorécit 3 pour Windows
"{511DF669-2930-30C0-8EB6-552887E29EC8}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
"{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}" = Microsoft .NET Framework 3.5 Language Pack - fra
"{5D26BF7B-BEF6-477D-8FC1-0C1C159B6364}_is1" = Quicksys RegDefrag 2.1
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{6378CFE7-D898-4C41-A7DD-4BB54ED80BB7}" = MyScript Notes for DANE-ELEC
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69B040CC-E9B1-4769-950E-87786C9E16AD}" = OpenOffice.org 3.2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}" = HP Precisionscan Pro 3.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F815C5F-D2A4-4173-B7C0-55A9D6F87E38}" = MobileMe Control Panel
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox 4.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C514C594-23AA-4F13-A070-DB8BDB27594F}" = Windows Live Mail
"{C5667570-09EF-4776-857B-DDFD461405D5}" = Scrypto LuCipher Freeware
"{C964A549-C74A-11D3-B88A-00A0C9379093}" = CyberGestion
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{DCD22647-6D31-479D-8F97-16D0AA934D9E}" = PC Connectivity Solution
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = Utilitaire de configuration iPhone
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Package de pilotes Windows - Nokia Modem (11/03/2006 6.82.0.1)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"504244733D18C8F63FF584AEB290E3904E791693" = Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"7-Zip" = 7-Zip 9.07 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Asus ChkMail" = Asus ChkMail
"Asus_A_Series_ScreenSaver" = Asus_A_Series_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BankPerfect" = BankPerfect 6.51
"CCleaner" = CCleaner
"CODACOD V2" = CODACOD V2
"Code du Travail_is1" = Code du Travail
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"DivX Codec" = DivX Pro Codec
"DVD Audio Extractor_is1" = DVD Audio Extractor 4.0.2
"DVD Shrink_is1" = DVD Shrink 3.2
"Firefox Windows Media Player XPI" = Firefox Windows Media Player XPI
"FLVplayer" = FLV Player
"Foxit Creator" = Foxit Creator
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.6.2
"Freecom Backup Software_is1" = Freecom Backup Software 1.15
"Freecom Personal Media Suite_is1" = Freecom Personal Media Suite 2.24
"GMailFS" = GMail Drive Shell Extension
"HControl" = ATK0100 ACPI UTILITY
"ie7" = Windows Internet Explorer 7
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Full)
"La Marmite du Chef_is1" = La Marmite du Chef 6.3.0
"LameACM" = Lame ACM MP3 Codec
"LHTTSFRF" = L&H TTS3000 Français
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack - fra" = Module linguistique Microsoft .NET Framework 3.5 - fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup_is1" = MozBackup 1.4.4
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nokia PC Suite" = Nokia PC Suite
"NoteSearch" = NoteSearch 1.6
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"Power Sound Editor Free" = Power Sound Editor Free
"ProInst" = Logiciel Intel(R) PROSet/Wireless
"RealAlt_is1" = Real Alternative 1.8.0
"RealPlayer 12.0" = RealPlayer
"RocketDock_is1" = RocketDock 1.3.5
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SFR_Kit" = SFR - Kit de connexion
"SFR_Media Center" = SFR - Media Center
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinGTK-2_is1" = GTK+ 2.8.18-1 runtime environment
"WinLiveSuite_Wave3" = Installation Windows Live
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YouTube Video Downloader_is1" = YouTube Video Downloader 2.2.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3148158295-4140714283-3407515131-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-07-25 21:44:53 | Computer Name = PHILIPPE_ELO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8125

Error - 2010-07-25 21:44:55 | Computer Name = PHILIPPE_ELO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2010-07-25 21:44:55 | Computer Name = PHILIPPE_ELO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10094

Error - 2010-07-25 21:44:55 | Computer Name = PHILIPPE_ELO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10094

Error - 2010-07-25 21:44:57 | Computer Name = PHILIPPE_ELO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2010-07-25 21:44:57 | Computer Name = PHILIPPE_ELO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12109

Error - 2010-07-25 21:44:57 | Computer Name = PHILIPPE_ELO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12109

Error - 2010-07-25 21:44:59 | Computer Name = PHILIPPE_ELO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2010-07-25 21:44:59 | Computer Name = PHILIPPE_ELO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14125

Error - 2010-07-25 21:44:59 | Computer Name = PHILIPPE_ELO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14125

[ System Events ]
Error - 2010-07-25 16:12:25 | Computer Name = PHILIPPE_ELO | Source = Service Control Manager | ID = 7000
Description = Le service CMC Thread Priority n'a pas pu démarrer en raison de l'erreur :
%%2

Error - 2010-07-25 16:12:25 | Computer Name = PHILIPPE_ELO | Source = Service Control Manager | ID = 7000
Description = Le service tmcomm n'a pas pu démarrer en raison de l'erreur : %%2

Error - 2010-07-25 16:54:04 | Computer Name = PHILIPPE_ELO | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service wuauserv
avec les arguments "" pour démarrer le serveur : {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 2010-07-25 16:59:26 | Computer Name = PHILIPPE_ELO | Source = Service Control Manager | ID = 7000
Description = Le service SbPF.Launcher n'a pas pu démarrer en raison de l'erreur :
%%193

Error - 2010-07-25 16:59:26 | Computer Name = PHILIPPE_ELO | Source = Service Control Manager | ID = 7000
Description = Le service Sunbelt Personal Firewall 4 n'a pas pu démarrer en raison
de l'erreur : %%193

Error - 2010-07-25 16:59:26 | Computer Name = PHILIPPE_ELO | Source = Service Control Manager | ID = 7000
Description = Le service CMC Thread Priority n'a pas pu démarrer en raison de l'erreur :
%%2

Error - 2010-07-25 16:59:26 | Computer Name = PHILIPPE_ELO | Source = Service Control Manager | ID = 7000
Description = Le service tmcomm n'a pas pu démarrer en raison de l'erreur : %%2

Error - 2010-07-25 17:12:30 | Computer Name = PHILIPPE_ELO | Source = Service Control Manager | ID = 7000
Description = Le service SbPF.Launcher n'a pas pu démarrer en raison de l'erreur :
%%2

Error - 2010-07-25 17:12:30 | Computer Name = PHILIPPE_ELO | Source = Service Control Manager | ID = 7000
Description = Le service CMC Thread Priority n'a pas pu démarrer en raison de l'erreur :
%%2

Error - 2010-07-25 17:12:30 | Computer Name = PHILIPPE_ELO | Source = Service Control Manager | ID = 7000
Description = Le service tmcomm n'a pas pu démarrer en raison de l'erreur : %%2


<End>


Bonne journée et merci encore pour ton aide

A+
genesis973
 
Messages: 36
Inscription: 21 Juil 2010, 10:03

Messagede nickW » 27 Juil 2010, 00:41

Bonsoir,


Il faudra réinstaller Kerio.


1/ Le programme TeaTimer avait été infecté et a été supprimé.

Recherche sur le disque dur s'il en existe une copie (pour le réinstaller):

Étape 1: SystemLook (de jpshortstuff)
Télécharger SystemLook depuis l'un des deux liens ci-dessous:
http://jpshortstuff.247fixes.com/SystemLook.exe
http://images.malwareremoval.com/jpshor ... emLook.exe
Enregistrer ce fichier sur le Bureau.


Étape 2: SystemLook (de jpshortstuff)
Faire un double clic sur SystemLook.exe pour lancer l'exécution de l'outil.

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C
Code: Tout sélectionner
:comment
:file
*teatimer*.*




Dans la petite fenêtre de SystemLook, faire un clic droit dans la zone blanche et choisir Coller.
Note: les lignes sélectionnées précédemment doivent avoir été recopiées dans la zone blanche de SystemLook - y compris le caractère "deux points" en début de première ligne.

Cliquer sur le bouton Look pour lancer la recherche.

Lorsque l'outil a terminé cette recherche, il y a ouverture d'une fenêtre du Bloc-notes.
Fermer le Bloc-notes.
Fermer SystemLook en cliquant sur le bouton Exit.



2/ Rechecrche des éléments du programme publicitaire SearchSettings


Étape 3: Toolbar-S&D (de la Team IDN), téléchargement
Télécharger Toolbar-S&D via un clic droit sur l'un des liens ci-dessous:
http://eric71.geekstogo.com/tools/ToolBarSD.exe
http://eric.71.mespages.googlepages.com/ToolBarSD.exe
Enregistrer le fichier sur le Bureau.


Étape 4: Désactivation des programmes de sécurité résidents
Désactiver le module résident de l'antivirus.
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"


Étape 5: Toolbar-S&D (de la Team IDN), option 1: Recherche
Faire un double clic sur ToolBarSD.exe situé sur le Bureau pour lancer l'exécution de l'outil.

Choisir la langue en tapant F puis en appuyant sur Entrée.
Lire l'avertissement, puis cliquer sur OK.

Après l'affichage du menu, taper 1 puis faire Entrée pour rechercher les fichiers responsables de l'infection.
Lorsque la recherche est terminée, une fenêtre du Bloc-notes s'ouvre et affiche le rapport (alias log).

Fermer le Bloc-notes, ce qui termine l'exécution de l'outil.

Note:
Si le Bureau ne réapparaît pas, ouvrir le Gestionnaire des tâches en utilisant simultanément les touches CTRL+ALT+SUPP.
Cliquer en haut sur le Menu Fichier et choisir Nouvelle tâche (Exécuter...).
Dans la nouvelle fenêtre Créer une nouvelle tâche qui s'est ouverte, dans la zone Ouvrir, taper exactement explorer puis cliquer sur le bouton OK. Le Bureau va réapparaître.


Étape 6: Réactivation des programmes de sécurité résidents
Important: Réactiver le module résident de l'antivirus.




Étape 7: Résultat
Envoyer en réponse:
*- le rapport de SystemLook (contenu du fichier SystemLook.txt situé sur le Bureau)
*- le rapport de ToolBar S&D (contenu du fichier SystemDrive\TB.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Report SystemLook

Messagede genesis973 » 27 Juil 2010, 00:57

Bonsoir



SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 01:51 on 27/07/2010 by Philippe (Administrator - Elevation successful)

========== file ==========

*teatimer*.* - Unable to find/read file.

-=End Of File=-
genesis973
 
Messages: 36
Inscription: 21 Juil 2010, 10:03

Report ToolBarSD

Messagede genesis973 » 27 Juil 2010, 01:02

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T2300 @ 1.66GHz )
BIOS : Default System BIOS
USER : Philippe ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Not Activated)
Firewall : Sunbelt Personal Firewall 4.6.1861 T (Activated)
C:\ (Local Disk) - FAT32 - Total:54 Go (Free:14 Go)
D:\ (Local Disk) - FAT32 - Total:36 Go (Free:36 Go)
E:\ (CD or DVD)
G:\ (USB)
J:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 2010-07-27| 1:55 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\Mozilla Firefox\extensions\searchsettings@spigot.com
C:\DOCUME~1\PHILIPPE\APPLIC~1\Search Settings
C:\DOCUME~1\PHILIPPE\APPLIC~1\Search Settings\kb130
C:\DOCUME~1\PHILIPPE\APPLIC~1\Search Settings\kb130\temp
C:\DOCUME~1\PHILIPPE\APPLIC~1\Search Settings\kb130\temp\ws-14811.log
C:\DOCUME~1\PHILIPPE\APPLIC~1\Search Settings\kb130\temp\ws-14814.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\FF
C:\Program Files\Search Settings\res
C:\Program Files\Search Settings\temp
C:\Program Files\Search Settings\SearchSettings.dll
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\SearchSettingsRes409.dll
C:\Program Files\Search Settings\FF\chrome
C:\Program Files\Search Settings\FF\install.rdf
C:\Program Files\Search Settings\FF\components
C:\Program Files\Search Settings\FF\chrome.manifest
C:\Program Files\Search Settings\FF\chrome\skin
C:\Program Files\Search Settings\FF\chrome\content
C:\Program Files\Search Settings\FF\chrome\locale
C:\Program Files\Search Settings\FF\chrome\content\plugin.js
C:\Program Files\Search Settings\FF\chrome\content\plugin.xul
C:\Program Files\Search Settings\FF\chrome\content\protection.js
C:\Program Files\Search Settings\FF\chrome\content\utils.js
C:\Program Files\Search Settings\FF\chrome\locale\en-US
C:\Program Files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
C:\Program Files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
C:\Program Files\Search Settings\FF\components\SearchSettingsFF.dll
C:\Program Files\Search Settings\FF\components\IFBHOSearch.xpt
C:\Program Files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
C:\Program Files\Search Settings\FF\components\IFHelperPreferences.xpt

-----------\\ Extensions

(Philippe) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Philippe) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
(Philippe) - {37E4D8EA-8BDA-4831-8EA1-89053939A250} => pdfdownload
(Philippe) - {1a2cd84f-2175-4ae8-bd60-ce0d04442b4f} => radio_france
(Philippe) - {71328583-3CA7-4809-B4BA-570A85818FBB} => cacheviewer
(Philippe) - {b055c535-4a3a-11db-9659-00e08161165f} => mediadicotoolbar
(Philippe) - {75493B06-1504-4976-9A55-B6FE240FF0BF} => barreconf
(Philippe) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(Philippe) - {c50ca3c4-5656-43c2-a061-13e717f73fc8} => fvd
(Philippe) - {ada4b710-8346-4b82-8199-5de2b400a6ae} => reminderfox
(Philippe) - {c45c406e-ab73-11d8-be73-000a95be3b12} => webdeveloper
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-eu
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-fr
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-nl
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-pt-BR
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-de
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-nn-NO
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ka
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ro
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-sl
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-sk
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-zh-CN
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ja
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-da
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ko
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-it
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-is
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-cs
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-es-AR
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-hu
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ca
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-nb-NO
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ja-JP-mac
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-pt-PT
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-pl
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-sv-SE
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ga-IE
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-es-ES
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ru
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-en-US
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-lt
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-uk
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-zh-TW
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider
(Philippe) - {a6a33690-2c6a-11d9-9669-0800200c9a66} => hotmail
(Philippe) - {ad7d8a66-253b-11dc-977c-000c29a3126e} => zindus
(Philippe) - {3c8e8390-2cf6-11d9-9669-0800200c9a66} => web-mail
(Philippe) - {571CFACF-0F7D-49b4-BD77-E6FC7B209ADC} => synckolab
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ca
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pt-PT
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-it
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-is
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-cs
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-es-AR
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sv-SE
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-hu
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ca
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nb-NO
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pl
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ga-IE
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-es-ES
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pt-PT
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-en-US
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ru
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sv-SE
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pl
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-zh-TW
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-lt
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ga-IE
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-uk
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-es-ES
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-en-US
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ru
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pt-BR
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-eu
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-fr
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nl
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-lt
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-zh-TW
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-uk
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nn-NO
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-de
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-eu
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-fr
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ka
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nl
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ro
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sl
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pt-BR
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sk
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-zh-CN
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-de
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nn-NO
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ka
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ro
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sl
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ja
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-da
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ko
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sk
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-it
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ja-JP-mac
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-zh-CN
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-es-AR
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-is
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-cs
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nb-NO
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ja
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-da
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ja-JP-mac
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ko
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-hu


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.orange.fr"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://home.microsoft.com/access/allinone.asp"
"SearchMigratedDefaultURL"="http://fr.gdark.com/search.php?cx=partner-pub-7902900401080901%3Ae94ctf-nqmg&cof=FORID%3A10&ie=UTF-8&q={searchTerms}"
"Search Bar"="http://g.msn.fr/0SEFRFR/SAOS02"
"Default_Search_URL"="http://fr.gdark.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://fr.gdark.com"
"Start Page"="http://fr.gdark.com"
"Search Bar"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"


--------------------\\ Recherche d'autres infections

--------------------\\ ROOTKIT !!

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\srosa]




1 - "C:\ToolBar SD\TB_1.txt" - 2010-07-27| 2:00 - Option : [1]

-----------\\ Fin du rapport a 2:00:03.40


Bonne ...nuit

A+
genesis973
 
Messages: 36
Inscription: 21 Juil 2010, 10:03

Messagede nickW » 28 Juil 2010, 00:41

Bonsoir,

1/ Je t'ai envoyé un MP (Message Privé)


2/ Suppression de Search Settings


Étape 1: Désactivation des programmes de sécurité résidents
Désactiver le module résident de l'antivirus.
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"


Étape 2: Toolbar-S&D (de la Team IDN) , option 2: Suppression

Impératif: Fermer toutes les fenêtres de navigateur (Internet Explorer, Firefox, Mozilla, Opera, etc).

Faire un double clic sur ToolBarSD.exe situé sur le Bureau pour lancer l'exécution de l'outil.

Choisir la langue en tapant F puis en appuyant sur Entrée.
Lire l'avertissement, puis cliquer sur OK.

Après l'affichage du menu, taper 2 puis faire Entrée pour supprimer les fichiers responsables de l'infection.

Ne pas fermer la fenêtre pendant la suppression des fichiers!

Lorsque la suppression est terminée, une fenêtre du Bloc-notes s'ouvre et affiche le rapport (alias log).

Fermer le Bloc-notes, ce qui termine l'exécution de l'outil.

Note:
Si le Bureau ne réapparaît pas, ouvrir le Gestionnaire des tâches en utilisant simultanément les touches CTRL+ALT+SUPP.
Cliquer en haut sur le Menu Fichier et choisir Nouvelle tâche (Exécuter...).
Dans la nouvelle fenêtre Créer une nouvelle tâche qui s'est ouverte, dans la zone Ouvrir, taper exactement explorer puis cliquer sur le bouton OK. Le Bureau va réapparaître.


Étape 3: Réactivation des programmes de sécurité résidents
Important: Réactiver le module résident de l'antivirus.


Étape 4: Résultats
Envoyer en réponse:
*- le rapport de Toolbar S&D (contenu du fichier SystemDrive\TB.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Report

Messagede genesis973 » 28 Juil 2010, 12:10

Bonjour,



-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T2300 @ 1.66GHz )
BIOS : Default System BIOS
USER : Philippe ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Not Activated)
Firewall : Sunbelt Personal Firewall 4.6.1861 T (Not Activated)
C:\ (Local Disk) - FAT32 - Total:54 Go (Free:14 Go)
D:\ (Local Disk) - FAT32 - Total:36 Go (Free:36 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (Local Disk) - FAT32 - Total:465 Go (Free:322 Go)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 2010-07-28|12:36 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\Mozilla Firefox\extensions\searchsettings@spigot.com
Supprime! - C:\DOCUME~1\PHILIPPE\APPLIC~1\Search Settings\kb130
Supprime! - C:\Program Files\Search Settings\FF
Supprime! - C:\Program Files\Search Settings\res
Supprime! - C:\Program Files\Search Settings\temp
Supprime! - C:\Program Files\Search Settings\SearchSettings.dll
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\Program Files\Search Settings\SearchSettingsRes409.dll
Supprime! - C:\DOCUME~1\PHILIPPE\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(Philippe) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Philippe) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
(Philippe) - {37E4D8EA-8BDA-4831-8EA1-89053939A250} => pdfdownload
(Philippe) - {1a2cd84f-2175-4ae8-bd60-ce0d04442b4f} => radio_france
(Philippe) - {71328583-3CA7-4809-B4BA-570A85818FBB} => cacheviewer
(Philippe) - {b055c535-4a3a-11db-9659-00e08161165f} => mediadicotoolbar
(Philippe) - {75493B06-1504-4976-9A55-B6FE240FF0BF} => barreconf
(Philippe) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(Philippe) - {c50ca3c4-5656-43c2-a061-13e717f73fc8} => fvd
(Philippe) - {ada4b710-8346-4b82-8199-5de2b400a6ae} => reminderfox
(Philippe) - {c45c406e-ab73-11d8-be73-000a95be3b12} => webdeveloper
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-eu
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-fr
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-nl
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-pt-BR
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-de
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-nn-NO
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ka
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ro
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-sl
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-sk
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-zh-CN
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ja
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-da
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ko
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-it
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-is
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-cs
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-es-AR
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-hu
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ca
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-nb-NO
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ja-JP-mac
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-pt-PT
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-pl
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-sv-SE
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ga-IE
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-es-ES
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-ru
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-en-US
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-lt
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-uk
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider-zh-TW
(Philippe) - {a62ef8ec-5fdc-40c2-873c-223b8a6925cc} => gdata-provider
(Philippe) - {a6a33690-2c6a-11d9-9669-0800200c9a66} => hotmail
(Philippe) - {ad7d8a66-253b-11dc-977c-000c29a3126e} => zindus
(Philippe) - {3c8e8390-2cf6-11d9-9669-0800200c9a66} => web-mail
(Philippe) - {571CFACF-0F7D-49b4-BD77-E6FC7B209ADC} => synckolab
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ca
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pt-PT
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-it
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-is
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-cs
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-es-AR
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sv-SE
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-hu
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ca
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nb-NO
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pl
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ga-IE
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-es-ES
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pt-PT
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-en-US
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ru
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sv-SE
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pl
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-zh-TW
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-lt
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ga-IE
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-uk
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-es-ES
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-en-US
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ru
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pt-BR
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-eu
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-fr
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nl
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-lt
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-zh-TW
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-uk
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nn-NO
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-de
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-eu
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-fr
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ka
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nl
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ro
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sl
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pt-BR
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sk
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-zh-CN
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-de
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nn-NO
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ka
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ro
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sl
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ja
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-da
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ko
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sk
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-it
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ja-JP-mac
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-zh-CN
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-es-AR
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-is
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-cs
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nb-NO
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ja
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-da
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ja-JP-mac
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ko
(Philippe) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-hu


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.orange.fr"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://home.microsoft.com/access/allinone.asp"
"SearchMigratedDefaultURL"="http://fr.gdark.com/search.php?cx=partner-pub-7902900401080901%3Ae94ctf-nqmg&cof=FORID%3A10&ie=UTF-8&q={searchTerms}"
"Search Bar"="http://g.msn.fr/0SEFRFR/SAOS02"
"Default_Search_URL"="http://fr.gdark.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://fr.gdark.com"
"Start Page"="http://www.msn.com/"
"Search Bar"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"


--------------------\\ Recherche d'autres infections

--------------------\\ ROOTKIT !!

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\srosa]




1 - "C:\ToolBar SD\TB_1.txt" - 2010-07-27| 2:00 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 2010-07-28|12:41 - Option : [2]

-----------\\ Fin du rapport a 12:41:06.62




Bonne journée

A+
genesis973
 
Messages: 36
Inscription: 21 Juil 2010, 10:03

Nouvelles difficultés

Messagede genesis973 » 28 Juil 2010, 18:39

Quelques nouveaux dysfonctionements sur l'ordinateur:
- à l'ouverture des dossiers placés sur le bureau (postes de travail, dossiers ...), message "Search Settings 1-2-3. Le composant que vous essayez d'installer se trouve sur un CD-ROM ou sur un lecteur amovible non-dispo".
- Après cancel sur les différentes fenêtres, le dossier s'ouvre.

Bonne soirée
genesis973
 
Messages: 36
Inscription: 21 Juil 2010, 10:03

Messagede nickW » 29 Juil 2010, 00:27

Bonsoir,

Recherche dans le Registre:
Note: cela peut prendre quelques minutes.

Étape 1: SystemLook (de jpshortstuff)
Faire un double clic sur SystemLook.exe pour lancer l'exécution de l'outil.

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C
Code: Tout sélectionner
:comment
:regfind
Search Settings
SearchSettings




Dans la petite fenêtre de SystemLook, faire un clic droit dans la zone blanche et choisir Coller.
Note: les lignes sélectionnées précédemment doivent avoir été recopiées dans la zone blanche de SystemLook - y compris le caractère "deux points" en début de première ligne.

Cliquer sur le bouton Look pour lancer la recherche.

Lorsque l'outil a terminé cette recherche, il y a ouverture d'une fenêtre du Bloc-notes.
Fermer le Bloc-notes.
Fermer SystemLook en cliquant sur le bouton Exit.


Étape 2: Résultat
Envoyer en réponse:
*- le rapport de SystemLook (contenu du fichier SystemLook.txt situé sur le Bureau)

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Rapport

Messagede genesis973 » 29 Juil 2010, 09:53

Bonsoir



SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 10:43 on 29/07/2010 by Philippe (Administrator - Elevation successful)

========== regfind ==========

Searching for "Search Settings "
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D82C50F59AED6DA47AA360145789E8BA]
"ProductName"="Search Settings v1.2.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D82C50F59AED6DA47AA360145789E8BA]
"ProductName"="Search Settings v1.2.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D82C50F59AED6DA47AA360145789E8BA]
"ProductName"="Search Settings v1.2.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D82C50F59AED6DA47AA360145789E8BA]
"ProductName"="Search Settings v1.2.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D82C50F59AED6DA47AA360145789E8BA]
"ProductName"="Search Settings v1.2.3"

Searching for "SearchSettings "
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
@="SearchSettings Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}\1.0]
@="SearchSettings 1.0 Type Library"

-=End Of File=-

Bonne soirée
A+
genesis973
 
Messages: 36
Inscription: 21 Juil 2010, 10:03

PrécédenteSuivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 31 invités

cron