[Clôturé] Demande d'analyse

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[Clôturé] Demande d'analyse

Messagede Flow » 17 Juil 2011, 15:59

Bonjour,

Je vous explique l'historique de l'ordinateur que j'essaie de réparer :

Il s'agit du PC portable de mon voisin, il est venu me trouver après avoir eu un virus qu'un de ses collègues à enlevé via une installation de Avast.

Avast ne détecte plus de virus, certes mais il est impossible de démarrer plusieurs services dont ceux permettant d'accéder à Internet, souci pricipal du voisin !

Hum ... oui ... dans le voisinage j'ai déjà installé / réparé pas mal des problèmes mineurs de connexion Internet ou de petits virus, trojan ou autres malwares alors j'ai une réputation et surtout je ne refuse jamais d'aider les gens ...

Bref, après des heures de recherches, je me tourne vers vous car je coince complètement, les soucis rencontrés dépassent mes compétences.

Avant toute chose, voici le descriptif du matériel concerné :

Acer Aspire 7730Z.
Intel Pentium Dual CPU T3200 2.00 Ghz
3.OO Go de RAM
Windows Vista Edition Familiale Premium (32 bits) SP1

Les services suivants sont sensés démarrer automatiquement mais ils présentent tous un message d'erreur :

Agent de stratégie IPsec : Erreur 1068 : Le service ou groupe de dépendance n'a pas pu démarrer.
Client DHCP : Erreur 5 : Accès refusé
Connaissance des emplacements réseaux : Erreur -1073741288
Horloge Windows : Erreur 5
Module de génération des clés IKE et AuthIP : Erreur 1068
Moteur de filtrage de base : Erreur 5
Pare-feu Windows : Erreur 1068
Service de stratégie de diagnostic : Erreur 5
Service initiateur iSCSI de Microsoft : Erreur 2 : Le fichier spécifié est introuvable
Service liste des réseaux : Erreur 1068
Windows Search : Erreur -21472118141

Notez que, n'ayant pas Internet, il n'y a pas eu de mise à jour de Malwarebytes après installation. La base de donnée étant signalée comme dépassée de 10 jours.
Dans l'absolu, ça ne me gène pas beaucoup car le problème en question existe depuis plus longtemps.

Malwarebytes' Anti-Malware 1.51.1.1800
http://www.malwarebytes.org

Version de la base de données: 7035

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

17/07/2011 16:08:48
mbam-log-2011-07-17 (16-08-48).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 176054
Temps écoulé: 5 minute(s), 16 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Flow
 
Messages: 10
Inscription: 17 Juil 2011, 15:31

Re: Demande d'analyse

Messagede Flow » 17 Juil 2011, 16:02

OTL logfile created on: 17/07/2011 17:16:08 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Administrateur\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

2,93 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 58,34% Memory free
6,07 Gb Paging File | 4,89 Gb Available in Paging File | 80,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 62,90 Gb Free Space | 56,45% Space Free | Partition Type: NTFS
Drive D: | 111,44 Gb Total Space | 111,34 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
Drive F: | 246,00 Mb Total Space | 234,30 Mb Free Space | 95,25% Space Free | Partition Type: FAT32

Computer Name: PC-DE-FRÉDÉRIC | User Name: Administrateur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/17 15:31:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Administrateur\Desktop\OTL.exe
PRC - [2011/07/17 14:07:10 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\ADMINI~1\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/02 04:51:00 | 000,821,768 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2008/06/11 11:22:16 | 000,409,600 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/05/29 18:44:22 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008/05/14 18:05:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/05/12 18:28:04 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008/04/28 09:35:36 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008/04/15 18:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/03/21 14:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/03/18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/01/21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/06 17:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007/10/23 11:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Modules (SafeList) ==========

MOD - [2011/07/17 15:31:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Administrateur\Desktop\OTL.exe
MOD - [2011/05/10 14:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2011/05/10 14:10:48 | 000,122,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\ashShell.dll
MOD - [2010/09/20 11:25:01 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2010/08/31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2008/06/11 11:21:46 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2008/05/14 18:05:12 | 000,240,176 | ---- | M] (Egis Incorporated.) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
MOD - [2008/05/14 18:05:06 | 000,121,392 | ---- | M] (Egis Inc.) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
MOD - [2008/01/21 04:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008/01/21 04:23:54 | 000,798,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2008/03/21 14:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/12/06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 13:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/05/10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/04/21 05:07:00 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/03/21 11:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/02/29 09:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/21 04:23:26 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_7730z
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_7730z


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1333937551-2158748160-1229668018-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_7730z
IE - HKU\S-1-5-21-1333937551-2158748160-1229668018-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-1333937551-2158748160-1229668018-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1333937551-2158748160-1229668018-500\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-1333937551-2158748160-1229668018-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_7730z
IE - HKU\S-1-5-21-1333937551-2158748160-1229668018-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1333937551-2158748160-1229668018-500..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKU\S-1-5-21-1333937551-2158748160-1229668018-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1333937551-2158748160-1229668018-500\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1333937551-2158748160-1229668018-500\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://colruyt.fujiprint.be/Colruyt/Use ... oader5.cab (Image Uploader Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL) - C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011/07/17 15:52:09 | 000,000,000 | ---D | C] -- C:\Users\Administrateur\AppData\Roaming\Malwarebytes
[2011/07/17 15:49:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/17 15:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/07/17 15:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/07/17 15:41:06 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/17 15:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/17 15:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/17 15:41:01 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/17 15:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/17 15:40:10 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Administrateur\Desktop\erunt-setup.exe
[2011/07/17 15:40:10 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Administrateur\Desktop\OTL.exe
[2011/07/17 15:40:09 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Administrateur\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/17 14:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/17 14:54:18 | 000,000,000 | ---D | C] -- C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/07/17 14:07:18 | 000,000,000 | ---D | C] -- C:\Users\Administrateur\Documents\Mes Google Gadgets
[2011/07/17 14:07:15 | 000,000,000 | ---D | C] -- C:\Users\Administrateur\AppData\Local\Google
[2011/07/17 14:07:10 | 000,000,000 | ---D | C] -- C:\Users\Administrateur\AppData\Local\PowerCinema
[2011/07/17 14:07:10 | 000,000,000 | ---D | C] -- C:\Users\Administrateur\AppData\Roaming\Macromedia
[2011/07/17 14:07:09 | 000,000,000 | ---D | C] -- C:\Users\Administrateur\AppData\Local\PlayMovie
[2011/07/17 14:06:59 | 000,000,000 | R--D | C] -- C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/07/17 14:06:59 | 000,000,000 | R--D | C] -- C:\Users\Administrateur\Searches
[2011/07/17 14:06:59 | 000,000,000 | R--D | C] -- C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/07/17 14:06:51 | 000,000,000 | ---D | C] -- C:\Users\Administrateur\AppData\Roaming\Identities
[2011/07/17 14:06:49 | 000,000,000 | R--D | C] -- C:\Users\Administrateur\Contacts
[2011/07/17 14:06:41 | 000,000,000 | --SD | C] -- C:\Users\Administrateur\AppData\Roaming\Microsoft
[2011/07/17 14:06:41 | 000,000,000 | R--D | C] -- C:\Users\Administrateur\Videos
[2011/07/17 14:06:41 | 000,000,000 | R--D | C] -- C:\Users\Administrateur\Saved Games
[2011/07/17 14:06:41 | 000,000,000 | R--D | C] -- C:\Users\Administrateur\Pictures
[2011/07/17 14:06:41 | 000,000,000 | R--D | C] -- C:\Users\Administrateur\Music
[2011/07/17 14:06:41 | 000,000,000 | R--D | C] -- C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/07/17 14:06:41 | 000,000,000 | R--D | C] -- C:\Users\Administrateur\Links
[2011/07/17 14:06:41 | 000,000,000 | R--D | C] -- C:\Users\Administrateur\Favorites
[2011/07/17 14:06:41 | 000,000,000 | R--D | C] -- C:\Users\Administrateur\Downloads
[2011/07/17 14:06:41 | 000,000,000 | R--D | C] -- C:\Users\Administrateur\Documents
[2011/07/17 14:06:41 | 000,000,000 | R--D | C] -- C:\Users\Administrateur\Desktop
[2011/07/17 14:06:41 | 000,000,000 | R--D | C] -- C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/07/17 14:06:41 | 000,000,000 | -HSD | C] -- C:\Users\Administrateur\Voisinage réseau
[2011/07/17 14:06:41 | 000,000,000 | -HSD | C] -- C:\Users\Administrateur\Voisinage d'impression
[2011/07/17 14:06:41 | 000,000,000 | -HSD | C] -- C:\Users\Administrateur\AppData\Local\Temporary Internet Files
[2011/07/17 14:06:41 | 000,000,000 | -HSD | C] -- C:\Users\Administrateur\SendTo
[2011/07/17 14:06:41 | 000,000,000 | -HSD | C] -- C:\Users\Administrateur\Recent
[2011/07/17 14:06:41 | 000,000,000 | -HSD | C] -- C:\Users\Administrateur\Modèles
[2011/07/17 14:06:41 | 000,000,000 | -HSD | C] -- C:\Users\Administrateur\Documents\Mes vidéos
[2011/07/17 14:06:41 | 000,000,000 | -HSD | C] -- C:\Users\Administrateur\Documents\Mes images
[2011/07/17 14:06:41 | 000,000,000 | -HSD | C] -- C:\Users\Administrateur\Mes documents
[2011/07/17 14:06:41 | 000,000,000 | -HSD | C] -- C:\Users\Administrateur\Menu Démarrer
[2011/07/17 14:06:41 | 000,000,000 | -HSD | C] -- C:\Users\Administrateur\Documents\Ma musique
[2011/07/17 14:06:41 | 000,000,000 | -HSD | C] -- C:\Users\Administrateur\Local Settings
[2011/07/17 14:06:41 | 000,000,000 | -HSD | C] -- C:\Users\Administrateur\AppData\Local\Historique
[2011/07/17 14:06:41 | 000,000,000 | -HSD | C] -- C:\Users\Administrateur\Cookies
[2011/07/17 14:06:41 | 000,000,000 | -HSD | C] -- C:\Users\Administrateur\Application Data
[2011/07/17 14:06:41 | 000,000,000 | -HSD | C] -- C:\Users\Administrateur\AppData\Local\Application Data
[2011/07/17 14:06:41 | 000,000,000 | -H-D | C] -- C:\Users\Administrateur\AppData
[2011/07/17 14:06:41 | 000,000,000 | ---D | C] -- C:\Users\Administrateur\AppData\Local\Temp
[2011/07/17 14:06:41 | 000,000,000 | ---D | C] -- C:\Users\Administrateur\AppData\Local\Microsoft Help
[2011/07/17 14:06:41 | 000,000,000 | ---D | C] -- C:\Users\Administrateur\AppData\Local\Microsoft
[2011/07/17 14:06:41 | 000,000,000 | ---D | C] -- C:\Users\Administrateur\AppData\Roaming\Media Center Programs
[2011/07/17 14:06:41 | 000,000,000 | ---D | C] -- C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector
[2011/07/17 14:06:41 | 000,000,000 | ---D | C] -- C:\Users\Administrateur\AppData\Roaming\Acer GameZone Console
[2011/07/06 11:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/07/06 11:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/04 21:16:34 | 000,000,000 | -HSD | C] -- C:\found.000
[2008/07/22 10:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011/07/17 17:19:18 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/07/17 16:57:12 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/17 16:43:19 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/17 16:43:19 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/17 15:43:33 | 000,000,737 | ---- | M] () -- C:\Users\Administrateur\Desktop\NTREGOPT.lnk
[2011/07/17 15:43:33 | 000,000,718 | ---- | M] () -- C:\Users\Administrateur\Desktop\ERUNT.lnk
[2011/07/17 15:41:06 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/17 15:38:22 | 000,005,024 | ---- | M] () -- C:\Users\Administrateur\Desktop\erunt-loc_fr.zip
[2011/07/17 15:37:48 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Administrateur\Desktop\erunt-setup.exe
[2011/07/17 15:34:12 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Administrateur\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/17 15:31:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Administrateur\Desktop\OTL.exe
[2011/07/17 14:54:58 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/07/17 14:54:58 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/17 14:54:58 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/07/17 14:54:58 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/17 14:54:29 | 000,002,541 | ---- | M] () -- C:\Users\Administrateur\Desktop\HiJackThis.lnk
[2011/07/17 14:50:36 | 001,402,880 | ---- | M] () -- C:\Users\Administrateur\Documents\HiJackThis.msi
[2011/07/17 14:50:36 | 001,402,880 | ---- | M] () -- C:\Users\Administrateur\Desktop\HiJackThis.msi
[2011/07/17 14:43:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/07/17 14:43:28 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/17 14:43:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/17 14:42:37 | 3146,641,408 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/10 13:38:59 | 196,444,176 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/07 22:35:46 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/06 11:23:36 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/05 21:20:21 | 000,009,216 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2011/07/01 21:58:33 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/07/01 21:58:33 | 000,001,959 | ---- | M] () -- C:\Users\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2011/07/17 17:19:18 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/07/17 15:43:33 | 000,000,737 | ---- | C] () -- C:\Users\Administrateur\Desktop\NTREGOPT.lnk
[2011/07/17 15:43:33 | 000,000,718 | ---- | C] () -- C:\Users\Administrateur\Desktop\ERUNT.lnk
[2011/07/17 15:41:06 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/17 15:40:10 | 001,402,880 | ---- | C] () -- C:\Users\Administrateur\Desktop\HiJackThis.msi
[2011/07/17 15:40:10 | 000,005,024 | ---- | C] () -- C:\Users\Administrateur\Desktop\erunt-loc_fr.zip
[2011/07/17 14:54:18 | 000,002,541 | ---- | C] () -- C:\Users\Administrateur\Desktop\HiJackThis.lnk
[2011/07/17 14:53:50 | 001,402,880 | ---- | C] () -- C:\Users\Administrateur\Documents\HiJackThis.msi
[2011/07/17 14:07:01 | 000,000,953 | ---- | C] () -- C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/07/17 14:06:58 | 000,000,948 | ---- | C] () -- C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/07/17 14:06:48 | 000,000,919 | ---- | C] () -- C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/07/17 14:06:41 | 000,001,959 | ---- | C] () -- C:\Users\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/17 14:06:41 | 000,001,850 | ---- | C] () -- C:\Users\Administrateur\Desktop\Cyberlink PowerDirector.lnk
[2011/07/17 14:06:41 | 000,000,258 | ---- | C] () -- C:\Users\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/07/17 14:06:41 | 000,000,240 | ---- | C] () -- C:\Users\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/07/17 14:03:29 | 3146,641,408 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/07 22:35:46 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/07/06 11:23:36 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2009/11/21 12:52:01 | 000,091,475 | ---- | C] () -- C:\Windows\hpiins01.dat.temp
[2009/11/21 12:52:01 | 000,000,000 | ---- | C] () -- C:\Windows\hpimdl01.dat.temp
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/19 11:43:43 | 000,148,416 | ---- | C] () -- C:\Windows\hpiins06.dat
[2009/07/19 11:43:43 | 000,000,000 | ---- | C] () -- C:\Windows\hpimdl06.dat
[2009/03/30 21:18:54 | 003,415,584 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/03/30 21:18:54 | 000,712,736 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox2.dat
[2009/02/07 14:45:10 | 000,002,339 | ---- | C] () -- C:\Windows\disney.ini
[2009/02/03 21:40:54 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/01/31 22:19:54 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/01/31 22:19:54 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009/01/31 22:19:54 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009/01/31 22:09:48 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/01/31 22:09:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/02 09:09:31 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/09/02 09:09:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008/09/02 09:09:28 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/09/02 09:09:27 | 000,495,376 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/02/05 16:47:42 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/02/05 08:56:33 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/02/05 08:56:33 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/02/05 08:37:04 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/02/05 08:33:12 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/02/05 08:26:34 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/02/05 08:26:34 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/02/05 08:26:34 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/02/05 08:26:34 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/01/21 10:40:50 | 000,679,042 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2008/01/21 10:40:50 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2008/01/21 10:40:50 | 000,126,626 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2008/01/21 10:40:50 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:47:37 | 000,382,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/11/23 01:51:22 | 000,000,000 | ---- | C] () -- C:\Windows\hpimdl01.dat
[2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008/02/05 08:54:22 | 000,000,000 | ---D | M] -- C:\Users\Administrateur\AppData\Roaming\Acer GameZone Console
[2008/02/05 08:54:22 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008/02/05 08:54:22 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2009/10/13 18:46:49 | 000,000,000 | -HSD | M] -- C:\Users\Frédéric\AppData\Roaming\.#
[2008/02/05 08:54:22 | 000,000,000 | ---D | M] -- C:\Users\Frédéric\AppData\Roaming\Acer GameZone Console
[2009/10/13 18:46:06 | 000,000,000 | ---D | M] -- C:\Users\Frédéric\AppData\Roaming\eSobi
[2011/07/17 14:41:53 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CTFMON.EXE >
[2006/11/02 11:45:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=22BFD03DF51065A9ED8D17F8FB72296B -- C:\Windows\System32\ctfmon.exe
[2006/11/02 11:45:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=22BFD03DF51065A9ED8D17F8FB72296B -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe

< MD5 for: EVENTLOG.DLL >
[2007/01/12 23:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\Cyberlink\PowerDirector\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTOR.SYS >
[2008/04/15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WININIT.EXE >
[2008/01/21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >
Flow
 
Messages: 10
Inscription: 17 Juil 2011, 15:31

Re: Demande d'analyse

Messagede Flow » 17 Juil 2011, 16:51

OTL Extras logfile created on: 17/07/2011 17:16:08 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Administrateur\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

2,93 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 58,34% Memory free
6,07 Gb Paging File | 4,89 Gb Available in Paging File | 80,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 62,90 Gb Free Space | 56,45% Space Free | Partition Type: NTFS
Drive D: | 111,44 Gb Total Space | 111,34 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
Drive F: | 246,00 Mb Total Space | 234,30 Mb Free Space | 95,25% Space Free | Partition Type: FAT32

Computer Name: PC-DE-FRÉDÉRIC | User Name: Administrateur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4BF9EA-847E-44FB-A728-C456116E6CEF}" = InstantShareDevicesMFC
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{452622B2-CFF1-4373-B773-141FC10A2AB6}" = hpicamDrvQFolder
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9030040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9113040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA057FD9-0CFC-47e4-8AB4-E0F7EC85631D}" = HP Appareils photos Photosmart 9.0
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD961214-93C9-44FE-9A38-BBE647E98AE9}" = CameraReadme
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DEF9CA03-7317-4a01-8111-06996235128E}" = CameraDrivers
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Disney Panique à Mickeyville" = Disney Panique à Mickeyville
"Disney Winnie l’Ourson La Chasse au Miel de Tigrou" = Jouer à Disney Winnie l’Ourson La Chasse au Miel de Tigrou
"EcoKeno Shareware_is1" = Ecokeno
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Outil de mise à jour Google
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"SynTPDeinstKey" = Synaptics Pointing Device Driver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19/04/2010 15:07:25 | Computer Name = PC-de-Frédéric | Source = WinMgmt | ID = 10
Description =

Error - 21/04/2010 14:53:42 | Computer Name = PC-de-Frédéric | Source = WinMgmt | ID = 10
Description =

Error - 21/04/2010 14:56:33 | Computer Name = PC-de-Frédéric | Source = Application Error | ID = 1000
Description = Application défaillante WUDFHost.exe, version 6.0.6001.18000, horodatage
0x47919032, module défaillant HpiCamWpd03.dll_unloaded, version 0.0.0.0, horodatage
0x45ec9607, code d’exception 0xc0000005, décalage d’erreur 0x68de40a9, ID du processus
0x1670, heure de début de l’application 0x01cae1845b698ec2.

Error - 23/04/2010 15:40:37 | Computer Name = PC-de-Frédéric | Source = WinMgmt | ID = 10
Description =

Error - 24/04/2010 15:37:58 | Computer Name = PC-de-Frédéric | Source = WinMgmt | ID = 10
Description =

Error - 27/04/2010 14:47:19 | Computer Name = PC-de-Frédéric | Source = WinMgmt | ID = 10
Description =

Error - 27/04/2010 15:53:41 | Computer Name = PC-de-Frédéric | Source = WinMgmt | ID = 10
Description =

Error - 27/04/2010 15:58:25 | Computer Name = PC-de-Frédéric | Source = Application Error | ID = 1000
Description = Application défaillante WUDFHost.exe, version 6.0.6001.18000, horodatage
0x47919032, module défaillant unknown, version 0.0.0.0, horodatage 0x00000000,
code d’exception 0xc0000005, décalage d’erreur 0x66fa40a9, ID du processus 0x1238,
heure de début de l’application 0x01cae643fe12e950.

Error - 28/04/2010 12:52:29 | Computer Name = PC-de-Frédéric | Source = WinMgmt | ID = 10
Description =

Error - 28/04/2010 15:08:58 | Computer Name = PC-de-Frédéric | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 6/07/2011 14:12:19 | Computer Name = PC-DE-FRÉDÉRIC | Source = Service Control Manager | ID = 7001
Description =

Error - 6/07/2011 14:12:20 | Computer Name = PC-DE-FRÉDÉRIC | Source = Service Control Manager | ID = 7024
Description =

Error - 6/07/2011 14:12:25 | Computer Name = PC-DE-FRÉDÉRIC | Source = Service Control Manager | ID = 7001
Description =

Error - 6/07/2011 14:12:26 | Computer Name = PC-DE-FRÉDÉRIC | Source = Service Control Manager | ID = 7024
Description =

Error - 6/07/2011 14:12:31 | Computer Name = PC-DE-FRÉDÉRIC | Source = Service Control Manager | ID = 7001
Description =

Error - 6/07/2011 14:12:31 | Computer Name = PC-DE-FRÉDÉRIC | Source = Service Control Manager | ID = 7024
Description =

Error - 6/07/2011 14:12:37 | Computer Name = PC-DE-FRÉDÉRIC | Source = Service Control Manager | ID = 7001
Description =

Error - 6/07/2011 14:12:37 | Computer Name = PC-DE-FRÉDÉRIC | Source = Service Control Manager | ID = 7024
Description =

Error - 6/07/2011 14:12:43 | Computer Name = PC-DE-FRÉDÉRIC | Source = Service Control Manager | ID = 7001
Description =

Error - 6/07/2011 14:12:43 | Computer Name = PC-DE-FRÉDÉRIC | Source = Service Control Manager | ID = 7024
Description =


< End of report >
Flow
 
Messages: 10
Inscription: 17 Juil 2011, 15:31

Re: Demande d'analyse

Messagede Flow » 17 Juil 2011, 16:53

Voilà les données, j'espère que c'est complet et que vous pourrez m'aider.
Flow
 
Messages: 10
Inscription: 17 Juil 2011, 15:31

Re: Demande d'analyse

Messagede nickW » 17 Juil 2011, 23:59

Bonsoir,

1/ Quel était le nom du nuisible éliminé par avast!?


2/ Peux-tu exporter une clé du Registre et envoyer le résultat sur le forum:

Appuyer simultanément sur les touches Windows et R, ce qui va ouvrir la boîte de dialogue Exécuter

Faire un copier coller de la ligne ci-dessous puis appuyer sur la touche Entrée

regedit /e "%userprofile%\Bureau\servi.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost"


Note: S'il y a avertissement de l'UAC, il faut Autoriser.


Envoyer en réponse le contenu du fichier servi.txt situé sur le Bureau.


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: Demande d'analyse

Messagede Flow » 18 Juil 2011, 20:33

Arf ... je n'ai pas le nom du nuisible enlevé par Avast et à voir l'historique, je me demande s'il y en a bien eu un car il n'y a aucun nuisible détecté depuis le 6/6, date d'installation de Avast. C'est vrai que j'aurai dû y regarder plus tôt mais je me suis uniquement basé sur le récit du voisin et à voir les problèmes présents, je n'ai pas réfléchit plus loin. Est-ce vraiment l'action d'un virus ou d'une maladresse finalement ? J'ai peut-être fait fausse route.

Voici le contenu du fichier que vous avez demandé.


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"LocalService"=hex(7):6e,00,73,00,69,00,00,00,6c,00,6c,00,74,00,64,00,73,00,76,\
00,63,00,00,00,53,00,53,00,44,00,50,00,53,00,52,00,56,00,00,00,75,00,70,00,\
6e,00,70,00,68,00,6f,00,73,00,74,00,00,00,53,00,43,00,61,00,72,00,64,00,53,\
00,76,00,72,00,00,00,77,00,33,00,32,00,74,00,69,00,6d,00,65,00,00,00,45,00,\
76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,52,00,65,\
00,6d,00,6f,00,74,00,65,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,00,\
00,00,57,00,69,00,6e,00,48,00,74,00,74,00,70,00,41,00,75,00,74,00,6f,00,50,\
00,72,00,6f,00,78,00,79,00,53,00,76,00,63,00,00,00,6c,00,61,00,6e,00,6d,00,\
61,00,6e,00,77,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,\
00,00,00,54,00,42,00,53,00,00,00,53,00,4c,00,55,00,49,00,4e,00,6f,00,74,00,\
69,00,66,00,79,00,00,00,54,00,48,00,52,00,45,00,41,00,44,00,4f,00,52,00,44,\
00,45,00,52,00,00,00,66,00,64,00,72,00,65,00,73,00,70,00,75,00,62,00,00,00,\
6e,00,65,00,74,00,70,00,72,00,6f,00,66,00,6d,00,00,00,66,00,64,00,70,00,68,\
00,6f,00,73,00,74,00,00,00,77,00,63,00,6e,00,63,00,73,00,76,00,63,00,00,00,\
51,00,57,00,41,00,56,00,45,00,00,00,4d,00,63,00,78,00,32,00,53,00,76,00,63,\
00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,53,00,\
73,00,74,00,70,00,53,00,76,00,63,00,00,00,00,00
"LocalSystemNetworkRestricted"=hex(7):68,00,69,00,64,00,73,00,65,00,72,00,76,\
00,00,00,55,00,78,00,53,00,6d,00,73,00,00,00,57,00,64,00,69,00,53,00,79,00,\
73,00,74,00,65,00,6d,00,48,00,6f,00,73,00,74,00,00,00,4e,00,65,00,74,00,6d,\
00,61,00,6e,00,00,00,74,00,72,00,6b,00,77,00,6b,00,73,00,00,00,41,00,75,00,\
64,00,69,00,6f,00,45,00,6e,00,64,00,70,00,6f,00,69,00,6e,00,74,00,42,00,75,\
00,69,00,6c,00,64,00,65,00,72,00,00,00,57,00,55,00,44,00,46,00,53,00,76,00,\
63,00,00,00,69,00,72,00,6d,00,6f,00,6e,00,00,00,73,00,79,00,73,00,6d,00,61,\
00,69,00,6e,00,00,00,49,00,50,00,42,00,75,00,73,00,45,00,6e,00,75,00,6d,00,\
00,00,64,00,6f,00,74,00,33,00,73,00,76,00,63,00,00,00,50,00,63,00,61,00,53,\
00,76,00,63,00,00,00,45,00,4d,00,44,00,4d,00,67,00,6d,00,74,00,00,00,54,00,\
61,00,62,00,6c,00,65,00,74,00,49,00,6e,00,70,00,75,00,74,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,00,00,77,00,6c,00,61,00,6e,00,73,00,76,00,63,00,\
00,00,57,00,50,00,44,00,42,00,75,00,73,00,45,00,6e,00,75,00,6d,00,00,00,00,\
00
"NetworkServiceNetworkRestricted"=hex(7):50,00,6f,00,6c,00,69,00,63,00,79,00,\
41,00,67,00,65,00,6e,00,74,00,00,00,00,00
"LocalServiceNoNetwork"=hex(7):50,00,4c,00,41,00,00,00,44,00,50,00,53,00,00,00,\
42,00,46,00,45,00,00,00,6d,00,70,00,73,00,73,00,76,00,63,00,00,00,65,00,68,\
00,73,00,74,00,61,00,72,00,74,00,00,00,00,00
"NetworkService"=hex(7):43,00,72,00,79,00,70,00,74,00,53,00,76,00,63,00,00,00,\
44,00,48,00,43,00,50,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,\
00,69,00,63,00,65,00,00,00,4b,00,74,00,6d,00,52,00,6d,00,00,00,44,00,4e,00,\
53,00,43,00,61,00,63,00,68,00,65,00,00,00,4e,00,61,00,70,00,41,00,67,00,65,\
00,6e,00,74,00,00,00,6e,00,6c,00,61,00,73,00,76,00,63,00,00,00,57,00,69,00,\
6e,00,52,00,4d,00,00,00,57,00,45,00,43,00,53,00,56,00,43,00,00,00,54,00,61,\
00,70,00,69,00,73,00,72,00,76,00,00,00,00,00
"termsvcs"=hex(7):54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,00,00,00,00
"WerSvcGroup"=hex(7):77,00,65,00,72,00,73,00,76,00,63,00,00,00,00,00
"netsvcs"=hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,\
63,00,00,00,77,00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,\
00,72,00,74,00,00,00,54,00,68,00,65,00,6d,00,65,00,73,00,00,00,43,00,65,00,\
72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,00,00,00,53,00,43,00,50,\
00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,00,00,6c,00,61,00,6e,00,\
6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,00,00,00,67,00,70,00,73,\
00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,54,00,00,00,41,00,75,00,\
64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,00,73,00,74,00,55,00,73,\
00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,69,00,6e,00,67,00,43,00,\
6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,00,\
00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,6e,00,00,00,4e,00,6c,00,\
61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,00,00,4e,00,57,00,43,\
00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,\
4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,\
00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,\
00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,\
00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,\
61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,\
00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,\
57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,00,\
00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,\
77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,00,42,00,49,00,54,00,53,\
00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,\
63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,6f,00,67,00,6f,00,6e,00,48,00,6f,\
00,75,00,72,00,73,00,00,00,50,00,43,00,41,00,75,00,64,00,69,00,74,00,00,00,\
68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,00,70,00,6c,00,6f,00,61,\
00,64,00,6d,00,67,00,72,00,00,00,69,00,70,00,68,00,6c,00,70,00,73,00,76,00,\
63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,41,00,70,\
00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,00,73,00,69,00,73,00,63,00,73,00,\
69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,50,00,72,00,6f,00,66,00,53,\
00,76,00,63,00,00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,77,00,\
69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,73,00,63,00,68,00,65,00,64,00,75,\
00,6c,00,65,00,00,00,53,00,65,00,73,00,73,00,69,00,6f,00,6e,00,45,00,6e,00,\
76,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,68,00,6b,00,6d,\
00,73,00,76,00,63,00,00,00,00,00
"swprv"=hex(7):73,00,77,00,70,00,72,00,76,00,00,00,00,00
"LocalServiceNetworkRestricted"=hex(7):44,00,48,00,43,00,50,00,00,00,65,00,76,\
00,65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,41,00,75,00,64,00,69,00,6f,00,\
53,00,72,00,76,00,00,00,4c,00,6d,00,48,00,6f,00,73,00,74,00,73,00,00,00,77,\
00,73,00,63,00,73,00,76,00,63,00,00,00,70,00,32,00,70,00,69,00,6d,00,73,00,\
76,00,63,00,00,00,50,00,4e,00,52,00,50,00,53,00,76,00,63,00,00,00,70,00,32,\
00,70,00,73,00,76,00,63,00,00,00,57,00,50,00,43,00,53,00,76,00,63,00,00,00,\
50,00,6e,00,72,00,70,00,41,00,75,00,74,00,6f,00,52,00,65,00,67,00,00,00,00,\
00
"rpcss"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"regsvc"=hex(7):52,00,65,00,6d,00,6f,00,74,00,65,00,52,00,65,00,67,00,69,00,73,\
00,74,00,72,00,79,00,00,00,00,00
"wcssvc"=hex(7):57,00,63,00,73,00,50,00,6c,00,75,00,67,00,49,00,6e,00,53,00,65,\
00,72,00,76,00,69,00,63,00,65,00,00,00,00,00
"DcomLaunch"=hex(7):50,00,6c,00,75,00,67,00,50,00,6c,00,61,00,79,00,00,00,44,\
00,63,00,6f,00,6d,00,4c,00,61,00,75,00,6e,00,63,00,68,00,00,00,00,00
"wdisvc"=hex(7):57,00,64,00,69,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,48,\
00,6f,00,73,00,74,00,00,00,00,00
"sdrsvc"=hex(7):73,00,64,00,72,00,73,00,76,00,63,00,00,00,00,00
"imgsvc"=hex(7):53,00,74,00,69,00,53,00,76,00,63,00,00,00,00,00
"secsvcs"=hex(7):57,00,69,00,6e,00,44,00,65,00,66,00,65,00,6e,00,64,00,00,00,\
00,00
"hpdevmgmt"=hex(7):68,00,70,00,71,00,63,00,78,00,73,00,30,00,38,00,00,00,68,00,\
70,00,71,00,64,00,64,00,73,00,76,00,63,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService]
"AuthenticationCapabilities"=dword:00002000
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted]
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkService]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:0000001c

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\SDRSVC]
"CoInitializeSecurityParam"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\swprv]
"CoInitializeSecurityParam"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\termsvcs]
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\wcssvc]
"CoInitializeSecurityParam"=dword:00000001
"CoInitializeSecurityAppID"="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\wercplsupport]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001
Flow
 
Messages: 10
Inscription: 17 Juil 2011, 15:31

Re: Demande d'analyse

Messagede nickW » 21 Juil 2011, 01:05

Bonsoir,

Liste des autorisations sur clé de Registre.


Étape 1: SubInACL (de Microsoft), téléchargement et installation
Télécharger le programme Microsoft SubInACL
http://www.microsoft.com/download/en/de ... n&id=23510
(cliquer sur le bouton Download)

Faire clic droit sur le programme téléchargé subinacl.msi puis choisir Exécuter en tant qu'Administrateur pour lancer l'installation.
Ne pas modifier le dossier dans lequel le programme sera installé, et accepter la licence.


Étape 2: SubInACL (de Microsoft), exécution
Ouvrir une fenêtre "Invite de commandes"

Démarrer---->Exécuter, taper cmd puis utiliser la combinaison de touches: CTRL + MAJ + ENTREE (ce qui lance l'Invite de Commandes en mode Administrateur).

Sélectionner la totalité de la ligne ci dessous (dans la zone blanche située sous "Code:")
Note: ne pas utiliser l'option TOUT SÉLECTIONNER !

Code: Tout sélectionner
"C:\Program Files\Windows Resource Kits\Tools\Subinacl.exe" /noverbose /outputlog=C:\Subinacl1.txt /errorlog=C:\Subinacl2.txt /subkeyreg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services /display


faire un clic droit de souris et choisir Copier

Aller dans la fenêtre "Invite de commandes" (à fond noir), faire un clic droit et choisir Coller (Note: le contenu de la ligne ci-dessus doit avoir été copié), puis appuyer sur Entrée

Attendre que deux lignes ("Elapsed Time" et "Done") s'affichent, puis taper exit et appuyer sur Entrée (ce qui va fermer la fenêtre à fond noir).


Étape 3: SubInACL (de Microsoft), résultat
Mettre les deux fichiers C:\Subinacl1.txt et C:\Subinacl2.txt dans une archive nommée Flow-110720.zip et les déposer sur un serveur externe (afin que je puisse les récupérer):

*- Aller sur: https://www.yousendit.com/
(Javascript doit être activé)
*- Dans les zones To et From, saisir n'importe quoi avec un @ dedans (Exemples: abc@def.com et abcdef@def.com)
*- Cliquer sur le bouton Select a file, puis dans la fenêtre "Choix des fichiers à transférer..." aller jusqu'au fichier Flow-110720.zip - faire un double clic sur ce fichier
*- Cliquer sur le bouton vert "Send It"
*- Attendre la fin du transfert du fichier
*- Si une petite fenêre "Make your file available for download longer" apparaît, cliquer sur No thanks
*- Envoyer en réponse sur le forum le lien qui est affiché en dessous de "Here's the link to your file:".

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: Demande d'analyse

Messagede Flow » 21 Juil 2011, 13:47

Voici le lien https://www.yousendit.com/download/cnJo ... MEZFQlE9PQ

Est-ce normal que le 2e fichier soit vide ?
Flow
 
Messages: 10
Inscription: 17 Juil 2011, 15:31

Re: Demande d'analyse

Messagede Flow » 25 Juil 2011, 19:29

Up :wink:
Flow
 
Messages: 10
Inscription: 17 Juil 2011, 15:31

Re: Demande d'analyse

Messagede nickW » 26 Juil 2011, 17:03

Bonjour,

Note: si la procédure ci-dessous n'est pas assez détaillée, demande des explications avant de commencer!


1/ Faire une nouvelle sauvegarde du Registre avec ERUNT


2/ modification manuelle des autorisations sur quatre clés de Registre

Lancer l'Éditeur du Registre (Regedit).

Note très importante:
Faire très attention en utilisant regedit.
Toutes les saisies sont enregistrées en direct, sans possibilité d'annuler ni de revenir en arrière.
Une fausse manip pourrait bloquer la machine complètement.



Ouvrir la clé HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services


  • Faire un clic droit sur la sous-clé DHCP et choisir Autorisations...
  • Dans la fenêtre "Autorisations pour DHCP", cliquer sur le bouton Ajouter
  • Dans la fenêtre "Sélectionnez Utilisateurs ou groupes", sous "Entrez les noms des objets à sélectionner", taper service puis cliquer sur le bouton Vérifier les noms.
  • Dans la fenêtre Noms multiples trouvés, sélectionner SERVICE LOCAL puis cliquer sur OK
  • Dans la fenêtre Sélectionnez Utilisateurs ou groupes, cliquer sur OK
  • Dans la fenêtre Autorisations pour DHCP, SERVICE LOCAL étant sélectionné, cocher la case Contrôle total dans la colonne Autoriser, et valider en cliquant sur OK.

Faire exactement les mêmes manips pour les sous-clés BFE, DPS et W32time.


Faire redémarrer le PC.

Que se passe-t-il pour les services que tu avais signalés dans ton premier message:

Agent de stratégie IPsec : Erreur 1068 : Le service ou groupe de dépendance n'a pas pu démarrer.
Client DHCP : Erreur 5 : Accès refusé
Connaissance des emplacements réseaux : Erreur -1073741288
Horloge Windows : Erreur 5
Module de génération des clés IKE et AuthIP : Erreur 1068
Moteur de filtrage de base : Erreur 5
Pare-feu Windows : Erreur 1068
Service de stratégie de diagnostic : Erreur 5
Service initiateur iSCSI de Microsoft : Erreur 2 : Le fichier spécifié est introuvable
Service liste des réseaux : Erreur 1068
Windows Search : Erreur -21472118141


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 38 invités