[OK] Hijacké depuis Novembre 2011

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[OK] Hijacké depuis Novembre 2011

Messagede ABLATOR » 09 Avr 2012, 14:26

Bonjour,
Le Netbook de ma femme (ma config) est apparement hijacke depuis novembre 2011.
Par manque de temps je ne m'adresse a vous que maintenant.
(j'ai parametre la recherche OTL pour inclure les fichiers plus anciens)

Les symptomes :

Modification de la page de demarrage des trois navigateurs (IE jamais servi mais verifié pour l'occasion).
modification des extensions et preferences de Chrome.
Notament la recherche par defaut (qui est google sponsorise 'partner-pub' par goong)
Impossible de reconfigurer durablement.

Page de demarrage [url]goong.info[/url] (immediatement desactive via le fichier host)

(dans l'historique du jour presume du debut du hijacking les sites suspects [url]startsear.ch[/url] et [url]gameplaylabs.com[/url] )

Machine ralentie a l'extreme (certes petite config mais ca rame meme pour lancer un divx)

Merci d'avance pour votre aide.

Desole pour les accents, je poste depuis un qwerty.


Rapport MBAM

Malwarebytes Anti-Malware 1.60.1.1000
http://www.malwarebytes.org

Version de la base de données: v2012.04.09.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Julia ARNOLD :: JULIA [administrateur]

09/04/2012 15:39:07
mbam-log-2012-04-09 (15-46-46).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 201310
Temps écoulé: 7 minute(s), 9 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Internet Explorer Update (Trojan.StartPage.GNO) -> Données: "C:\Program Files\Internet Explorer\iexplore_update.exe" -> Aucune action effectuée.

Elément(s) de données du Registre détecté(s): 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Mauvais: (http://www.goong.info) Bon: (http://www.google.com) -> Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Mauvais: (http://www.goong.info) Bon: (http://www.google.com) -> Aucune action effectuée.

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 2
D:\MesDocs\Downloads\etypesetup.exe (PUP.BundleInstaller.Somoto) -> Aucune action effectuée.
C:\Program Files\Internet Explorer\iexplore_update.exe (Trojan.StartPage.GNO) -> Aucune action effectuée.

(fin)

A suivre rapports OTL (2)
Dernière édition par ABLATOR le 02 Mai 2012, 18:02, édité 2 fois.
ABLATOR
 
Messages: 9
Inscription: 24 Nov 2011, 16:23

Re: Hijacké depuis Novembre 2011

Messagede ABLATOR » 09 Avr 2012, 14:29

Comme promis le rapport OTL 1/2

OTL logfile created on: 09/04/2012 15:55:38 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Julia ARNOLD\Bureau\SAUVER LORDI
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040D | Country: Israël | Language: HEB | Date Format: dd/MM/yyyy

1014.36 Mb Total Physical Memory | 341.50 Mb Available Physical Memory | 33.67% Memory free
2.39 Gb Paging File | 1.68 Gb Available in Paging File | 70.23% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.04 Gb Total Space | 9.51 Gb Free Space | 37.96% Space Free | Partition Type: NTFS
Drive D: | 118.00 Gb Total Space | 53.57 Gb Free Space | 45.40% Space Free | Partition Type: NTFS

Computer Name: JULIA | User Name: Julia ARNOLD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Processes (SafeList) ==========

PRC - [2012/04/09 15:07:21 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Julia ARNOLD\Bureau\SAUVER LORDI\OTL.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/12/12 17:16:50 | 000,736,120 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/11/28 02:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 07:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 21:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 07:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/09 14:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe
PRC - [2011/06/09 14:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
PRC - [2010/09/27 19:40:56 | 000,814,176 | ---- | M] ( ) -- C:\Program Files\Miranda IM\miranda32.exe
PRC - [2010/06/26 03:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/06/22 22:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2009/12/24 00:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/23 19:52:08 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/10/06 20:07:26 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008/05/21 18:44:30 | 000,299,008 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\MagicKBD\PerformanceManager.exe
PRC - [2008/05/20 22:02:08 | 000,372,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Program Files\Samsung\MagicKBD\MagicKBD.exe
PRC - [2008/04/14 15:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/20 22:40:30 | 000,659,456 | ---- | M] (Samsung Electronics,.LTD) -- C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
PRC - [2007/11/14 23:46:00 | 000,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2007/04/01 11:02:38 | 001,416,072 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/04/01 11:02:38 | 000,568,176 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe


========== Modules (No Company Name) ==========

MOD - [2010/09/27 19:40:24 | 000,054,372 | ---- | M] () -- C:\Program Files\Miranda IM\zlib.dll
MOD - [2010/09/27 19:40:10 | 000,333,930 | ---- | M] () -- C:\Program Files\Miranda IM\Plugins\ICQ.dll
MOD - [2010/09/27 19:39:54 | 000,036,973 | ---- | M] () -- C:\Program Files\Miranda IM\Plugins\dbx_mmap.dll
MOD - [2010/09/27 19:39:36 | 000,245,860 | ---- | M] () -- C:\Program Files\Miranda IM\Plugins\chat.dll
MOD - [2010/02/21 19:33:46 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/10/30 00:02:16 | 000,375,808 | ---- | M] () -- C:\Program Files\Miranda IM\Plugins\uinfoexW.dll
MOD - [2008/07/27 02:30:52 | 000,086,113 | ---- | M] () -- C:\Program Files\Miranda IM\Plugins\StartupStatus.dll
MOD - [2008/07/27 02:30:42 | 000,090,203 | ---- | M] () -- C:\Program Files\Miranda IM\Plugins\KeepStatus.dll
MOD - [2008/04/14 15:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 13:34:40 | 000,158,208 | ---- | M] () -- C:\Program Files\Miranda IM\Plugins\svc_vi.dll
MOD - [2008/01/24 18:56:44 | 000,106,496 | ---- | M] () -- C:\Program Files\Miranda IM\Plugins\folders.dll
MOD - [2007/04/01 11:00:28 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007/01/06 05:14:58 | 000,045,056 | ---- | M] () -- C:\Program Files\Miranda IM\Plugins\mtextcontrolA.dll
MOD - [2007/01/06 05:14:36 | 000,045,056 | ---- | M] () -- C:\Program Files\Miranda IM\Plugins\mtextcontrolW.dll
MOD - [2006/08/12 14:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
MOD - [2005/07/12 18:34:22 | 000,045,056 | ---- | M] () -- C:\Program Files\Samsung\MagicKBD\EasyBoxDll.dll
MOD - [2001/10/28 19:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010/05/06 12:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/12/24 00:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/02/23 19:52:08 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/11/14 23:46:00 | 000,131,072 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2006/10/26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/10/07 07:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 07:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 07:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 07:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 02:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 02:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 02:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 02:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/06/04 20:29:04 | 001,606,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2010/03/18 12:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 12:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/03/18 12:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/03/05 01:08:29 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/04/21 11:09:00 | 000,297,344 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/09/29 22:23:00 | 000,119,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hspamdm.sys -- (hspamdm)
DRV - [2008/09/29 22:23:00 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hspaserd.sys -- (hspaserd) SAMSUNG HSPA Modem Diagnostic Serial Port (WDM)
DRV - [2008/09/29 22:23:00 | 000,091,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hspabus.sys -- (hspabus) SAMSUNG HSPA USB Composite Device driver (WDM)
DRV - [2008/09/29 22:23:00 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hspamdfl.sys -- (hspamdfl)
DRV - [2008/09/23 23:23:58 | 000,238,464 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMC326.sys -- (VMC326)
DRV - [2008/09/15 16:26:22 | 000,110,080 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2008/09/15 16:26:22 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2008/09/15 16:26:22 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/09/15 16:26:22 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/09/15 16:26:22 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/09/15 16:26:22 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/08/27 02:35:00 | 004,753,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/14 15:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/01/14 21:01:02 | 000,030,208 | ---- | M] (Samsung Electronics,.LTD) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS -- (DNSeFilter)
DRV - [2007/03/31 23:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/03/23 20:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/03/23 20:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/03/23 20:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/10/30 16:29:28 | 000,019,840 | ---- | M] (Samsung) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SUE_PD.sys -- (SUEPD)
DRV - [2005/10/27 07:18:05 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.goong.info
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.com/cse?cx=partner-pu ... e=UTF-8&q={searchTerms}&sa=Search&siteurl=www.goong.info%2F


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1288677605-1120525238-1053312028-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.goong.info
IE - HKU\S-1-5-21-1288677605-1120525238-1053312028-1008\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-1288677605-1120525238-1053312028-1008\..\SearchScopes,DefaultScope = {4CE02DF6-97C8-4AC7-81F0-B48FD6203C1A}
IE - HKU\S-1-5-21-1288677605-1120525238-1053312028-1008\..\SearchScopes\{4CE02DF6-97C8-4AC7-81F0-B48FD6203C1A}: "URL" = http://www.google.com/cse?cx=partner-pu ... e=UTF-8&q={searchTerms}&sa=Search&siteurl=www.goong.info%2F
IE - HKU\S-1-5-21-1288677605-1120525238-1053312028-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.goong.info"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44079
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.6
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6.4.1
FF - prefs.js..extensions.enabledItems: {79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}:4.7.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.2
FF - prefs.js..extensions.enabledItems: {84b24861-62f6-364b-eba5-2e5e2061d7e6}:0.9.3
FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.4
FF - prefs.js..extensions.enabledItems: tempomail@ingetic..maxime.robache:1.0.13
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: TooManyTabs@visibotech.com:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.1.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC9\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Julia ARNOLD\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Julia ARNOLD\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Julia ARNOLD\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Julia ARNOLD\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 21:39:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 08:43:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/14 21:05:16 | 000,000,000 | ---D | M]

[2009/11/02 22:18:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Julia ARNOLD\Application Data\Mozilla\Extensions
[2011/12/16 16:52:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Julia ARNOLD\Application Data\Mozilla\Firefox\Profiles\3b1rfwbn.default\extensions
[2010/04/04 19:54:15 | 000,000,000 | ---D | M] (Qute) -- C:\Documents and Settings\Julia ARNOLD\Application Data\Mozilla\Firefox\Profiles\3b1rfwbn.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2011/03/25 18:31:15 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Documents and Settings\Julia ARNOLD\Application Data\Mozilla\Firefox\Profiles\3b1rfwbn.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2010/06/08 00:48:57 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Documents and Settings\Julia ARNOLD\Application Data\Mozilla\Firefox\Profiles\3b1rfwbn.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
[2009/12/13 03:17:18 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Documents and Settings\Julia ARNOLD\Application Data\Mozilla\Firefox\Profiles\3b1rfwbn.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2011/11/13 13:10:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Julia ARNOLD\Application Data\Mozilla\Firefox\Profiles\3b1rfwbn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/10 18:55:43 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Julia ARNOLD\Application Data\Mozilla\Firefox\Profiles\3b1rfwbn.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/11/10 13:02:16 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Julia ARNOLD\Application Data\Mozilla\Firefox\Profiles\3b1rfwbn.default\extensions\piclens@cooliris.com
[2011/07/30 21:30:28 | 000,000,000 | ---D | M] (TooManyTabs) -- C:\Documents and Settings\Julia ARNOLD\Application Data\Mozilla\Firefox\Profiles\3b1rfwbn.default\extensions\TooManyTabs@visibotech.com
[2012/04/01 17:43:34 | 000,002,105 | ---- | M] () -- C:\Documents and Settings\Julia ARNOLD\Application Data\Mozilla\Firefox\Profiles\3b1rfwbn.default\searchplugins\google.xml
[2011/11/24 16:48:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/07 12:07:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/06 17:28:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/06 20:22:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/08 15:12:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/06 17:04:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/24 16:48:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JULIA ARNOLD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3B1RFWBN.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JULIA ARNOLD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3B1RFWBN.DEFAULT\EXTENSIONS\{79C50F9A-2FFE-4EE0-8A37-FAE4F5DACD4F}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JULIA ARNOLD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3B1RFWBN.DEFAULT\EXTENSIONS\{89506680-E3F4-484C-A2C0-ED711D481EDA}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JULIA ARNOLD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3B1RFWBN.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JULIA ARNOLD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3B1RFWBN.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JULIA ARNOLD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3B1RFWBN.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JULIA ARNOLD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3B1RFWBN.DEFAULT\EXTENSIONS\LAZARUS@INTERCLUE.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JULIA ARNOLD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3B1RFWBN.DEFAULT\EXTENSIONS\TEMPOMAIL@INGETIC..MAXIME.ROBACHE.XPI
[2012/02/01 21:39:13 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2009/11/10 13:14:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/10 13:48:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/07 08:43:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.com/cse?cx=partner-pu ... e=UTF-8&q={searchTerms}&sa=Search&siteurl=www.goong.info%2F
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Julia ARNOLD\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Julia ARNOLD\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Julia ARNOLD\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Julia ARNOLD\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Julia ARNOLD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Julia ARNOLD\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Julia ARNOLD\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Julia ARNOLD\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC9\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Julia ARNOLD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

O1 HOSTS File: ([2011/11/24 15:04:35 | 000,438,920 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 startsear.ch #Ajoutés par emil Nov 2011
O1 - Hosts: 127.0.0.1 goong.info
O1 - Hosts: 127.0.0.1 gameplaylabs.com
O1 - Hosts: 127.0.0.1 www.startsear.ch
O1 - Hosts: 127.0.0.1 www.goong.info
O1 - Hosts: 127.0.0.1 www.gameplaylabs.com #AD Kan
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 15096 more lines...
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {54B02808-B60E-44CD-A72D-9865117E4E62} - No CLSID value found.
O2 - BHO: (AGFormHelperObj Class) - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\Program Files\agat\AGForm\AGFormsHelper.dll (Agat)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AGForms) - {ed2e7de7-07db-4941-a06d-f780b93ba730} - C:\Program Files\agat\AGForm\AGForms.dll (Agat)
O3 - HKU\S-1-5-21-1288677605-1120525238-1053312028-1008\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [MagicKeyboard] C:\Program Files\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SUPBackground] C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe ()
O4 - HKLM..\Run: [XNotes] C:\Program Files\XNotes\XNotes.exe File not found
O4 - HKU\S-1-5-21-1288677605-1120525238-1053312028-1008..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-1288677605-1120525238-1053312028-1008..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1288677605-1120525238-1053312028-1008..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\Julia ARNOLD\Menu Démarrer\Programmes\Démarrage\Miranda IM.lnk = C:\Program Files\Miranda IM\miranda32.exe ( )
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1288677605-1120525238-1053312028-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1288677605-1120525238-1053312028-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1288677605-1120525238-1053312028-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKU\S-1-5-21-1288677605-1120525238-1053312028-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-1288677605-1120525238-1053312028-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-21-1288677605-1120525238-1053312028-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKU\S-1-5-21-1288677605-1120525238-1053312028-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKU\S-1-5-21-1288677605-1120525238-1053312028-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKU\S-1-5-21-1288677605-1120525238-1053312028-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKU\S-1-5-21-1288677605-1120525238-1053312028-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1288677605-1120525238-1053312028-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-21-1288677605-1120525238-1053312028-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKU\S-1-5-21-1288677605-1120525238-1053312028-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-21-1288677605-1120525238-1053312028-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Barre RoboForm - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Enregistrer le formulaire - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Personnaliser le menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Remplir le formulaire - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Julia ARNOLD\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Julia ARNOLD\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/23 12:58:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{02be8778-4035-11e0-ad36-001377f49dc1}\Shell - "" = AutoRun
O33 - MountPoints2\{02be8778-4035-11e0-ad36-001377f49dc1}\Shell\AutoRun\command - "" = E:\memorybar.exe
O33 - MountPoints2\{7622bc2a-c7e6-11de-ac96-001377f49dc1}\Shell - "" = AutoRun
O33 - MountPoints2\{7622bc2a-c7e6-11de-ac96-001377f49dc1}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7622bc2d-c7e6-11de-ac96-001377f49dc1}\Shell - "" = AutoRun
O33 - MountPoints2\{7622bc2d-c7e6-11de-ac96-001377f49dc1}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e519ba77-2039-11e1-ad74-001377f49dc1}\Shell - "" = AutoRun
O33 - MountPoints2\{e519ba77-2039-11e1-ad74-001377f49dc1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
ABLATOR
 
Messages: 9
Inscription: 24 Nov 2011, 16:23

Re: Hijacké depuis Novembre 2011

Messagede ABLATOR » 09 Avr 2012, 14:32

La suite 2/2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 360 Days ==========

[2012/04/09 15:31:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/09 15:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/04/09 15:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ERUNT
[2012/04/09 15:24:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Julia ARNOLD\Application Data\Malwarebytes
[2012/04/09 15:24:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/09 15:24:00 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/09 15:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/09 15:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Julia ARNOLD\Bureau\SAUVER LORDI
[2012/04/06 15:21:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Julia ARNOLD\Recent
[2012/03/15 22:30:36 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/03/04 14:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Skype
[2012/03/04 14:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Skype
[2012/03/02 10:53:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/02/16 22:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Julia ARNOLD\Bureau\impression
[2011/12/12 17:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/12/12 17:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Julia ARNOLD\Application Data\uTorrent
[2011/12/12 15:45:02 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrobj.dll
[2011/12/12 15:45:02 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrrun.dll
[2011/12/12 15:45:02 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscript.exe
[2011/12/12 15:45:02 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshom.ocx
[2011/12/12 15:45:02 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cscript.exe
[2011/12/12 15:45:02 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshext.dll
[2011/12/07 16:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Julia ARNOLD\Bureau\1ESL
[2011/12/07 16:37:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Julia ARNOLD\Bureau\1S
[2011/12/04 13:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Julia ARNOLD\Application Data\AVG2012
[2011/12/04 13:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AVG 2012
[2011/12/04 13:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/12/04 13:15:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/12/01 22:41:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/01 22:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/11/27 13:26:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Google Earth
[2011/11/26 00:57:09 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll
[2011/11/24 16:48:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/11/24 16:48:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/11/24 16:48:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/11/24 15:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\xp-AntiSpy
[2011/11/24 15:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Julia ARNOLD\Menu Démarrer\Programmes\xp-AntiSpy
[2011/11/24 13:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/23 17:40:17 | 001,860,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2011/11/23 14:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Spybot - Search & Destroy
[2011/11/23 14:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/11/23 14:58:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/11/20 09:12:29 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\packager.exe
[2011/11/16 17:22:22 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhttp.dll
[2011/11/16 17:22:22 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2011/11/06 13:09:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Julia ARNOLD\Application Data\Apple Computer
[2011/11/06 13:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Julia ARNOLD\Application Data\Opera
[2011/11/03 18:28:33 | 001,298,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quartz.dll
[2011/11/03 18:28:33 | 000,387,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2011/11/01 23:35:12 | 001,510,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2011/11/01 23:35:11 | 001,025,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2011/11/01 19:07:16 | 001,288,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ole32.dll
[2011/10/28 08:31:45 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2011/10/26 13:50:07 | 002,194,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/10/26 13:50:07 | 002,071,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2011/10/26 13:50:05 | 002,150,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/10/26 13:50:05 | 002,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/10/14 17:47:41 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmm.dll
[2011/10/14 17:47:41 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciseq.dll
[2011/10/10 17:23:00 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2011/10/07 07:23:48 | 000,230,608 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2011/10/04 07:21:42 | 000,016,720 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSShim.sys
[2011/09/28 10:06:46 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/27 09:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Julia ARNOLD\.swt
[2011/09/21 14:29:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Julia ARNOLD\Application Data\TeamViewer
[2011/09/21 14:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\TeamViewer 6
[2011/09/21 14:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/09/20 23:04:39 | 000,000,000 | ---D | C] -- D:\MesDocs\Downloads
[2011/09/19 21:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Julia ARNOLD\Menu Démarrer\Programmes\Google Chrome
[2011/09/13 07:30:10 | 000,032,592 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2011/09/06 10:32:10 | 000,000,000 | ---D | C] -- D:\MesDocs\israir
[2011/08/29 15:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2011/08/29 15:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/08/29 15:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Google Chrome
[2011/08/08 07:08:58 | 000,040,016 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011/08/01 20:52:25 | 000,000,000 | ---D | C] -- C:\378eafa4ad9513492765eaa6c79ea28d
[2011/07/11 02:14:38 | 000,295,248 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2011/07/11 02:14:28 | 000,024,272 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSFilter.sys
[2011/07/11 02:14:28 | 000,023,120 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSEH.sys
[2011/07/11 02:14:26 | 000,134,608 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys
[2011/07/07 03:28:22 | 001,193,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\FM20.DLL
[2011/07/06 17:04:47 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/06/27 21:19:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/06/17 00:01:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/05/20 15:28:02 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/04/29 09:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Julia ARNOLD\Local Settings\Application Data\Conduit
[2011/04/21 21:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Alcohol 52%
[2011/04/17 01:46:26 | 000,000,000 | ---D | C] -- C:\fa7063090433cb85236bb3
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 360 Days ==========

[2012/04/09 16:02:39 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/04/09 15:35:02 | 000,001,068 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/09 15:16:02 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1288677605-1120525238-1053312028-1008UA.job
[2012/04/09 15:16:00 | 000,000,984 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1288677605-1120525238-1053312028-1008Core.job
[2012/04/09 14:02:48 | 094,259,061 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/08 19:35:00 | 000,001,064 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/06 12:35:14 | 000,149,395 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/01 17:42:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/01 17:41:55 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/27 18:18:54 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
[2012/03/16 09:17:19 | 000,345,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/16 08:54:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/15 21:29:51 | 000,003,509 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2012/02/21 23:18:18 | 000,171,008 | ---- | M] () -- C:\Documents and Settings\Julia ARNOLD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/18 22:00:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/17 11:53:30 | 000,556,450 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2012/02/17 11:53:30 | 000,494,972 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/17 11:53:30 | 000,111,960 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2012/02/17 11:53:30 | 000,091,680 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/03 12:58:01 | 001,860,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2012/02/03 12:58:01 | 001,860,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2012/02/01 23:50:41 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Julia ARNOLD\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/01/11 22:06:41 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/11 22:06:41 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/01/09 19:20:23 | 000,139,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/01/05 17:09:50 | 000,091,544 | ---- | M] () -- C:\Documents and Settings\Julia ARNOLD\Bureau\DM_phylogenieTS3.pdf
[2012/01/05 17:00:35 | 000,104,851 | ---- | M] () -- C:\Documents and Settings\Julia ARNOLD\Bureau\evol2010.pdf
[2011/12/19 11:54:10 | 001,510,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2011/12/19 11:54:10 | 001,025,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2011/12/18 15:43:32 | 011,082,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011/12/17 22:43:31 | 005,979,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/12/17 22:43:31 | 001,212,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2011/12/17 22:43:31 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2011/12/17 22:43:31 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2011/12/17 22:43:31 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2011/12/17 22:43:31 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2011/12/17 22:43:31 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2011/12/17 22:43:31 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2011/12/17 22:43:31 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2011/12/17 22:43:30 | 002,000,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/12/17 22:43:30 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2011/12/17 22:43:30 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2011/12/17 22:43:30 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2011/12/17 22:43:30 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/12/17 22:43:30 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2011/12/17 22:43:30 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2011/12/17 22:43:30 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2011/12/17 22:43:30 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/12/17 22:43:30 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2011/12/17 22:43:30 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2011/12/17 22:43:30 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2011/12/17 22:43:30 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2011/12/17 22:43:29 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/12/17 22:43:29 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2011/12/17 22:43:29 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2011/12/16 15:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2011/12/16 15:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2011/12/16 15:22:58 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/05 15:49:15 | 000,727,908 | ---- | M] () -- C:\Documents and Settings\Julia ARNOLD\Bureau\Infection par le VIH-schéma bilan.pdf
[2011/12/04 13:17:07 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjw.avm
[2011/12/04 13:15:53 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/30 15:45:43 | 000,364,481 | ---- | M] () -- C:\Documents and Settings\Julia ARNOLD\Bureau\btl.pdf
[2011/11/27 13:26:03 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk
[2011/11/26 00:57:09 | 000,293,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winsrv.dll
[2011/11/26 00:57:09 | 000,293,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll
[2011/11/24 15:04:35 | 000,438,920 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/20 09:12:29 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\packager.exe
[2011/11/20 09:12:29 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\packager.exe
[2011/11/16 17:22:22 | 000,354,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhttp.dll
[2011/11/16 17:22:22 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2011/11/10 15:10:17 | 000,068,892 | ---- | M] () -- C:\Documents and Settings\Julia ARNOLD\Bureau\Document.rtf
[2011/11/03 18:28:33 | 001,298,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quartz.dll
[2011/11/03 18:28:33 | 000,387,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2011/11/02 16:24:34 | 000,000,955 | ---- | M] () -- C:\WINDOWS\Kaluach3.INI
[2011/11/01 19:07:16 | 001,288,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ole32.dll
[2011/11/01 15:09:31 | 000,967,964 | ---- | M] () -- C:\Program Files\update.exe
[2011/10/28 08:31:45 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2011/10/28 08:31:45 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2011/10/26 13:50:07 | 002,194,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/10/26 13:50:07 | 002,071,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2011/10/26 13:50:05 | 002,150,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2011/10/26 13:50:05 | 002,150,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/10/26 13:50:05 | 002,029,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/10/26 13:50:05 | 002,029,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2011/10/18 14:13:39 | 000,186,880 | ---- | M] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2011/10/14 17:47:41 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmm.dll
[2011/10/14 17:47:41 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mciseq.dll
[2011/10/14 17:47:41 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciseq.dll
[2011/10/10 17:23:00 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2011/10/07 07:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2011/10/04 12:10:17 | 000,038,627 | ---- | M] () -- C:\Documents and Settings\Julia ARNOLD\Bureau\arnold (1).pdf
[2011/10/04 07:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSShim.sys
[2011/10/03 06:06:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/10/03 06:06:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/10/03 06:06:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/10/03 06:06:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/10/03 03:37:52 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/10/02 21:35:09 | 000,207,878 | ---- | M] () -- C:\Documents and Settings\Julia ARNOLD\Bureau\bitouahleumi julia.pdf
[2011/09/28 10:06:46 | 000,606,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/26 12:41:40 | 000,614,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 12:41:40 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011/09/21 14:28:58 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\TeamViewer 6.lnk
[2011/09/19 21:18:43 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\Julia ARNOLD\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/13 07:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2011/08/21 08:47:03 | 000,049,273 | ---- | M] () -- C:\Documents and Settings\Julia ARNOLD\Bureau\paiement carte grise2012.pdf
[2011/08/08 07:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011/08/02 23:47:50 | 000,000,187 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini
[2011/07/18 11:28:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/11 02:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2011/07/11 02:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSFilter.sys
[2011/07/11 02:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSEH.sys
[2011/07/11 02:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys
[2011/07/07 03:28:22 | 001,193,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\FM20.DLL
[2011/04/30 06:01:14 | 000,758,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2011/04/21 21:10:35 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Alcohol 52%.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/09 16:02:39 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/04/09 14:02:48 | 094,259,061 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/06 12:35:14 | 000,149,395 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/03/04 14:53:46 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
[2012/02/16 20:09:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 20:09:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/01/05 17:09:57 | 000,091,544 | ---- | C] () -- C:\Documents and Settings\Julia ARNOLD\Bureau\DM_phylogenieTS3.pdf
[2012/01/05 17:00:42 | 000,104,851 | ---- | C] () -- C:\Documents and Settings\Julia ARNOLD\Bureau\evol2010.pdf
[2011/12/16 12:17:23 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/12/05 15:49:22 | 000,727,908 | ---- | C] () -- C:\Documents and Settings\Julia ARNOLD\Bureau\Infection par le VIH-schéma bilan.pdf
[2011/12/04 13:17:07 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjw.avm
[2011/11/30 15:45:43 | 000,364,481 | ---- | C] () -- C:\Documents and Settings\Julia ARNOLD\Bureau\btl.pdf
[2011/11/27 13:26:03 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk
[2011/11/01 15:09:07 | 000,967,964 | ---- | C] () -- C:\Program Files\update.exe
[2011/10/26 16:54:20 | 000,068,892 | ---- | C] () -- C:\Documents and Settings\Julia ARNOLD\Bureau\Document.rtf
[2011/10/18 14:13:39 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2011/10/04 12:10:17 | 000,038,627 | ---- | C] () -- C:\Documents and Settings\Julia ARNOLD\Bureau\arnold (1).pdf
[2011/10/02 21:35:09 | 000,207,878 | ---- | C] () -- C:\Documents and Settings\Julia ARNOLD\Bureau\bitouahleumi julia.pdf
[2011/09/21 14:28:58 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\TeamViewer 6.lnk
[2011/09/19 21:18:43 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\Julia ARNOLD\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/06 10:39:22 | 000,053,762 | ---- | C] () -- D:\MesDocs\reparation ecran.pdf
[2011/08/21 08:46:48 | 000,049,273 | ---- | C] () -- C:\Documents and Settings\Julia ARNOLD\Bureau\paiement carte grise2012.pdf
[2011/07/01 18:57:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/14 21:05:52 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk
[2011/04/21 21:10:35 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Alcohol 52%.lnk
[2011/02/27 21:20:04 | 000,716,800 | R--- | C] () -- C:\WINDOWS\System32\memorybar.exe
[2010/07/25 18:47:40 | 000,000,507 | ---- | C] () -- C:\WINDOWS\LMAAM2DD.ini
[2010/07/25 10:32:14 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\snape20.bin

========== LOP Check ==========

[2011/12/04 13:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/12/04 12:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/03 00:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2011/03/14 18:17:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/06/04 12:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CounterPath
[2011/11/23 14:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeWifiManager
[2012/04/09 14:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/01/22 17:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2011/12/01 22:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2009/11/03 12:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010/03/05 01:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/12/23 13:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLAN
[2011/12/04 13:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julia ARNOLD\Application Data\AVG2012
[2011/12/12 15:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julia ARNOLD\Application Data\Azureus
[2011/11/24 14:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julia ARNOLD\Application Data\FileZilla
[2010/08/05 18:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julia ARNOLD\Application Data\LEA
[2010/08/22 14:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julia ARNOLD\Application Data\Leadertech
[2011/11/24 14:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julia ARNOLD\Application Data\Miranda
[2009/11/10 13:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julia ARNOLD\Application Data\OpenOffice.org
[2011/11/06 13:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julia ARNOLD\Application Data\Opera
[2010/08/09 00:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julia ARNOLD\Application Data\SoftPlug
[2011/09/21 14:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julia ARNOLD\Application Data\TeamViewer
[2012/04/09 16:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julia ARNOLD\Application Data\uTorrent
[2009/11/03 12:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julia ARNOLD\Application Data\Vodafone
[2009/11/03 12:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Vodafone
[2009/11/06 13:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Vodafone

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/04/14 15:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 15:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 15:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 15:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008/04/13 13:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 15:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: CTFMON.EXE >
[2008/04/14 15:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe

< MD5 for: EVENTLOG.DLL >
[2008/04/14 15:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 15:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/14 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 15:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 15:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 15:00:00 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >

A suivre les extras...
ABLATOR
 
Messages: 9
Inscription: 24 Nov 2011, 16:23

Re: Hijacké depuis Novembre 2011

Messagede ABLATOR » 09 Avr 2012, 14:34

OTL Extras logfile created on: 09/04/2012 15:55:38 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Julia ARNOLD\Bureau\SAUVER LORDI
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040D | Country: Israël | Language: HEB | Date Format: dd/MM/yyyy

1014.36 Mb Total Physical Memory | 341.50 Mb Available Physical Memory | 33.67% Memory free
2.39 Gb Paging File | 1.68 Gb Available in Paging File | 70.23% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.04 Gb Total Space | 9.51 Gb Free Space | 37.96% Space Free | Partition Type: NTFS
Drive D: | 118.00 Gb Total Space | 53.57 Gb Free Space | 45.40% Space Free | Partition Type: NTFS

Computer Name: JULIA | User Name: Julia ARNOLD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1288677605-1120525238-1053312028-1008\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC9\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC9\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"27058:UDP" = 27058:UDP:*:Enabled:VUZEMIL

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Julia ARNOLD\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Julia ARNOLD\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Julia ARNOLD\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Julia ARNOLD\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\FileZilla FTP Client\filezilla.exe" = C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client -- (FileZilla Project)
"C:\totalcmd\TOTALCMD.EXE" = C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)
"C:\Documents and Settings\Julia ARNOLD\Local Settings\Temp\SIPInside.exe" = C:\Documents and Settings\Julia ARNOLD\Local Settings\Temp\SIPInside.exe:*:Enabled:SIPInside
"C:\Documents and Settings\Julia ARNOLD\Bureau\SIPInside.exe" = C:\Documents and Settings\Julia ARNOLD\Bureau\SIPInside.exe:*:Enabled:SIPInside
"C:\Program Files\SIP\SIPInside.exe" = C:\Program Files\SIP\SIPInside.exe:*:Enabled:SIPInside -- ()
"C:\Program Files\Miranda IM\miranda32.exe" = C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )
"C:\Program Files\CounterPath\X-Lite\x-lite.exe" = C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\LEA\SoftPlug\V3.1\SoftPlug.exe" = C:\Program Files\LEA\SoftPlug\V3.1\SoftPlug.exe:*:Enabled:SoftPlug -- (LEA)
"C:\Program Files\VideoLAN\VLC9\vlc.exe" = C:\Program Files\VideoLAN\VLC9\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Programme d'installation AVG -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Bouclier Web -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:Diagnostics AVG 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Scanner e-mail personnel -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""Coeur"_is1" = Coeur
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{069C1AD7-AC72-40E0-A156-7442EA6A48D7}" = AVG 2012
"{077E2E73-01E0-4F37-81AD-C93C6C2F0933}" = Internet 3G+
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18880887-285F-4260-989B-8B22020D756F}" = E-GOV.IL Sign&Verify Software - AGForm toolbar
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1E2DA2E2-ABCD-461E-AD01-3D85D61DE5F6}" = Microsoft SQL Server Native Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 29
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{3380F354-C5F7-4E71-8F51-EEE6C3F06C62}" = Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{480DBB60-F0B6-45F2-B26F-1A2E11197791}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{5903C48B-E953-47B8-A651-B9222C483057}" = Analyseur MSXML 6.0
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5CBB720F-08E6-4043-B83F-76C277AF6DE7}" = Samsung Wallpaper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{614F6133-1897-3CB9-859A-F2A19FBE8D4A}" = Google Talk Plugin
"{69ca8988-1c6c-4285-b8af-db780a6e42af}" = Gestionnaire de contacts professionnels pour Outlook 2007 SP2
"{6C68E35D-01EA-4CA9-A0B0-81D17E085945}" = Internet 3G+
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{876D774C-04D0-4796-B6A0-B7945340847D}" = SoftPlug V3.1.0
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-040C-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (French) 2007
"{90120000-0017-040C-0000-0000000FF1CE}_OMUI.fr-fr_{879D8136-C3A7-4A13-A8F4-309467087372}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_OMUI.fr-fr_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.fr-fr_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.fr-fr_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.fr-fr_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_OMUI.fr-fr_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_OMUI.fr-fr_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_OMUI.fr-fr_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2007
"{90120000-00BA-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-040C-0000-0000000FF1CE}" = Microsoft Office O MUI (French) 2007
"{90120000-0100-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-040C-0000-0000000FF1CE}" = Microsoft Office X MUI (French) 2007
"{90120000-0101-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CAC71E9-D196-472E-845C-5462356B2AE1}" = Easy Resolution Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS
"{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.3 - Français
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E91E7BCC-C5CD-465A-BB29-AD1EA07F283D}" = Microsoft SQL Server VSS Writer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agfa ScanWise 2.00" = Agfa ScanWise 2.00
"AI RoboForm" = AI RoboForm (All Users)
"AVG" = AVG 2012
"Business Contact Manager" = Gestionnaire de contacts professionnels pour Outlook 2007 SP2
"CCleaner" = CCleaner
"Codage du message nerveux_is1" = Nerf version 2.0.0.C
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.3.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 1.99.1
"ie8" = Windows Internet Explorer 8
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"Lexmark Printer Software Uninstall" = Désinstallation du logiciel d'imprimante Lexmark
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Miranda IM" = Miranda IM 0.9.4
"Mozilla Firefox 6.0.2 (x86 fr)" = Mozilla Firefox 6.0.2 (x86 fr)
"OMUI.fr-fr" = Microsoft Office Language Pack 2007 - French/Français
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"SAMSUNG HSPA Modem" = SAMSUNG HSPA Modem Software
"SP6" = Logitech SetPoint 6.15
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 6" = TeamViewer 6
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"X-Lite 1.5_is1" = X-Lite 3.0
"X-Lite 3.0_is1" = X-Lite 3.0
"xp-AntiSpy" = xp-AntiSpy 3.98

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1288677605-1120525238-1053312028-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/11/2011 06:41:18 | Computer Name = JULIA | Source = ESENT | ID = 490
Description = svchost (1140) Une tentative d'ouverture du fichier "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
pour accès en lecture/écriture a échoué en indiquant l'erreur système 32 (0x00000020)
: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un
autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur
-1032 (0xfffffbf8).

Error - 24/11/2011 06:41:19 | Computer Name = JULIA | Source = ESENT | ID = 490
Description = svchost (1140) Une tentative d'ouverture du fichier "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
pour accès en lecture/écriture a échoué en indiquant l'erreur système 32 (0x00000020)
: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un
autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur
-1032 (0xfffffbf8).

Error - 24/11/2011 06:41:20 | Computer Name = JULIA | Source = ESENT | ID = 490
Description = svchost (1140) Une tentative d'ouverture du fichier "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
pour accès en lecture/écriture a échoué en indiquant l'erreur système 32 (0x00000020)
: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un
autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur
-1032 (0xfffffbf8).

Error - 24/11/2011 06:41:20 | Computer Name = JULIA | Source = ESENT | ID = 470
Description = Catalog Database (1140) La base de données C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
est partiellement jointe. Phase d'insertion en pièce jointe : 3. Erreur : -1032.

Error - 05/12/2011 09:13:50 | Computer Name = JULIA | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré.


Error - 05/12/2011 09:14:05 | Computer Name = JULIA | Source = crypt32 | ID = 131077
Description = Échec de la récupération de la mise à jour automatique du certificat
racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25.crt>
avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré.


Error - 05/12/2011 09:14:12 | Computer Name = JULIA | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Le serveur spécifié ne peut pas exécuter l'opération demandée.

Error - 13/12/2011 03:09:15 | Computer Name = JULIA | Source = MsiInstaller | ID = 11704
Description = SA_Error1709: StandardAction(0xC00706AD): Produit : AVG 2012 -- Erreur
1704. SA_Error1704: StandardAction(0xC00706A8): Une installation de Microsoft Office
PowerPoint MUI (English) 2007 est actuellement interrompue. Vous devez annuler
les modifications apportées par cette installation pour continuer. Voulez-vous annuler
les modifications ?

Error - 12/01/2012 21:14:39 | Computer Name = JULIA | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll
. Error code = 0x80070020

Error - 06/04/2012 05:32:37 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Application défaillante chrome.exe, version 18.0.1025.142, module
défaillant chrome.dll, version 17.0.963.83, adresse de défaillance 0x000a92c6.

[ System Events ]
Error - 30/03/2012 03:04:16 | Computer Name = JULIA | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
Dnscache à une transaction.

Error - 01/04/2012 10:28:54 | Computer Name = JULIA | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 192.168.1.101 sur
la carte réseau d'adresse réseau 00242C062665.

Error - 04/04/2012 02:37:54 | Computer Name = JULIA | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 192.168.1.101 sur
la carte réseau d'adresse réseau 00242C062665.

Error - 04/04/2012 11:00:26 | Computer Name = JULIA | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 192.168.1.101 sur
la carte réseau d'adresse réseau 00242C062665.

Error - 08/04/2012 03:15:02 | Computer Name = JULIA | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 192.168.1.101 sur
la carte réseau d'adresse réseau 00242C062665.

Error - 08/04/2012 06:01:37 | Computer Name = JULIA | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 192.168.1.101 sur
la carte réseau d'adresse réseau 00242C062665.

Error - 08/04/2012 10:19:14 | Computer Name = JULIA | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 192.168.1.101 sur
la carte réseau d'adresse réseau 00242C062665.

Error - 08/04/2012 13:38:54 | Computer Name = JULIA | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
Dnscache à une transaction.

Error - 09/04/2012 06:52:21 | Computer Name = JULIA | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 192.168.1.101 sur
la carte réseau d'adresse réseau 00242C062665.

Error - 09/04/2012 06:53:43 | Computer Name = JULIA | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
Dnscache à une transaction.


< End of report >
ABLATOR
 
Messages: 9
Inscription: 24 Nov 2011, 16:23

Re: Hijacké depuis Novembre 2011

Messagede nickW » 16 Avr 2012, 23:38

Bonsoir,

Premiers nettoyages:


Étape 1: Pas de processus de contrôle d'intégrité
Désactiver TeaTimer de Spybot-S&D.
Dans la SysBarre (zone située juste à gauche de l'horloge) faire un clic droit sur l'icône du Résident de Spybot-S&D et choisir "Quitter Résident de Spybot-S&D".
Lancer Spybot-S&D, Mode avancé, Outils, Résident, décocher la case située devant Résident "TeaTimer". Fermer Spybot-S&D.
Faire redémarrer le PC.
Note:
Il ne faut pas réactiver TeaTimer avant la fin du nettoyage du PC (je te dirai quand et comment le faire).


Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Voir: Désactiver le module résident de l'antivirus


Étape 3: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher, comme ceci:

Image

Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats":
Image


Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection": Image

Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 4: OTL (de OldTimer), correction

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Sélectionner toutes les lignes ci-dessous comprises entre les deux lignes ------- (qu'il ne faut pas sélectionner), puis appuyer simultanément sur les touches Ctrl et C
Note importante: ne pas oublier de sélectionner le caractère "deux points" en début de première ligne.

-----------------------------------------------------

:otl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.goong.info
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.com/cse?cx=partner-pu ... e=UTF-8&q={searchTerms}&sa=Search&siteurl=www.goong.info%2F
IE - HKU\S-1-5-21-1288677605-1120525238-1053312028-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.goong.info
IE - HKU\S-1-5-21-1288677605-1120525238-1053312028-1008\..\SearchScopes,DefaultScope = {4CE02DF6-97C8-4AC7-81F0-B48FD6203C1A}
IE - HKU\S-1-5-21-1288677605-1120525238-1053312028-1008\..\SearchScopes\{4CE02DF6-97C8-4AC7-81F0-B48FD6203C1A}: "URL" = http://www.google.com/cse?cx=partner-pu ... e=UTF-8&q={searchTerms}&sa=Search&siteurl=www.goong.info%2F
FF - prefs.js..browser.startup.homepage: "http://www.goong.info"
CHR - default_search_provider: search_url = http://www.google.com/cse?cx=partner-pu ... e=UTF-8&q={searchTerms}&sa=Search&siteurl=www.goong.info%2F

:Commands
[emptytemp]


-----------------------------------------------------

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: ABLATOR.
Si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.


Retourner dans la fenêtre de OTL, faire un clic droit dans la zone blanche sous "Personnalisation" Image et choisir Coller (les lignes sélectionnées ci-dessus doivent apparaître dans la zone "Personnalisation").

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer sur le bouton Correction: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Ok

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Correction terminée! Cliquez sur Ok pour afficher le rapport.". Cliquer sur Ok puis fermer OTL.


Étape 5: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 6: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 7: Résultats
Envoyer en réponse:
*- le rapport de correction de OTL (contenu du fichier %SystemDrive%\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier %SystemDrive%\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End of report>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: Hijacké depuis Novembre 2011

Messagede ABLATOR » 17 Avr 2012, 15:46

Voila j'ai fait mes devoirs M'dame.

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-1288677605-1120525238-1053312028-1008\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-1288677605-1120525238-1053312028-1008\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1288677605-1120525238-1053312028-1008\Software\Microsoft\Internet Explorer\SearchScopes\{4CE02DF6-97C8-4AC7-81F0-B48FD6203C1A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CE02DF6-97C8-4AC7-81F0-B48FD6203C1A}\ not found.
Prefs.js: "http://www.goong.info" removed from browser.startup.homepage
Unable to fix default_search_provider items.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Julia ARNOLD
->Temp folder emptied: 45637956 bytes
->Temporary Internet Files folder emptied: 420797 bytes
->Java cache emptied: 12453479 bytes
->FireFox cache emptied: 58441833 bytes
->Google Chrome cache emptied: 260950095 bytes
->Flash cache emptied: 4550 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33999 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 503926 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 967978 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 282163465 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 542282238 bytes

Total Files Cleaned = 1,148.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04172012_163952

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
ABLATOR
 
Messages: 9
Inscription: 24 Nov 2011, 16:23

Re: Hijacké depuis Novembre 2011

Messagede ABLATOR » 17 Avr 2012, 15:47

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Version de la base de données: v2012.04.17.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Julia ARNOLD :: JULIA [administrateur]

17/04/2012 16:16:10
mbam-log-2012-04-17 (16-16-10).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 202076
Temps écoulé: 10 minute(s), 25 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Internet Explorer Update (Trojan.StartPage.GNO) -> Données: "C:\Program Files\Internet Explorer\iexplore_update.exe" -> Mis en quarantaine et supprimé avec succès.

Elément(s) de données du Registre détecté(s): 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Mauvais: (http://www.goong.info) Bon: (http://www.google.com) -> Mis en quarantaine et réparé avec succès
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Mauvais: (http://www.goong.info) Bon: (http://www.google.com) -> Mis en quarantaine et réparé avec succès

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 2
D:\MesDocs\Downloads\etypesetup.exe (PUP.BundleInstaller.Somoto) -> Aucune action effectuée.
C:\Program Files\Internet Explorer\iexplore_update.exe (Trojan.StartPage.GNO) -> Mis en quarantaine et supprimé avec succès.

(fin)
ABLATOR
 
Messages: 9
Inscription: 24 Nov 2011, 16:23

Re: Hijacké depuis Novembre 2011

Messagede ABLATOR » 17 Avr 2012, 17:53

Ca m'a l'air d'avoir parfaitement fonctionne.

J'ai reparamétre les navigateurs : Pages d'accueil, Moteurs de recherche, Extensions et redemarre le PC plusieurs fois tout semble OK (la recherche a partir de la barre d'adresse de FF m'a donne du fil a retordre j'ai finalement modifie la valeur keywordURL dans about:config et ca a marche)
Je fais une vérification aupres de l'heureuse proprietaire et je reviens vers vous pour confirmer qu'elle est pleinement satisfaite d'ici 48h.

Faut-il reactiver TeaTimer des a present ?

Merci beaucoup en tout cas pour votre reponse d'une qualite et d'une precision rares. Chapeau bas pour toute l'equipe d'assiste. On sent l'amour du travail bien fait. Ca fait chaud au coeur.

Y a-t-il quelque chose que je puisse faire en retour pour vous etre agreable, me rendre utile ?

En attendant voici toujours une boite de chocolats que je me ferai un plaisir de vous faire parvenir (ou des fleurs si ca vous chante) a une adresse postale de votre choix.

Image

En attendant ca fait joli ca change un peu des rapports d'erreur sans pour autant sombrer dans le gnangnan d'un forum doctissimo.

A bientot et encore merci.
ABLATOR
 
Messages: 9
Inscription: 24 Nov 2011, 16:23

Re: Hijacké depuis Novembre 2011

Messagede nickW » 18 Avr 2012, 00:08

Bonsoir,

Whaouhhh! des chocolats!
C'est mon dentiste qui va être ravi ..... :wink:

Merci beaucoup!


Je pense qu'il est préférable d'attendre le verdict final de "l'heureuse proprietaire" avant de réactiver TeaTimer de Spybot-S&D, comme ceci:

Note: [%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

  • Supprimer tous les clichés du Registre créés par TeaTimer de Spybot-S&D
    Aller avec l'Explorateur Windows jusqu'au dossier:
    %SystemDrive%\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2
    Mettre dans une archive (fichier .zip) tous les fichiers qui s'y trouvent pour les sauvegarder, puis supprimer tous ces fichiers (ne conserver que l'archive de sauvegarde).
  • Supprimer tous les refus/autorisations de modification enregistrés par TeaTimer de Spybot-S&D
    Aller avec l'Explorateur Windows jusqu'au dossier:
    %SystemDrive%\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Excludes
    Mettre dans une archive (fichier .zip) s'ils existent les fichiers ProcWhite.sbe, ProcBlack.sbe, RegKeyWhite.sbe et RegKeyBlack.sbe pour les sauvegarder, puis supprimer ces quatre fichiers (conserver l'archive de sauvegarde).
  • Re-lancer TeaTimer de Spybot-S&D.
    Aller avec l'Explorateur Windows jusqu'au dossier d'installation de Spybot-S&D, par défaut %SystemDrive%\Program Files\Spybot - Search & Destroy.
    Faire un double clic sur TeaTimer.exe pour le lancer.
  • Arrêter TeaTimer de Spybot-S&D de façon à enregistrer de nouveaux clichés du Registre.
    Dans la barre système (à coté de l'horloge), faire un clic droit sur l'icône de Résident de Spybot-SD puis choisir Quitter Résident de Spybot-S&D.
    Lors de cette procédure d'arrêt, il y a sauvegarde des clichés du Registre créés par TeaTimer de Spybot-S&D.
  • Re-lancer TeaTimer de Spybot-S&D.
    Aller avec l'Explorateur Windows jusqu'au dossier d'installation de Spybot-S&D, par défaut %SystemDrive%\Program Files\Spybot - Search & Destroy.
    Faire un double clic sur TeaTimer.exe pour le lancer.
  • Réactiver le lancement automatique de TeaTimer.
    Lancer Spybot-S&D, Mode avancé, Outils, Résident, cocher la case située devant TeaTimer. Fermer Spybot-S&D.



Une p'tite remarque:

OTL a annoncé ceci:
Total Files Cleaned = 1,148.00 mb


... ce qui signifie que les fichiers temporaires (inutiles) sont rarement supprimés.

CCleaner le fait très bien ... à condition de l'utiliser (je déconseille le nettoyage du Registre, qui ne sert pas à grand-chose et peut se révéler dangereux).

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Hijacké depuis Novembre 2011 [Résolu]

Messagede ABLATOR » 28 Avr 2012, 21:02

Tout est nickel merci infiniment.

Que l'esprit qui règne sur cette communauté inspire d'autres initiatives de la même veine dans tous les domaines...
ABLATOR
 
Messages: 9
Inscription: 24 Nov 2011, 16:23


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 9 invités