Virus msn facebook
Dernière réponse : dans Sécurité
Bonjour
j'ai également cliqué sur le lien car le message provenait d'une amie donc je n'ai pas émis un instant la possiblité d'un virus (c'est mon premier ...)
j'ai fais la procedure et voici les liens ds deux rapports
http://www.cijoint.fr/cjlink.php?file=cj201003/cijG1lUl...
et
http://www.cijoint.fr/cjlink.php?file=cj201003/cijnkAjS...
http://www.cijoint.fr/cjlink.php?file=cj201003/cijNYzdx...
j'ai également cliqué sur le lien car le message provenait d'une amie donc je n'ai pas émis un instant la possiblité d'un virus (c'est mon premier ...)
j'ai fais la procedure et voici les liens ds deux rapports
http://www.cijoint.fr/cjlink.php?file=cj201003/cijG1lUl...
et
http://www.cijoint.fr/cjlink.php?file=cj201003/cijnkAjS...
http://www.cijoint.fr/cjlink.php?file=cj201003/cijNYzdx...
Autres pages sur : virus msn facebook
Lassé par la pub ? Créez un compte
Bonjour,
Il n'y a pas que le virus MSN.
Télécharge Ad-Remover (de C_XX) sur ton Bureau.
Déconnecte-toi et ferme toutes applications en cours.
Double-clique sur AD-R situé sur ton Bureau pour le lancer.
Choisis Nettoyer puis valide.
Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Il n'y a pas que le virus MSN.
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
voici le rapport
.
======= RAPPORT D'AD-REMOVER 2.0.0.0,A | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 15/03/10 à 17:00
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 11:35:07 le 16/03/2010 | Mode normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\ADR.exe
Système d'exploitation: Microsoft® Windows Vista™ HomePremium
Nom du PC: PC-MAISON | Utilisateur actuel: Bernadette (Administrateur)
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
C:\Program Files\live-player
C:\Program Files\MyWebSearch
C:\Program Files\Search Settings
C:\Program Files\WebMediaPlayer
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\live-player
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer
C:\Users\Bernadette\AppData\Local\absvgrb.dat
C:\Users\Bernadette\AppData\Local\absvgrb_nav.dat
C:\Users\Bernadette\AppData\Local\absvgrb_navps.dat
C:\Users\Bernadette\AppData\Local\cebelpl.bat
C:\Users\Bernadette\AppData\Local\gatmn.bat
C:\Users\Bernadette\AppData\Local\gatmn.exe
C:\Users\Bernadette\AppData\Local\irmni.dat
C:\Users\Bernadette\AppData\Local\irmni_nav.dat
C:\Users\Bernadette\AppData\Local\irmni_navps.dat
C:\Users\Bernadette\AppData\Local\jdznjgsn.bat
C:\Users\Bernadette\AppData\Local\kxcgsqua.bat
C:\Users\Bernadette\AppData\Local\oakkkwo.bat
C:\Users\Bernadette\AppData\Local\qblvgr.bat
C:\Users\Bernadette\AppData\Local\qtciclp.bat
C:\Users\Bernadette\AppData\Local\rdwidor.dat
C:\Users\Bernadette\AppData\Local\rdwidor_nav.dat
C:\Users\Bernadette\AppData\Local\rdwidor_navps.dat
C:\Users\Bernadette\AppData\Local\vwgmvvdm.dat
C:\Users\Bernadette\AppData\Local\vwgmvvdm.exe
C:\Users\Bernadette\AppData\Local\vwgmvvdm_nav.dat
C:\Users\Bernadette\AppData\Local\vwgmvvdm_navps.dat
C:\Users\Bernadette\AppData\LocalLow\FunWebProducts
C:\Users\Bernadette\AppData\LocalLow\MyWebSearch
C:\Users\Bernadette\AppData\LocalLow\Search Settings
C:\Users\Bernadette\AppData\LocalLow\SweetIM
C:\Users\Bernadette\AppData\Roaming\live-player
C:\Users\Public\Desktop\Live-Player.lnk
C:\Windows\Downloaded Program Files\F3initialsetup1.0.1.0.inf
(!) -- Fichiers temporaires supprimés.
.
HKCU\Software\AppDataLow\Software\Fun Web Products
HKCU\Software\AppDataLow\Software\FunWebProducts
HKCU\Software\AppDataLow\Software\MyWebSearch
HKCU\Software\fcn
HKCU\Software\FunWebProducts
HKCU\Software\Lanconfig
HKCU\Software\Live-Player
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A
HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6A87B991-A31F-4130-AE72-6D0C294BF082}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCU\Software\MyWebSearch
HKCU\Software\Search Settings
HKCU\Software\SweetIM
HKCU\Software\WebMediaPlayer
HKLM\Software\Classes\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
HKLM\Software\Classes\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082}
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKLM\Software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKLM\Software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
HKLM\Software\Classes\SearchSettings.BHO
HKLM\Software\Classes\SearchSettings.BHO.1
HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
HKLM\Software\FocusInteractive
HKLM\Software\Fun Web Products
HKLM\Software\FunWebProducts
HKLM\Software\Live-Player
HKLM\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vwgmvvdm
HKLM\Software\MyWebSearch
HKLM\Software\Search Settings
HKLM\Software\SweetIM
HKLM\Software\WebMediaPlayer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|vwgmvvdm
HKLM\Software\Microsoft\Internet Explorer\Toolbar|{66886C4D-B307-4ECA-A228-52CA9B9851A4}
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\kb125\SearchSettings.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\SearchSettings.exe
.
============== SCAN ADDITIONNEL ==============
.
.
* Internet Explorer Version 7.0.6000.16982 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\Windows\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 0
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
============== SUSPECT(S) ==============
.
C:\Users\Bernadette\AppData\Roaming\latelierdeschefs\Atelier des Chefs\modules\nosibox\id21a2d915f7bf4f20b493ced59dddd267\bspatch.exe
C:\Users\Bernadette\AppData\Roaming\latelierdeschefs\Atelier des Chefs\modules\nosibox\id21a2d915f7bf4f20b493ced59dddd267\patch.exe
C:\Users\Bernadette\AppData\Roaming\uTorrent\Advanced MP3 WMA Recorder 6.5 + Keygen.rar.torrent
C:\Users\Bernadette\AppData\Roaming\uTorrent\Aromatherapy. Patchouli.torrent
C:\Users\Bernadette\AppData\Roaming\uTorrent\Office 2008 for Mac [fr.]+ serial.1.torrent
C:\Users\Bernadette\AppData\Roaming\uTorrent\Office 2008 for Mac [fr.]+ serial.torrent
C:\Users\Bernadette\AppData\Roaming\uTorrent\Serial.noceurs.French.DVDRiP.DivX.FTT.avi.torrent
.
========================================
.
C:\Users\BERNAD~1\AppData\Local\Temp: 0 Fichier(s), 12 Dossier(s)
C:\Windows\temp: 3 Fichier(s), 6 Dossier(s)
C:\Users\Bernadette\AppData\Roaming\Microsoft\Windows\Cookies: 2 Fichier(s), 0 Dossier(s)
Temporary Internet Files: 2 Fichier(s), 99 Dossier(s)
.
C:\Ad-Remover\Quarantine: 122 Fichier(s)
C:\Ad-Remover\Backup: 15 Fichier(s)
.
C:\Ad-Report-CLEAN[1].txt - 8710 Octet(s)
.
Fin à: 11:42:59, 16/03/2010
.
============== E.O.F - CLEAN[1] ==============
.
======= RAPPORT D'AD-REMOVER 2.0.0.0,A | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 15/03/10 à 17:00
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 11:35:07 le 16/03/2010 | Mode normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\ADR.exe
Système d'exploitation: Microsoft® Windows Vista™ HomePremium
Nom du PC: PC-MAISON | Utilisateur actuel: Bernadette (Administrateur)
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
C:\Program Files\live-player
C:\Program Files\MyWebSearch
C:\Program Files\Search Settings
C:\Program Files\WebMediaPlayer
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\live-player
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer
C:\Users\Bernadette\AppData\Local\absvgrb.dat
C:\Users\Bernadette\AppData\Local\absvgrb_nav.dat
C:\Users\Bernadette\AppData\Local\absvgrb_navps.dat
C:\Users\Bernadette\AppData\Local\cebelpl.bat
C:\Users\Bernadette\AppData\Local\gatmn.bat
C:\Users\Bernadette\AppData\Local\gatmn.exe
C:\Users\Bernadette\AppData\Local\irmni.dat
C:\Users\Bernadette\AppData\Local\irmni_nav.dat
C:\Users\Bernadette\AppData\Local\irmni_navps.dat
C:\Users\Bernadette\AppData\Local\jdznjgsn.bat
C:\Users\Bernadette\AppData\Local\kxcgsqua.bat
C:\Users\Bernadette\AppData\Local\oakkkwo.bat
C:\Users\Bernadette\AppData\Local\qblvgr.bat
C:\Users\Bernadette\AppData\Local\qtciclp.bat
C:\Users\Bernadette\AppData\Local\rdwidor.dat
C:\Users\Bernadette\AppData\Local\rdwidor_nav.dat
C:\Users\Bernadette\AppData\Local\rdwidor_navps.dat
C:\Users\Bernadette\AppData\Local\vwgmvvdm.dat
C:\Users\Bernadette\AppData\Local\vwgmvvdm.exe
C:\Users\Bernadette\AppData\Local\vwgmvvdm_nav.dat
C:\Users\Bernadette\AppData\Local\vwgmvvdm_navps.dat
C:\Users\Bernadette\AppData\LocalLow\FunWebProducts
C:\Users\Bernadette\AppData\LocalLow\MyWebSearch
C:\Users\Bernadette\AppData\LocalLow\Search Settings
C:\Users\Bernadette\AppData\LocalLow\SweetIM
C:\Users\Bernadette\AppData\Roaming\live-player
C:\Users\Public\Desktop\Live-Player.lnk
C:\Windows\Downloaded Program Files\F3initialsetup1.0.1.0.inf
(!) -- Fichiers temporaires supprimés.
.
HKCU\Software\AppDataLow\Software\Fun Web Products
HKCU\Software\AppDataLow\Software\FunWebProducts
HKCU\Software\AppDataLow\Software\MyWebSearch
HKCU\Software\fcn
HKCU\Software\FunWebProducts
HKCU\Software\Lanconfig
HKCU\Software\Live-Player
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A
HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6A87B991-A31F-4130-AE72-6D0C294BF082}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCU\Software\MyWebSearch
HKCU\Software\Search Settings
HKCU\Software\SweetIM
HKCU\Software\WebMediaPlayer
HKLM\Software\Classes\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
HKLM\Software\Classes\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082}
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKLM\Software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKLM\Software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
HKLM\Software\Classes\SearchSettings.BHO
HKLM\Software\Classes\SearchSettings.BHO.1
HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
HKLM\Software\FocusInteractive
HKLM\Software\Fun Web Products
HKLM\Software\FunWebProducts
HKLM\Software\Live-Player
HKLM\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vwgmvvdm
HKLM\Software\MyWebSearch
HKLM\Software\Search Settings
HKLM\Software\SweetIM
HKLM\Software\WebMediaPlayer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|vwgmvvdm
HKLM\Software\Microsoft\Internet Explorer\Toolbar|{66886C4D-B307-4ECA-A228-52CA9B9851A4}
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\kb125\SearchSettings.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\SearchSettings.exe
.
============== SCAN ADDITIONNEL ==============
.
.
* Internet Explorer Version 7.0.6000.16982 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\Windows\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 0
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
============== SUSPECT(S) ==============
.
C:\Users\Bernadette\AppData\Roaming\latelierdeschefs\Atelier des Chefs\modules\nosibox\id21a2d915f7bf4f20b493ced59dddd267\bspatch.exe
C:\Users\Bernadette\AppData\Roaming\latelierdeschefs\Atelier des Chefs\modules\nosibox\id21a2d915f7bf4f20b493ced59dddd267\patch.exe
C:\Users\Bernadette\AppData\Roaming\uTorrent\Advanced MP3 WMA Recorder 6.5 + Keygen.rar.torrent
C:\Users\Bernadette\AppData\Roaming\uTorrent\Aromatherapy. Patchouli.torrent
C:\Users\Bernadette\AppData\Roaming\uTorrent\Office 2008 for Mac [fr.]+ serial.1.torrent
C:\Users\Bernadette\AppData\Roaming\uTorrent\Office 2008 for Mac [fr.]+ serial.torrent
C:\Users\Bernadette\AppData\Roaming\uTorrent\Serial.noceurs.French.DVDRiP.DivX.FTT.avi.torrent
.
========================================
.
C:\Users\BERNAD~1\AppData\Local\Temp: 0 Fichier(s), 12 Dossier(s)
C:\Windows\temp: 3 Fichier(s), 6 Dossier(s)
C:\Users\Bernadette\AppData\Roaming\Microsoft\Windows\Cookies: 2 Fichier(s), 0 Dossier(s)
Temporary Internet Files: 2 Fichier(s), 99 Dossier(s)
.
C:\Ad-Remover\Quarantine: 122 Fichier(s)
C:\Ad-Remover\Backup: 15 Fichier(s)
.
C:\Ad-Report-CLEAN[1].txt - 8710 Octet(s)
.
Fin à: 11:42:59, 16/03/2010
.
============== E.O.F - CLEAN[1] ==============
Bien.
Relance Ad-Remover et choisis Désinstaller.
Télécharge UsbFix (par El Desaparecido & C_XX) sur ton Bureau.
Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
Double-clique sur UsbFix pour l'exécuter.
Choisis l'option 1 (Recherche).
Laisse travailler l'outil.
Poste le rapport UsbFix.txt.
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Kaspersky, etc.) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Kaspersky, etc.) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
bonsoir
voici le rapport usbfix
############################## | UsbFix V6.099 |
User : Bernadette (Administrateurs) # PC-MAISON
Update on 11/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 19:45:56 | 16/03/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6000 32-bit) #
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Enabled
C:\ -> Disque fixe local # 113,7 Go (41,84 Go free) [ACER] # NTFS
D:\ -> Disque fixe local # 113,34 Go (58,86 Go free) [DATA] # NTFS
E:\ -> Disque CD-ROM
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
################## | Elements infectieux |
C:\Users\Bernadette\GoToAssistDownloadHelper.exe
C:\Windows\MsnMgr.exe
C:\a.txt
C:\Windows\msnmgr.exe
################## | Registre |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "sysconfig32"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Winsock2 driver"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{1d71e913-d879-11dc-beae-0019216a3701}
shell\AutoRun\command =K:\EasyCN.exe
HKCU\..\..\Explorer\MountPoints2\{27479d59-3c60-11de-a430-0019216a3701}
shell\AutoRun\command =K:\InstallTomTomHOME.exe
HKCU\..\..\Explorer\MountPoints2\{55d5bab3-cca8-11dc-a9f9-0019216a3701}
shell\AutoRun\command =mira.exe
HKCU\..\..\Explorer\MountPoints2\{8839c9fd-bb1b-11de-abe3-0019216a3701}
shell\AutoRun\command =mira.exe
HKCU\..\..\Explorer\MountPoints2\{c9692052-d614-11dc-b545-0019216a3701}
shell\AutoRun\command =J:\EasyCN.exe
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné !
################## | ! Fin du rapport # UsbFix V6.099 ! |
voici le rapport usbfix
############################## | UsbFix V6.099 |
User : Bernadette (Administrateurs) # PC-MAISON
Update on 11/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 19:45:56 | 16/03/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6000 32-bit) #
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Enabled
C:\ -> Disque fixe local # 113,7 Go (41,84 Go free) [ACER] # NTFS
D:\ -> Disque fixe local # 113,34 Go (58,86 Go free) [DATA] # NTFS
E:\ -> Disque CD-ROM
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
################## | Elements infectieux |
C:\Users\Bernadette\GoToAssistDownloadHelper.exe
C:\Windows\MsnMgr.exe
C:\a.txt
C:\Windows\msnmgr.exe
################## | Registre |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "sysconfig32"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Winsock2 driver"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{1d71e913-d879-11dc-beae-0019216a3701}
shell\AutoRun\command =K:\EasyCN.exe
HKCU\..\..\Explorer\MountPoints2\{27479d59-3c60-11de-a430-0019216a3701}
shell\AutoRun\command =K:\InstallTomTomHOME.exe
HKCU\..\..\Explorer\MountPoints2\{55d5bab3-cca8-11dc-a9f9-0019216a3701}
shell\AutoRun\command =mira.exe
HKCU\..\..\Explorer\MountPoints2\{8839c9fd-bb1b-11de-abe3-0019216a3701}
shell\AutoRun\command =mira.exe
HKCU\..\..\Explorer\MountPoints2\{c9692052-d614-11dc-b545-0019216a3701}
shell\AutoRun\command =J:\EasyCN.exe
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné !
################## | ! Fin du rapport # UsbFix V6.099 ! |
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
bonjour
voici le rapport suite à l'option 2 suppression
############################## | UsbFix V6.099 |
User : Bernadette (Administrateurs) # PC-MAISON
Update on 11/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 11:04:39 | 17/03/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6000 32-bit) #
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
C:\ -> Disque fixe local # 113,7 Go (42,79 Go free) [ACER] # NTFS
D:\ -> Disque fixe local # 113,34 Go (58,83 Go free) [DATA] # NTFS
E:\ -> Disque CD-ROM
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
Z:\ -> Connexion réseau
################## | Elements infectieux |
Supprimé ! C:\Users\Bernadette\GoToAssistDownloadHelper.exe
Supprimé ! C:\Windows\MsnMgr.exe
Supprimé ! C:\Windows\System32\avrugad.exe
Supprimé ! C:\a.txt
Supprimé ! C:\$Recycle.Bin\S-1-5-20
Supprimé ! C:\$Recycle.Bin\S-1-5-21-968316516-2280063185-736783771-1000
Supprimé ! D:\$Recycle.Bin\S-1-5-20
Supprimé ! D:\$Recycle.Bin\S-1-5-21-968316516-2280063185-736783771-1000
################## | Registre |
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "sysconfig32"
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Winsock2 driver"
Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
################## | Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{1d71e913-d879-11dc-beae-0019216a3701}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{27479d59-3c60-11de-a430-0019216a3701}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{55d5bab3-cca8-11dc-a9f9-0019216a3701}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{8839c9fd-bb1b-11de-abe3-0019216a3701}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{c9692052-d614-11dc-b545-0019216a3701}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[02/10/2007 18:05|--a------|3958] C:\-20071002.log
[18/09/2006 22:43|--a------|24] C:\autoexec.bat
[02/11/2006 10:53|-rahs----|438840] C:\bootmgr
[07/01/2006 02:20|-ra-s----|8192] C:\BOOTSECT.BAK
[18/09/2006 22:43|--a------|10] C:\config.sys
[03/02/2008 15:50|--a------|0] C:\debugSTD.txt
[28/02/2008 19:31|--a------|20097] C:\DeviceLink.log
[08/08/2007 14:56|--a------|0] C:\driver.log
[07/11/2007 08:00|--a------|17734] C:\eula.1028.txt
[07/11/2007 08:00|--a------|17734] C:\eula.1031.txt
[07/11/2007 08:00|--a------|10134] C:\eula.1033.txt
[07/11/2007 08:00|--a------|17734] C:\eula.1036.txt
[07/11/2007 08:00|--a------|17734] C:\eula.1040.txt
[07/11/2007 08:00|--a------|118] C:\eula.1041.txt
[07/11/2007 08:00|--a------|17734] C:\eula.1042.txt
[07/11/2007 08:00|--a------|17734] C:\eula.2052.txt
[07/11/2007 08:00|--a------|17734] C:\eula.3082.txt
[26/08/2008 19:27|--a------|2127] C:\ExtractLog.txt
[07/11/2007 08:00|--a------|1110] C:\globdata.ini
[07/11/2007 08:03|--a------|562688] C:\install.exe
[07/11/2007 08:00|--a------|843] C:\install.ini
[07/11/2007 08:03|--a------|76304] C:\install.res.1028.dll
[07/11/2007 08:03|--a------|96272] C:\install.res.1031.dll
[07/11/2007 08:03|--a------|91152] C:\install.res.1033.dll
[07/11/2007 08:03|--a------|97296] C:\install.res.1036.dll
[07/11/2007 08:03|--a------|95248] C:\install.res.1040.dll
[07/11/2007 08:03|--a------|81424] C:\install.res.1041.dll
[07/11/2007 08:03|--a------|79888] C:\install.res.1042.dll
[07/11/2007 08:03|--a------|75792] C:\install.res.2052.dll
[07/11/2007 08:03|--a------|96272] C:\install.res.3082.dll
[11/02/2008 21:15|-rahs----|0] C:\IO.SYS
[11/02/2008 21:15|-rahs----|0] C:\MSDOS.SYS
[?|?|?] C:\pagefile.sys
[10/04/2008 20:53|--a------|13030] C:\PDOXUSRS.NET
[02/06/2007 15:16|--a------|72] C:\PLarousse2007
[06/01/2006 18:38|--a------|351] C:\RHDSetup.log
[06/01/2006 18:55|--a------|178] C:\setup.log
[06/01/2006 18:59|--a------|0] C:\Trace.log
[17/03/2010 11:18|--a------|4147] C:\UsbFix.txt
[07/11/2007 08:00|--a------|5686] C:\vcredist.bmp
[07/11/2007 08:09|--a------|1442522] C:\VC_RED.cab
[07/11/2007 08:12|--a------|232960] C:\VC_RED.MSI
[20/10/2008 09:18|---hs----|2836] D:\AlbumArtSmall.jpg
[20/10/2008 09:18|---hs----|12058] D:\Folder.jpg
[27/07/2007 07:04|-ra------|528] D:\MediaID.bin
[08/12/2007 16:51|--a------|445] D:\Xtra_Lespeed.txt
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
################## | Upload |
Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_PC-Maison.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Merci pour votre contribution .
################## | ! Fin du rapport # UsbFix V6.099 ! |
voici le rapport suite à l'option 2 suppression
############################## | UsbFix V6.099 |
User : Bernadette (Administrateurs) # PC-MAISON
Update on 11/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 11:04:39 | 17/03/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6000 32-bit) #
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
C:\ -> Disque fixe local # 113,7 Go (42,79 Go free) [ACER] # NTFS
D:\ -> Disque fixe local # 113,34 Go (58,83 Go free) [DATA] # NTFS
E:\ -> Disque CD-ROM
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
Z:\ -> Connexion réseau
################## | Elements infectieux |
Supprimé ! C:\Users\Bernadette\GoToAssistDownloadHelper.exe
Supprimé ! C:\Windows\MsnMgr.exe
Supprimé ! C:\Windows\System32\avrugad.exe
Supprimé ! C:\a.txt
Supprimé ! C:\$Recycle.Bin\S-1-5-20
Supprimé ! C:\$Recycle.Bin\S-1-5-21-968316516-2280063185-736783771-1000
Supprimé ! D:\$Recycle.Bin\S-1-5-20
Supprimé ! D:\$Recycle.Bin\S-1-5-21-968316516-2280063185-736783771-1000
################## | Registre |
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "sysconfig32"
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Winsock2 driver"
Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
################## | Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{1d71e913-d879-11dc-beae-0019216a3701}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{27479d59-3c60-11de-a430-0019216a3701}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{55d5bab3-cca8-11dc-a9f9-0019216a3701}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{8839c9fd-bb1b-11de-abe3-0019216a3701}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{c9692052-d614-11dc-b545-0019216a3701}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[02/10/2007 18:05|--a------|3958] C:\-20071002.log
[18/09/2006 22:43|--a------|24] C:\autoexec.bat
[02/11/2006 10:53|-rahs----|438840] C:\bootmgr
[07/01/2006 02:20|-ra-s----|8192] C:\BOOTSECT.BAK
[18/09/2006 22:43|--a------|10] C:\config.sys
[03/02/2008 15:50|--a------|0] C:\debugSTD.txt
[28/02/2008 19:31|--a------|20097] C:\DeviceLink.log
[08/08/2007 14:56|--a------|0] C:\driver.log
[07/11/2007 08:00|--a------|17734] C:\eula.1028.txt
[07/11/2007 08:00|--a------|17734] C:\eula.1031.txt
[07/11/2007 08:00|--a------|10134] C:\eula.1033.txt
[07/11/2007 08:00|--a------|17734] C:\eula.1036.txt
[07/11/2007 08:00|--a------|17734] C:\eula.1040.txt
[07/11/2007 08:00|--a------|118] C:\eula.1041.txt
[07/11/2007 08:00|--a------|17734] C:\eula.1042.txt
[07/11/2007 08:00|--a------|17734] C:\eula.2052.txt
[07/11/2007 08:00|--a------|17734] C:\eula.3082.txt
[26/08/2008 19:27|--a------|2127] C:\ExtractLog.txt
[07/11/2007 08:00|--a------|1110] C:\globdata.ini
[07/11/2007 08:03|--a------|562688] C:\install.exe
[07/11/2007 08:00|--a------|843] C:\install.ini
[07/11/2007 08:03|--a------|76304] C:\install.res.1028.dll
[07/11/2007 08:03|--a------|96272] C:\install.res.1031.dll
[07/11/2007 08:03|--a------|91152] C:\install.res.1033.dll
[07/11/2007 08:03|--a------|97296] C:\install.res.1036.dll
[07/11/2007 08:03|--a------|95248] C:\install.res.1040.dll
[07/11/2007 08:03|--a------|81424] C:\install.res.1041.dll
[07/11/2007 08:03|--a------|79888] C:\install.res.1042.dll
[07/11/2007 08:03|--a------|75792] C:\install.res.2052.dll
[07/11/2007 08:03|--a------|96272] C:\install.res.3082.dll
[11/02/2008 21:15|-rahs----|0] C:\IO.SYS
[11/02/2008 21:15|-rahs----|0] C:\MSDOS.SYS
[?|?|?] C:\pagefile.sys
[10/04/2008 20:53|--a------|13030] C:\PDOXUSRS.NET
[02/06/2007 15:16|--a------|72] C:\PLarousse2007
[06/01/2006 18:38|--a------|351] C:\RHDSetup.log
[06/01/2006 18:55|--a------|178] C:\setup.log
[06/01/2006 18:59|--a------|0] C:\Trace.log
[17/03/2010 11:18|--a------|4147] C:\UsbFix.txt
[07/11/2007 08:00|--a------|5686] C:\vcredist.bmp
[07/11/2007 08:09|--a------|1442522] C:\VC_RED.cab
[07/11/2007 08:12|--a------|232960] C:\VC_RED.MSI
[20/10/2008 09:18|---hs----|2836] D:\AlbumArtSmall.jpg
[20/10/2008 09:18|---hs----|12058] D:\Folder.jpg
[27/07/2007 07:04|-ra------|528] D:\MediaID.bin
[08/12/2007 16:51|--a------|445] D:\Xtra_Lespeed.txt
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
################## | Upload |
Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_PC-Maison.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Merci pour votre contribution .
################## | ! Fin du rapport # UsbFix V6.099 ! |
Citation :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
Bonjour
Voici le rapport suite à malwarebytes
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3879
Windows 6.0.6000
Internet Explorer 8.0.6001.18882
18/03/2010 13:45:33
mbam-log-2010-03-18 (13-45-33).txt
Type de recherche: Examen rapide
Eléments examinés: 115286
Temps écoulé: 5 minute(s), 56 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5792aa9-d373-4039-8670-2cdab6a71f15} (Trojan.Swizzor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d5792aa9-d373-4039-8670-2cdab6a71f15} (Trojan.Swizzor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Local AppWizard-Generated Applications\AlertSpy (Rogue.AlertSpy) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mandel Enterprises (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WebMediaPlayer.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a98d0065-7326-41b5-b8d9-c5b692cdb82f} (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Users\Bernadette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AlertSpy (Rogue.AlertSpy) -> Quarantined and deleted successfully.
C:\Windows\System32\kazaabackupfiles (Worm.Archive) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\$RECYCLE.BIN\S-1-5-21-968316516-2280063185-736783771-1000\$RCG0I3F\msnmgr.exe.UsbFix (Worm.Bot) -> Quarantined and deleted successfully.
C:\Windows\system32\Drivers\heqqjfqd.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\sysconfig32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Bernadette\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Bernadette\AppData\Roaming\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.
Voici le rapport suite à malwarebytes
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3879
Windows 6.0.6000
Internet Explorer 8.0.6001.18882
18/03/2010 13:45:33
mbam-log-2010-03-18 (13-45-33).txt
Type de recherche: Examen rapide
Eléments examinés: 115286
Temps écoulé: 5 minute(s), 56 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5792aa9-d373-4039-8670-2cdab6a71f15} (Trojan.Swizzor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d5792aa9-d373-4039-8670-2cdab6a71f15} (Trojan.Swizzor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Local AppWizard-Generated Applications\AlertSpy (Rogue.AlertSpy) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mandel Enterprises (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WebMediaPlayer.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a98d0065-7326-41b5-b8d9-c5b692cdb82f} (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Users\Bernadette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AlertSpy (Rogue.AlertSpy) -> Quarantined and deleted successfully.
C:\Windows\System32\kazaabackupfiles (Worm.Archive) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\$RECYCLE.BIN\S-1-5-21-968316516-2280063185-736783771-1000\$RCG0I3F\msnmgr.exe.UsbFix (Worm.Bot) -> Quarantined and deleted successfully.
C:\Windows\system32\Drivers\heqqjfqd.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\sysconfig32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Bernadette\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Bernadette\AppData\Roaming\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.
Re bonjour
alors oui le pc semble aller mieux, sauf peut etre, cela : cela fait deux fois qu'au redemarrage de l'ordinateur j'arrive sur "redemarrer windows normalemnt" ou "faire un scan ??"
voici le rapport OTL
OTL logfile created on: 18/03/2010 16:45:11 - Run 2
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Users\Bernadette\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113,70 Gb Total Space | 42,24 Gb Free Space | 37,16% Space Free | Partition Type: NTFS
Drive D: | 113,34 Gb Total Space | 58,86 Gb Free Space | 51,93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC-MAISON
Current User Name: Bernadette
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\Bernadette\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe (Microsoft Corp.)
PRC - C:\ProgramData\MSN Pictures Displayer\MSN Pictures Displayer.exe ()
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Users\Bernadette\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (RoxLiveShare9) -- File not found
SRV - (CLTNetCnService) -- File not found
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (Boonty Games) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (AFS) -- C:\Windows\System32\drivers\AFS.SYS (Oak Technology Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AVR309Prj) -- C:\Windows\System32\drivers\AVR309.sys (author Ing. Igor Cesko and Atmel corporation)
DRV - (PSDNServ) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST)
DRV - (psdvdisk) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (Silicon Integrated Systems Corp.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (PCAMp50) -- C:\Windows\System32\drivers\PCAMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PCASp50) -- C:\Windows\System32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (usbaudio) Pilote USB audio (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (WSVD) -- C:\Windows\System32\drivers\WSVD.sys (Wasay)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys ()
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/16 18:20:53 | 000,000,000 | ---D | M]
[2009/12/02 14:58:47 | 000,000,000 | ---D | M] -- C:\Users\Bernadette\AppData\Roaming\mozilla\Extensions
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (barre d'outils Orange) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange Toolbar FR\ToolbarContainer255.dll (Copernic Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (barre d'outils Orange) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange Toolbar FR\ToolbarContainer255.dll (Copernic Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [捁牥吠畯r] File not found
O4 - Startup: C:\Users\Bernadette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Atelier des Chefs.lnk = C:\Users\Bernadette\AppData\Roaming\latelierdeschefs\Atelier des Chefs\LAtelier des Chefs.exe (L'atelier des Chefs)
O4 - Startup: C:\Users\Bernadette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSN Pictures Displayer.lnk = C:\ProgramData\MSN Pictures Displayer\MSN Pictures Displayer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE File not found
O9 - Extra 'Tools' menuitem : Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE File not found
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bernadette\Documents\Création Bien Etre\image pour logo\galets_japon.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bernadette\Documents\Création Bien Etre\image pour logo\galets_japon.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/03/17 11:18:12 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/03/17 11:18:12 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/03/18 13:49:39 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/03/18 13:38:01 | 000,000,000 | ---D | C] -- C:\Users\Bernadette\AppData\Roaming\Malwarebytes
[2010/03/18 13:37:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/18 13:37:54 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/18 13:37:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/18 13:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/18 13:37:02 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Bernadette\Desktop\mbam-setup.exe
[2010/03/17 11:18:12 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/03/17 09:17:42 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/17 09:17:41 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/03/17 09:17:41 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/17 09:17:41 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/17 09:17:41 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/03/17 09:17:41 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/03/17 09:17:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/03/17 09:17:41 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/03/17 09:17:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/17 09:17:40 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/03/17 09:17:40 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/03/17 09:17:40 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/03/17 09:17:40 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/17 09:17:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/17 09:16:27 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/03/16 19:44:46 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010/03/16 16:27:31 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2010/03/16 16:19:11 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/03/16 16:19:11 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/03/16 16:19:10 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/03/16 16:19:10 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/03/16 16:19:10 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010/03/16 16:19:09 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/03/16 16:19:09 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/03/16 16:19:09 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/03/16 16:19:09 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/03/16 16:19:09 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/03/16 16:19:09 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/03/16 16:19:08 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/16 16:19:08 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010/03/16 16:19:08 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/03/16 16:19:08 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/03/16 16:19:08 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/03/16 16:19:07 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/03/16 16:19:07 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/03/16 16:19:07 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/03/16 16:19:07 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/03/16 16:19:05 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/03/16 16:19:05 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/03/16 16:19:05 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/03/16 16:19:04 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010/03/16 16:19:04 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/03/16 16:19:04 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/03/16 11:35:07 | 000,000,000 | ---D | C] -- C:\Ad-Remover
[2010/03/16 11:34:35 | 001,321,896 | ---- | C] (C_XX) -- C:\Users\Bernadette\Desktop\AD-R.exe
[2010/03/15 15:14:19 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Users\Bernadette\Desktop\OTL.exe
[2010/03/13 14:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\AxBx
[2010/03/13 11:16:37 | 000,000,000 | ---D | C] -- C:\Users\Bernadette\DoctorWeb
[2010/03/13 03:13:48 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/03/11 03:01:59 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/11 03:01:55 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/03/01 15:55:39 | 000,000,000 | ---D | C] -- C:\Users\Bernadette\Documents\Mes numérisations
[2010/02/24 04:14:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/24 04:13:26 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/24 04:13:26 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/24 04:13:26 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/24 04:13:26 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/24 04:13:26 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/24 04:13:26 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/24 04:13:26 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/24 04:13:26 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/24 04:13:26 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/18 18:01:11 | 003,467,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/18 18:01:09 | 003,502,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2006/01/06 19:05:19 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/03/18 16:47:36 | 007,077,888 | -HS- | M] () -- C:\Users\Bernadette\ntuser.dat
[2010/03/18 16:47:12 | 000,802,304 | ---- | M] () -- C:\Windows\System32\drivers\heqqjfqd.sys
[2010/03/18 16:00:01 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\Maintenance en 1 clic.job
[2010/03/18 15:56:30 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/18 15:56:30 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/18 13:56:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/18 13:56:22 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2010/03/18 13:55:32 | 128,338,348 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/18 13:48:41 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/03/18 13:48:13 | 003,088,406 | -H-- | M] () -- C:\Users\Bernadette\AppData\Local\IconCache.db
[2010/03/18 13:47:58 | 000,013,258 | ---- | M] () -- C:\Users\Bernadette\Documents\attestation.docx
[2010/03/18 13:37:59 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/18 13:37:27 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Bernadette\Desktop\mbam-setup.exe
[2010/03/18 13:18:50 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1D6016B5-EE64-4CCD-BBC6-AAC899F8FE06}.job
[2010/03/16 14:22:31 | 000,143,360 | ---- | M] () -- C:\Users\Bernadette\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/16 14:13:23 | 000,069,016 | ---- | M] () -- C:\Users\Bernadette\Documents\eau diamant.docx
[2010/03/16 14:11:58 | 000,137,005 | ---- | M] () -- C:\Users\Bernadette\Documents\Eau Diamant - Message sur l'Eau Diamant.mht
[2010/03/16 11:34:35 | 001,321,896 | ---- | M] (C_XX) -- C:\Users\Bernadette\Desktop\AD-R.exe
[2010/03/15 15:14:20 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Users\Bernadette\Desktop\OTL.exe
[2010/03/11 12:04:08 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/03/06 17:44:36 | 000,032,933 | ---- | M] () -- C:\Users\Bernadette\Documents\affiramtion fleurs du bush.docx
[2010/03/04 18:21:13 | 000,757,226 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/03/04 18:21:12 | 001,690,840 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/04 18:21:12 | 000,667,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/04 18:21:12 | 000,145,534 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/03/04 18:21:12 | 000,125,782 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/26 16:39:43 | 002,755,186 | ---- | M] () -- C:\Users\Bernadette\Documents\Offre_de_credit_EMPRUNTEUR_LOCATAIRE_01.tif
[2010/02/26 14:22:34 | 001,579,476 | ---- | M] () -- C:\Users\Bernadette\Documents\facture_du_20100204[1]_01.tif
[2010/02/26 14:06:06 | 000,122,368 | ---- | M] () -- C:\Users\Bernadette\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/25 15:21:10 | 000,013,300 | ---- | M] () -- C:\Users\Bernadette\Documents\etiquette site web.docx
[2010/02/25 15:21:10 | 000,000,162 | -H-- | M] () -- C:\Users\Bernadette\Documents\~$iquette site web.docx
[2010/02/25 03:20:07 | 000,418,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/24 09:50:00 | 000,435,830 | ---- | M] () -- C:\Users\Bernadette\Documents\RIB paru vendu.jpg
[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/21 00:54:40 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/02/21 00:51:43 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/03/18 13:37:59 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/18 12:06:04 | 000,013,258 | ---- | C] () -- C:\Users\Bernadette\Documents\attestation.docx
[2010/03/17 09:17:40 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/03/16 14:13:22 | 000,069,016 | ---- | C] () -- C:\Users\Bernadette\Documents\eau diamant.docx
[2010/03/16 14:11:57 | 000,137,005 | ---- | C] () -- C:\Users\Bernadette\Documents\Eau Diamant - Message sur l'Eau Diamant.mht
[2010/03/06 17:44:35 | 000,032,933 | ---- | C] () -- C:\Users\Bernadette\Documents\affiramtion fleurs du bush.docx
[2010/02/26 16:39:42 | 002,755,186 | ---- | C] () -- C:\Users\Bernadette\Documents\Offre_de_credit_EMPRUNTEUR_LOCATAIRE_01.tif
[2010/02/26 14:22:32 | 001,579,476 | ---- | C] () -- C:\Users\Bernadette\Documents\facture_du_20100204[1]_01.tif
[2010/02/25 15:21:10 | 000,000,162 | -H-- | C] () -- C:\Users\Bernadette\Documents\~$iquette site web.docx
[2010/02/25 15:21:09 | 000,013,300 | ---- | C] () -- C:\Users\Bernadette\Documents\etiquette site web.docx
[2010/02/24 09:50:00 | 000,435,830 | ---- | C] () -- C:\Users\Bernadette\Documents\RIB paru vendu.jpg
[2009/12/17 17:47:15 | 000,802,304 | ---- | C] () -- C:\Windows\System32\drivers\heqqjfqd.sys
[2009/12/14 12:51:26 | 000,018,605 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/08/03 16:45:14 | 000,000,057 | ---- | C] () -- C:\Windows\yesmessenger.ini
[2009/02/22 12:13:05 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008/08/22 09:10:20 | 000,000,784 | ---- | C] () -- C:\Windows\wininit.ini
[2008/08/18 18:59:30 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/07/31 09:10:15 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI
[2008/07/10 10:00:54 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/05/15 08:43:01 | 000,000,680 | ---- | C] () -- C:\Users\Bernadette\AppData\Local\d3d9caps.dat
[2008/02/14 20:05:21 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll
[2008/02/11 21:15:57 | 000,000,586 | ---- | C] () -- C:\Windows\FNTNSTLR.INI
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2008/02/03 08:34:41 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008/01/11 20:33:51 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\9265F3658C.sys
[2008/01/11 20:24:02 | 000,002,516 | ---- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/01/09 19:48:04 | 000,475,136 | ---- | C] () -- C:\Windows\System32\SAGEPERS.DLL
[2007/12/26 22:28:24 | 000,000,675 | ---- | C] () -- C:\Users\Bernadette\AppData\Roaming\waver_2.95.dat
[2007/09/30 15:24:54 | 000,446,976 | ---- | C] () -- C:\Windows\System32\ShellMPD.dll
[2007/09/16 10:11:38 | 000,003,192 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007/08/22 09:17:28 | 000,000,098 | ---- | C] () -- C:\Users\Bernadette\AppData\Local\fusioncache.dat
[2007/08/04 17:45:22 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/06/03 08:26:58 | 000,000,000 | ---- | C] () -- C:\Users\Bernadette\AppData\Local\rx_image.Cache
[2007/05/31 08:40:40 | 000,685,816 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2007/04/29 13:52:44 | 000,143,360 | ---- | C] () -- C:\Users\Bernadette\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/29 10:31:01 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2007/04/29 10:31:01 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2007/02/22 02:00:28 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/02/06 22:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/02/06 22:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/02/06 22:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/02/06 22:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/02/06 22:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/02/06 22:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2007/02/06 01:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/12/25 14:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 20:54:30 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006/11/01 20:52:38 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2006/01/07 03:30:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2006/01/07 02:19:59 | 000,000,985 | ---- | C] () -- C:\Windows\generic.ini
[2006/01/07 02:19:59 | 000,000,095 | ---- | C] () -- C:\Windows\Alaunch.ini
[2006/01/06 19:05:22 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2006/01/06 18:54:39 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys
[2005/07/15 19:35:56 | 000,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005/07/15 19:35:56 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2005/07/15 19:35:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2004/01/22 17:06:32 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2003/11/18 00:37:20 | 000,072,192 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2002/03/06 22:19:16 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[2001/01/12 10:52:26 | 000,094,208 | ---- | C] () -- C:\Windows\System32\vbpng.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 48 bytes -> C:\Windows:C1B395FF4567C6F2
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:228EA9DE
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:57F9582D
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP![:D]( ":D")
FC5A2B2
< End of report >
alors oui le pc semble aller mieux, sauf peut etre, cela : cela fait deux fois qu'au redemarrage de l'ordinateur j'arrive sur "redemarrer windows normalemnt" ou "faire un scan ??"
voici le rapport OTL
OTL logfile created on: 18/03/2010 16:45:11 - Run 2
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Users\Bernadette\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113,70 Gb Total Space | 42,24 Gb Free Space | 37,16% Space Free | Partition Type: NTFS
Drive D: | 113,34 Gb Total Space | 58,86 Gb Free Space | 51,93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC-MAISON
Current User Name: Bernadette
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\Bernadette\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe (Microsoft Corp.)
PRC - C:\ProgramData\MSN Pictures Displayer\MSN Pictures Displayer.exe ()
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Users\Bernadette\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (RoxLiveShare9) -- File not found
SRV - (CLTNetCnService) -- File not found
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (Boonty Games) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (AFS) -- C:\Windows\System32\drivers\AFS.SYS (Oak Technology Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AVR309Prj) -- C:\Windows\System32\drivers\AVR309.sys (author Ing. Igor Cesko and Atmel corporation)
DRV - (PSDNServ) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST)
DRV - (psdvdisk) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (Silicon Integrated Systems Corp.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (PCAMp50) -- C:\Windows\System32\drivers\PCAMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PCASp50) -- C:\Windows\System32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (usbaudio) Pilote USB audio (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (WSVD) -- C:\Windows\System32\drivers\WSVD.sys (Wasay)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys ()
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/16 18:20:53 | 000,000,000 | ---D | M]
[2009/12/02 14:58:47 | 000,000,000 | ---D | M] -- C:\Users\Bernadette\AppData\Roaming\mozilla\Extensions
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (barre d'outils Orange) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange Toolbar FR\ToolbarContainer255.dll (Copernic Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (barre d'outils Orange) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange Toolbar FR\ToolbarContainer255.dll (Copernic Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [捁牥吠畯r] File not found
O4 - Startup: C:\Users\Bernadette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Atelier des Chefs.lnk = C:\Users\Bernadette\AppData\Roaming\latelierdeschefs\Atelier des Chefs\LAtelier des Chefs.exe (L'atelier des Chefs)
O4 - Startup: C:\Users\Bernadette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSN Pictures Displayer.lnk = C:\ProgramData\MSN Pictures Displayer\MSN Pictures Displayer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE File not found
O9 - Extra 'Tools' menuitem : Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE File not found
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bernadette\Documents\Création Bien Etre\image pour logo\galets_japon.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bernadette\Documents\Création Bien Etre\image pour logo\galets_japon.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/03/17 11:18:12 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/03/17 11:18:12 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/03/18 13:49:39 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/03/18 13:38:01 | 000,000,000 | ---D | C] -- C:\Users\Bernadette\AppData\Roaming\Malwarebytes
[2010/03/18 13:37:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/18 13:37:54 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/18 13:37:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/18 13:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/18 13:37:02 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Bernadette\Desktop\mbam-setup.exe
[2010/03/17 11:18:12 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/03/17 09:17:42 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/17 09:17:41 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/03/17 09:17:41 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/17 09:17:41 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/17 09:17:41 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/03/17 09:17:41 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/03/17 09:17:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/03/17 09:17:41 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/03/17 09:17:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/17 09:17:40 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/03/17 09:17:40 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/03/17 09:17:40 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/03/17 09:17:40 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/17 09:17:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/17 09:16:27 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/03/16 19:44:46 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010/03/16 16:27:31 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2010/03/16 16:19:11 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/03/16 16:19:11 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/03/16 16:19:10 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/03/16 16:19:10 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/03/16 16:19:10 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010/03/16 16:19:09 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/03/16 16:19:09 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/03/16 16:19:09 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/03/16 16:19:09 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/03/16 16:19:09 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/03/16 16:19:09 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/03/16 16:19:08 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/16 16:19:08 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010/03/16 16:19:08 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/03/16 16:19:08 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/03/16 16:19:08 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/03/16 16:19:07 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/03/16 16:19:07 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/03/16 16:19:07 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/03/16 16:19:07 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/03/16 16:19:05 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/03/16 16:19:05 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/03/16 16:19:05 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/03/16 16:19:04 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010/03/16 16:19:04 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/03/16 16:19:04 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/03/16 11:35:07 | 000,000,000 | ---D | C] -- C:\Ad-Remover
[2010/03/16 11:34:35 | 001,321,896 | ---- | C] (C_XX) -- C:\Users\Bernadette\Desktop\AD-R.exe
[2010/03/15 15:14:19 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Users\Bernadette\Desktop\OTL.exe
[2010/03/13 14:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\AxBx
[2010/03/13 11:16:37 | 000,000,000 | ---D | C] -- C:\Users\Bernadette\DoctorWeb
[2010/03/13 03:13:48 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/03/11 03:01:59 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/11 03:01:55 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/03/01 15:55:39 | 000,000,000 | ---D | C] -- C:\Users\Bernadette\Documents\Mes numérisations
[2010/02/24 04:14:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/24 04:13:26 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/24 04:13:26 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/24 04:13:26 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/24 04:13:26 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/24 04:13:26 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/24 04:13:26 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/24 04:13:26 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/24 04:13:26 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/24 04:13:26 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/18 18:01:11 | 003,467,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/18 18:01:09 | 003,502,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2006/01/06 19:05:19 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/03/18 16:47:36 | 007,077,888 | -HS- | M] () -- C:\Users\Bernadette\ntuser.dat
[2010/03/18 16:47:12 | 000,802,304 | ---- | M] () -- C:\Windows\System32\drivers\heqqjfqd.sys
[2010/03/18 16:00:01 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\Maintenance en 1 clic.job
[2010/03/18 15:56:30 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/18 15:56:30 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/18 13:56:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/18 13:56:22 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2010/03/18 13:55:32 | 128,338,348 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/18 13:48:41 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/03/18 13:48:13 | 003,088,406 | -H-- | M] () -- C:\Users\Bernadette\AppData\Local\IconCache.db
[2010/03/18 13:47:58 | 000,013,258 | ---- | M] () -- C:\Users\Bernadette\Documents\attestation.docx
[2010/03/18 13:37:59 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/18 13:37:27 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Bernadette\Desktop\mbam-setup.exe
[2010/03/18 13:18:50 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1D6016B5-EE64-4CCD-BBC6-AAC899F8FE06}.job
[2010/03/16 14:22:31 | 000,143,360 | ---- | M] () -- C:\Users\Bernadette\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/16 14:13:23 | 000,069,016 | ---- | M] () -- C:\Users\Bernadette\Documents\eau diamant.docx
[2010/03/16 14:11:58 | 000,137,005 | ---- | M] () -- C:\Users\Bernadette\Documents\Eau Diamant - Message sur l'Eau Diamant.mht
[2010/03/16 11:34:35 | 001,321,896 | ---- | M] (C_XX) -- C:\Users\Bernadette\Desktop\AD-R.exe
[2010/03/15 15:14:20 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Users\Bernadette\Desktop\OTL.exe
[2010/03/11 12:04:08 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/03/06 17:44:36 | 000,032,933 | ---- | M] () -- C:\Users\Bernadette\Documents\affiramtion fleurs du bush.docx
[2010/03/04 18:21:13 | 000,757,226 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/03/04 18:21:12 | 001,690,840 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/04 18:21:12 | 000,667,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/04 18:21:12 | 000,145,534 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/03/04 18:21:12 | 000,125,782 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/26 16:39:43 | 002,755,186 | ---- | M] () -- C:\Users\Bernadette\Documents\Offre_de_credit_EMPRUNTEUR_LOCATAIRE_01.tif
[2010/02/26 14:22:34 | 001,579,476 | ---- | M] () -- C:\Users\Bernadette\Documents\facture_du_20100204[1]_01.tif
[2010/02/26 14:06:06 | 000,122,368 | ---- | M] () -- C:\Users\Bernadette\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/25 15:21:10 | 000,013,300 | ---- | M] () -- C:\Users\Bernadette\Documents\etiquette site web.docx
[2010/02/25 15:21:10 | 000,000,162 | -H-- | M] () -- C:\Users\Bernadette\Documents\~$iquette site web.docx
[2010/02/25 03:20:07 | 000,418,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/24 09:50:00 | 000,435,830 | ---- | M] () -- C:\Users\Bernadette\Documents\RIB paru vendu.jpg
[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/21 00:54:40 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/02/21 00:51:43 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/03/18 13:37:59 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/18 12:06:04 | 000,013,258 | ---- | C] () -- C:\Users\Bernadette\Documents\attestation.docx
[2010/03/17 09:17:40 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/03/16 14:13:22 | 000,069,016 | ---- | C] () -- C:\Users\Bernadette\Documents\eau diamant.docx
[2010/03/16 14:11:57 | 000,137,005 | ---- | C] () -- C:\Users\Bernadette\Documents\Eau Diamant - Message sur l'Eau Diamant.mht
[2010/03/06 17:44:35 | 000,032,933 | ---- | C] () -- C:\Users\Bernadette\Documents\affiramtion fleurs du bush.docx
[2010/02/26 16:39:42 | 002,755,186 | ---- | C] () -- C:\Users\Bernadette\Documents\Offre_de_credit_EMPRUNTEUR_LOCATAIRE_01.tif
[2010/02/26 14:22:32 | 001,579,476 | ---- | C] () -- C:\Users\Bernadette\Documents\facture_du_20100204[1]_01.tif
[2010/02/25 15:21:10 | 000,000,162 | -H-- | C] () -- C:\Users\Bernadette\Documents\~$iquette site web.docx
[2010/02/25 15:21:09 | 000,013,300 | ---- | C] () -- C:\Users\Bernadette\Documents\etiquette site web.docx
[2010/02/24 09:50:00 | 000,435,830 | ---- | C] () -- C:\Users\Bernadette\Documents\RIB paru vendu.jpg
[2009/12/17 17:47:15 | 000,802,304 | ---- | C] () -- C:\Windows\System32\drivers\heqqjfqd.sys
[2009/12/14 12:51:26 | 000,018,605 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/08/03 16:45:14 | 000,000,057 | ---- | C] () -- C:\Windows\yesmessenger.ini
[2009/02/22 12:13:05 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008/08/22 09:10:20 | 000,000,784 | ---- | C] () -- C:\Windows\wininit.ini
[2008/08/18 18:59:30 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/07/31 09:10:15 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI
[2008/07/10 10:00:54 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/05/15 08:43:01 | 000,000,680 | ---- | C] () -- C:\Users\Bernadette\AppData\Local\d3d9caps.dat
[2008/02/14 20:05:21 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll
[2008/02/11 21:15:57 | 000,000,586 | ---- | C] () -- C:\Windows\FNTNSTLR.INI
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2008/02/03 08:34:41 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008/01/11 20:33:51 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\9265F3658C.sys
[2008/01/11 20:24:02 | 000,002,516 | ---- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/01/09 19:48:04 | 000,475,136 | ---- | C] () -- C:\Windows\System32\SAGEPERS.DLL
[2007/12/26 22:28:24 | 000,000,675 | ---- | C] () -- C:\Users\Bernadette\AppData\Roaming\waver_2.95.dat
[2007/09/30 15:24:54 | 000,446,976 | ---- | C] () -- C:\Windows\System32\ShellMPD.dll
[2007/09/16 10:11:38 | 000,003,192 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007/08/22 09:17:28 | 000,000,098 | ---- | C] () -- C:\Users\Bernadette\AppData\Local\fusioncache.dat
[2007/08/04 17:45:22 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/06/03 08:26:58 | 000,000,000 | ---- | C] () -- C:\Users\Bernadette\AppData\Local\rx_image.Cache
[2007/05/31 08:40:40 | 000,685,816 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2007/04/29 13:52:44 | 000,143,360 | ---- | C] () -- C:\Users\Bernadette\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/29 10:31:01 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2007/04/29 10:31:01 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2007/02/22 02:00:28 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/02/06 22:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/02/06 22:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/02/06 22:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/02/06 22:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/02/06 22:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/02/06 22:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2007/02/06 01:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/12/25 14:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 20:54:30 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006/11/01 20:52:38 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2006/01/07 03:30:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2006/01/07 02:19:59 | 000,000,985 | ---- | C] () -- C:\Windows\generic.ini
[2006/01/07 02:19:59 | 000,000,095 | ---- | C] () -- C:\Windows\Alaunch.ini
[2006/01/06 19:05:22 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2006/01/06 18:54:39 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys
[2005/07/15 19:35:56 | 000,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005/07/15 19:35:56 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2005/07/15 19:35:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2004/01/22 17:06:32 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2003/11/18 00:37:20 | 000,072,192 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2002/03/06 22:19:16 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[2001/01/12 10:52:26 | 000,094,208 | ---- | C] () -- C:\Windows\System32\vbpng.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 48 bytes -> C:\Windows:C1B395FF4567C6F2
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:228EA9DE
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:57F9582D
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP
FC5A2B2< End of report >
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
:OTL
SRV - (RoxLiveShare9) -- File not found
SRV - (CLTNetCnService) -- File not found
[2010/03/18 16:47:12 | 000,802,304 | ---- | M] () -- C:\Windows\System32\drivers\heqqjfqd.sys
:commands
[emptytemp]
[reboot]
SRV - (RoxLiveShare9) -- File not found
SRV - (CLTNetCnService) -- File not found
[2010/03/18 16:47:12 | 000,802,304 | ---- | M] () -- C:\Windows\System32\drivers\heqqjfqd.sys
:commands
[emptytemp]
[reboot]
Lassé par la pub ? Créez un compte
- Contenus similaires :
