[Résolu] Infection ?

meritein · par **meritein** » 20 déc. 2010 19:11

Bonsoir,
j'observe pas mal de difficultés croissantes dans l'utilisation de mon ordi, plus particulièrement, des lenteurs sur internet, des lenteurs dans l'utilisation de microsoft office et des lenteurs au démarrage de l'ordi. Peut-être s'agit-il d'une infection bien qu'antivir ne détecte pas de virus mais, seulement, me signale 2 fichiers cachés. je poste, ci-dessous, le rapport hijackthis. Merci à celui ou celle qui aura la bonté de me tirer de ce "pétrin".
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:27, on 20/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\CardDetector\HUAWEI\CardDetector.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\JBM\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CardDetectorHUAWEI] C:\Program Files\CardDetector\HUAWEI\CardDetector.exe
O4 - HKLM\..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] "C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBF17647-A0AF-4052-9F57-D7E71A591E6F}: NameServer = 192.168.1.1
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (kodakccs) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8737 bytes

SkyTech · par **SkyTech** » 20 déc. 2010 19:18

Salut,

Désinstalle la panoplie Orange : http://www.bichofeo.com/29.htm

Désinstalle Skype Toolbars

---

Relance HijackThis, coche ces lignes en rouge et clic sur Fix checked.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)

---

Désactive CTFMON.exe :

Panneau de configuration >>> Options régionales et linguistiques >>> Langues >>> Détails >>> Avancé >>> Cocher la case "Arrêtez les services de texte avancés"

Désactive aussi Java Quick Starter :

Panneau de configuration (de Windows) > Java > Avancé > Divers > Décocher Java Quick Starter.

---

Télécharge OTM (de OldTimer). Sauvegarde-le sur ton Bureau.
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

:services
gupdate
kodakccs

:files
C:\Program Files\Google\Update

:commands
[purity]
[emptytemp]
[emptyflash]

Double clique sur OTM.exe afin de le lancer.
Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
Clique maintenant sur le bouton MoveIt! puis ferme OTM.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

Poste un nouveau rapport HijackThis avec.

meritein · par **meritein** » 20 déc. 2010 20:30

Merci beaucoup pour cette réponse rapide. Ci-dessous les 2 rapports demandés avec quelques remarques.
Je n'ai pas trouvé de Gestionnaire Orange mais seulement Orange Everywhere (ie le programme pour utiliser l'ordi vers internet lorsque je suis "loin de ma base" ). Je l'ai tout de même supprimé vu que je ne vais pas m'en servir avant plusieurs mois.
J'ai désinstallé Skype Toolsbar : en revanche, je pars pour l'étranger et je compte téléphoner avec Skype. La désinstallation va-t-elle me poser des problèmes ?
Dans Panneau de configuration >>> Options régionales et linguistiques >>> Langues >>> Détails >>> Avancé >>> Cocher la case "Arrêtez les services de texte avancés" ; je n'ai pas pu cocher cette case car elle était déjà coché.

d'abord, le rapport OLDTimer
All processes killed
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service kodakccs stopped successfully!
Service kodakccs deleted successfully!
========== FILES ==========
C:\Program Files\Google\Update\Offline folder moved successfully.
C:\Program Files\Google\Update\Download folder moved successfully.
C:\Program Files\Google\Update\1.2.183.39 folder moved successfully.
C:\Program Files\Google\Update folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: JBM
->Temp folder emptied: 228414022 bytes
->Temporary Internet Files folder emptied: 243544251 bytes
->Java cache emptied: 141702228 bytes
->FireFox cache emptied: 64108806 bytes
->Google Chrome cache emptied: 17938524 bytes
->Flash cache emptied: 63545 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 24192 bytes
Windows Temp folder emptied: 197057046 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 65426518 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1931643360 bytes

Total Files Cleaned = 2 756,00 mb

OTM by OldTimer - Version 3.1.17.2 log created on 12202010_200229

Ensuite le nouveau rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:15:00, on 20/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\JBM\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] "C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBF17647-A0AF-4052-9F57-D7E71A591E6F}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 3736 bytes

Encore merci;

SkyTech · par **SkyTech** » 20 déc. 2010 20:33

Supprime :

C:\_OTM

meritein a écrit : La désinstallation va-t-elle me poser des problèmes ?

Non

Fix cette ligne :

O4 - HKLM\..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] "C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe"

---

Java est pas à jour, il contient des failles de sécurités, installe la dernière version : http://www.java.com/fr/download/installed.jsp

Et :

Télécharge JavaRa (de Paul McLain et Fred de Vries)

Décompresse le fichier sur ton Bureau (clic droit > Extraire tout)
Double-clique sur le répertoire JavaRa obtenu.
Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
Clique sur Effacer les anciennes versions
Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok
Ferme l'application.
Poste le contenu de C:\JavaRa.log

---

Menu démarrer, exécuter, tape services.msc, entrée

Dans la fenêtre qui s'ouvre cherche :

hpqwmiex
PC Angel
Pml Driver HPZ12

Double clique dessus, dans type de démarrage mets manuel.

Redémarre et poste un nouveau rapport HijackThis.

meritein · par **meritein** » 20 déc. 2010 21:05

"Java est pas à jour, il contient des failles de sécurités, installe la dernière version : http://www.java.com/fr/download/installed.jsp"

je ne peux pas mettre à jour Java en cliquant sur ce lien. L'ordi m'affiche une page avec "Vérification de la version Java" et merenvoie sur différentes pages d'erreurs. Je me suis, donc, arrêter à ce stade. Y-a-t-il un autre moyen pour télécharger la dernière maj de java ?

Darkwell23 · par **Darkwell23** » 20 déc. 2010 21:33

Salut,

Tient je te l'ai uploadé, j'ai un compte gratuit sur megaupload, et comme j'étais entrain de mettre Java a jour je me suis dis que ça pourrais te servir

http://www.megaupload.com/?d=MX3I3YB0
c'est la dernière version, installation en ligne

Ps: j'espère t'avoir aidé ainsi que ne pas t'avoir mis des battons dans les roues skytech si c'est le cas excuse moi

Cordialement

meritein · par **meritein** » 20 déc. 2010 21:45

J'ai, malgré tout, poursuivi la procédure puisque le lien ne me permettait pas de maj de Java. J'ai, donc, lancé JavaRa et services.msc.
Voici les 2 rapports souhaité (d'abord JavaRa puis hijackthis).
JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Dec 20 21:29:03 2010

Found and removed: C:\Documents and Settings\JBM\Application Data\Sun\Java\jre1.6.0_11

Found and removed: C:\Documents and Settings\JBM\Application Data\Sun\Java\jre1.6.0_13

Found and removed: C:\Documents and Settings\JBM\Application Data\Sun\Java\jre1.6.0_15

Found and removed: C:\Documents and Settings\JBM\Application Data\Sun\Java\jre1.6.0_16

Found and removed: C:\Documents and Settings\JBM\Application Data\Sun\Java\jre1.6.0_17

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\JavaPlugin.160_18

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_18

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_18

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_18

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_18

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Dec 20 21:29:28 2010

------------------------------------

Finished reporting.

----------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:35, on 20/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\JBM\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBF17647-A0AF-4052-9F57-D7E71A591E6F}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 3387 bytes

SkyTech · par **SkyTech** » 20 déc. 2010 21:51

Installe la dernière version de Java : http://www.java.com/fr/download/windows ... w.java.com

Et refais JavaRa.

meritein · par **meritein** » 21 déc. 2010 10:24

Bonjour Sky Tech,
je viens de télécharger la version java incluse dans le lien et ça a, parfaitement, fonctionné.
J'ai refait JavaRa et hijackthis. Les comptes rendus sont ci-dessous.

CR JavaRa

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Dec 21 10:17:23 2010

Found and removed: C:\Documents and Settings\JBM\Application Data\Sun\Java\jre1.6.0_18

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_18

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: Software\Classes\JavaPlugin.160_18

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

------------------------------------

Finished reporting.

CR hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:19, on 21/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\JBM\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBF17647-A0AF-4052-9F57-D7E71A591E6F}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 3577 bytes

Dans l'attente de nouvelles instructions, je te souhaite une bonne journée.

SkyTech · par **SkyTech** » 21 déc. 2010 11:41

Supprime JavaRa & C:\JavaRa.log

Platform: Windows XP SP2 (WinNT 5.01.2600)

Ton Windows n'est pas à jour, il contient des failles de sécurités, les virus passent par ces failles pour infecter ton ordinateur.
Ton Windows est donc vulnérable.

Installe le SP3 de XP via Windows Udapte.
(Ça marche qu'avec Internet Explorer.)
Avant de l'installer à lire.

Poste un nouveau rapport HijackThis.

meritein · par **meritein** » 21 déc. 2010 13:56

La maj a été faite : ça a été laborieux pour revenir jusqu'ici. Ci-dessous le nouveau rapport hijacthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:50:48, on 21/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\JBM\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBF17647-A0AF-4052-9F57-D7E71A591E6F}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 3933 bytes

SkyTech · par **SkyTech** » 21 déc. 2010 15:52

Désactive aussi Java Quick Starter :

Panneau de configuration (de Windows) > Java > Avancé > Divers > Décocher Java Quick Starter.

---

Vérifie l'Ultra-DMA : http://forum.malekal.com/activer-ultra- ... =dma#p3860

Comment se comporte le PC ?

meritein · par **meritein** » 21 déc. 2010 17:57

Bonsoir,
j'ai désactivé JavaQuickStarter. J'ai vérifié l'ultra DMA (le périphérique 1 a DMA si disponible en mode de transfert puis UltraDMA mode 5 ; le périphérique 1 a DMA si disponible en mode de transfert et DMA multimot mode 2).

La navigation sur internet semble aller un peu mieux. En revanche il est, encore, relativement, long à l'allumage de l'ordi.

Encore une fois, un grand merci et joyeuses fêtes de fin d'année.

SkyTech · par **SkyTech** » 21 déc. 2010 23:31

OK

Si tu n'as pas besoin de Skype au démarrage, fix cette ligne :

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

Puis :

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

meritein · par **meritein** » 22 déc. 2010 08:11

Bonjour,
ci-dessous les 2 rapports provenant d'OTL.

Rapport OTL.txt[/b]

OTL logfile created on: 22/12/2010 07:52:28 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\JBM\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 015,00 Mb Total Physical Memory | 579,00 Mb Available Physical Memory | 57,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49,62 Gb Total Space | 30,45 Gb Free Space | 61,36% Space Free | Partition Type: NTFS
Drive E: | 6,27 Gb Total Space | 0,44 Gb Free Space | 6,96% Space Free | Partition Type: NTFS

Computer Name: PC217681214228 | User Name: JBM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\JBM\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\JBM\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT) -- c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbfake) -- C:\WINDOWS\system32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (w29n51) Pilote de carte de connexion réseau Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (PCANDIS5) -- C:\WINDOWS\system32\pcandis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (TIEHDUSB) -- C:\WINDOWS\system32\drivers\tiehdusb.sys (Texas Instruments Incorporated)
DRV - (SilverLink) Texas Instruments SilverLink (USB GraphLink) -- C:\WINDOWS\system32\drivers\SilvrLnk.sys (Texas Instruments Incorporated)
DRV - (PCAMPR5) -- C:\WINDOWS\system32\pcampr5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.orange.fr/"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.8.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 18:30:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/21 10:14:45 | 000,000,000 | ---D | M]

[2009/11/07 13:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JBM\Application Data\Mozilla\Extensions
[2010/12/21 15:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JBM\Application Data\Mozilla\Firefox\Profiles\2saw277z.default\extensions
[2010/12/20 20:56:34 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\JBM\Application Data\Mozilla\Firefox\Profiles\2saw277z.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/12/21 15:39:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/20 19:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/12/21 10:14:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/21 10:14:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/21 11:01:44 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/08/21 11:01:44 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/08/21 11:01:44 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/08/21 11:01:44 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/08/21 11:01:44 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2009/09/23 16:43:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Sites de confiance)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Sites de confiance)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\JBM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JBM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/28 00:07:00 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{13c9915b-56be-11df-8774-0016d4ba0ab6}\Shell - "" = AutoRun
O33 - MountPoints2\{13c9915b-56be-11df-8774-0016d4ba0ab6}\Shell\AutoRun\command - "" = H:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{c82d6ac0-aa0a-11df-8812-0016d4ba0ab6}\Shell - "" = AutoRun
O33 - MountPoints2\{c82d6ac0-aa0a-11df-8812-0016d4ba0ab6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/22 07:48:46 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JBM\Bureau\OTL.exe
[2010/12/22 00:55:30 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/12/22 00:55:30 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/12/22 00:55:18 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/12/22 00:54:00 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/22 00:48:41 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/21 14:18:28 | 000,000,000 | ---D | C] -- C:\CODES
[2010/12/21 13:34:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/12/21 13:09:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/12/21 13:09:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr
[2010/12/21 13:09:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/12/21 13:02:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/12/21 12:56:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/12/21 12:56:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/12/21 10:14:45 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/21 10:14:45 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/21 10:14:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/21 10:14:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/20 21:18:13 | 000,000,000 | ---D | C] -- C:\COMPRESSION_DECOMPRESSION DE FICHIERS
[2010/12/20 20:00:55 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JBM\Bureau\OTM.exe
[2010/12/20 19:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JBM\Bureau\backups
[2010/12/20 18:58:40 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\JBM\Bureau\HiJackThis.exe
[2010/12/10 16:10:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JBM\Application Data\skypePM
[2010/12/10 16:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Skype
[2010/12/10 16:07:34 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/12/10 16:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JBM\Application Data\Skype
[2010/12/10 16:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/12/10 16:03:19 | 000,000,000 | ---D | C] -- C:\SKYPE
[2010/12/02 04:35:18 | 004,280,320 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2010/12/01 07:07:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JBM\Application Data\Avira
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/22 07:49:37 | 000,002,577 | ---- | M] () -- C:\Documents and Settings\JBM\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2010/12/22 07:48:55 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JBM\Bureau\OTL.exe
[2010/12/22 07:17:03 | 000,002,557 | ---- | M] () -- C:\Documents and Settings\JBM\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel.lnk
[2010/12/22 07:12:00 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/22 07:12:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/22 03:37:06 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2606437866-2541356219-4163085143-1006.job
[2010/12/22 03:36:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/22 03:36:26 | 000,191,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/22 03:36:25 | 1064,751,104 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/22 03:35:32 | 000,510,980 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/12/22 03:35:32 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/22 03:35:32 | 000,084,964 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/12/22 03:35:32 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/22 03:20:08 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/21 18:13:25 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\JBM\Bureau\planning australie .xls
[2010/12/21 15:29:05 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\JBM\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010/12/21 15:29:05 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Picasa 3.lnk
[2010/12/21 13:48:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/21 13:46:27 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\JBM\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk
[2010/12/21 13:42:20 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/12/21 13:42:19 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/12/21 13:02:12 | 000,252,240 | -HS- | M] () -- C:\NTLDR
[2010/12/21 10:14:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/21 10:14:23 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/21 10:14:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/21 10:14:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/21 10:14:23 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/12/20 21:35:01 | 000,001,710 | ---- | M] () -- C:\Documents and Settings\JBM\Application Data\Microsoft\Internet Explorer\Quick Launch\IZArc (2).lnk
[2010/12/20 21:20:39 | 000,001,710 | ---- | M] () -- C:\Documents and Settings\JBM\Bureau\IZArc.lnk
[2010/12/20 20:00:57 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JBM\Bureau\OTM.exe
[2010/12/20 18:58:40 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\JBM\Bureau\HiJackThis.exe
[2010/12/20 17:58:43 | 000,000,524 | ---- | M] () -- C:\Documents and Settings\JBM\Bureau\Raccourci vers COMPTE RENDU INEO1.doc.lnk
[2010/12/12 14:55:16 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\JBM\Bureau\sujet cfg1.xls
[2010/12/11 17:21:31 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
[2010/12/10 20:07:52 | 000,000,046 | ---- | M] () -- C:\WINDOWS\ib.ini
[2010/12/10 16:10:20 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/10 07:39:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2606437866-2541356219-4163085143-1006.job
[2010/12/02 19:54:28 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\JBM\Bureau\Microsoft Excel.lnk
[2010/12/02 19:50:33 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\JBM\Bureau\Clé WPA et SSID.xls
[2010/12/02 07:07:52 | 005,028,352 | ---- | M] () -- C:\Documents and Settings\JBM\Mes documents\Australia.pps
[2010/12/02 04:35:18 | 004,280,320 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2010/11/26 17:20:28 | 000,001,470 | ---- | M] () -- C:\Documents and Settings\JBM\all
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/21 15:29:05 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\JBM\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010/12/21 15:29:05 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Picasa 3.lnk
[2010/12/21 13:46:27 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\JBM\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk
[2010/12/20 21:35:01 | 000,001,710 | ---- | C] () -- C:\Documents and Settings\JBM\Application Data\Microsoft\Internet Explorer\Quick Launch\IZArc (2).lnk
[2010/12/20 21:20:39 | 000,001,710 | ---- | C] () -- C:\Documents and Settings\JBM\Bureau\IZArc.lnk
[2010/12/20 17:58:43 | 000,000,524 | ---- | C] () -- C:\Documents and Settings\JBM\Bureau\Raccourci vers COMPTE RENDU INEO1.doc.lnk
[2010/12/12 14:55:15 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\JBM\Bureau\sujet cfg1.xls
[2010/12/10 16:10:20 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/10 16:07:37 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
[2010/12/05 16:01:25 | 005,028,352 | ---- | C] () -- C:\Documents and Settings\JBM\Mes documents\Australia.pps
[2010/11/26 17:20:28 | 000,001,470 | ---- | C] () -- C:\Documents and Settings\JBM\all
[2009/08/14 08:19:14 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS38.DLL
[2009/08/09 09:03:29 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/08/09 08:48:55 | 000,007,843 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/04/01 06:46:35 | 000,000,152 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/29 08:09:58 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\JBM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/02 15:51:58 | 000,000,016 | ---- | C] () -- C:\WINDOWS\winzip32.ini
[2008/04/11 07:59:49 | 000,000,046 | ---- | C] () -- C:\WINDOWS\ib.ini
[2008/04/11 07:59:48 | 000,027,136 | ---- | C] () -- C:\WINDOWS\toFront.dll
[2008/04/11 07:59:48 | 000,026,624 | ---- | C] () -- C:\WINDOWS\GetIe.dll
[2007/12/26 09:24:00 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\dg151.dll
[2007/11/29 11:37:20 | 000,000,923 | ---- | C] () -- C:\WINDOWS\NWC.INI
[2007/06/01 21:47:43 | 000,001,206 | ---- | C] () -- C:\WINDOWS\nwplayer.ini
[2007/03/20 08:40:28 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/18 06:53:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/03/18 06:53:50 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/03/18 06:53:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/03/18 06:53:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/03/18 06:53:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/03/18 06:53:50 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/03/18 06:52:19 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\JBM\Local Settings\Application Data\fusioncache.dat
[2007/03/18 06:52:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\JBM\Local Settings\Application Data\QSwitch.txt
[2007/03/18 06:52:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\JBM\Local Settings\Application Data\DSwitch.txt
[2007/03/18 06:52:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\JBM\Local Settings\Application Data\AtStart.txt
[2006/12/03 17:59:51 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/03 17:58:27 | 000,029,682 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/08/17 15:11:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/17 10:37:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/17 10:30:22 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/17 10:17:58 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/07/07 02:00:00 | 000,003,279 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/05 09:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/12/21 12:56:17 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/12/21 12:56:17 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2010/12/21 12:56:17 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/05 09:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/12/21 12:56:17 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/12/21 12:56:17 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/12/21 12:56:17 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/05 09:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/05 09:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\netlogon.dll
[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 19:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 19:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/05 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\scecli.dll
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2004/08/05 09:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/05 09:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\ERDNT\cache\scecli.dll

< %systemroot%\*. /mp /s >

< >

< >

< End of report >

Rapport Extras.txt

OTL Extras logfile created on: 22/12/2010 07:52:28 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\JBM\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 015,00 Mb Total Physical Memory | 579,00 Mb Available Physical Memory | 57,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49,62 Gb Total Space | 30,45 Gb Free Space | 61,36% Space Free | Partition Type: NTFS
Drive E: | 6,27 Gb Total Space | 0,44 Gb Free Space | 6,96% Space Free | Partition Type: NTFS

Computer Name: PC217681214228 | User Name: JBM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\domainprofile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\standardprofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\Program Files\Hp\HP Software Update\HPWUCli.exe" = C:\Program Files\Hp\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe" = C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A2
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = Installation de HP Backup and Recovery Manager
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE3-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.5)
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{9011040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{929AB598-BB08-4875-B8D2-952C151D6E47}" = HP User Guides 0038
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.2 - Français
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Logiciel Kodak EasyShare
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}" = Application Installer 4.00.B5
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}" = Windows Live installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_30C4103C" = Soft Data Fax Modem with SmartCP
"Core FTP LE 2.1" = Core FTP LE 2.1
"hijackthis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nvu_is1" = Nvu 1.0
"PC London SPAN_04.00.00" = PC London SPAN_04.00.00
"Picasa 3" = Picasa 3
"PrintMusic! 2004" = PrintMusic! 2004
"PROSet" = Intel(R) PRO Network Connections Drivers
"QuickTime" = QuickTime
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/12/2010 01:49:05 | Computer Name = PC217681214228 | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 8.0.6001.18702, module
défaillant kernel32.dll, version 5.1.2600.3541, adresse de défaillance 0x00012a6b.

Error - 18/12/2010 03:13:25 | Computer Name = PC217681214228 | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 8.0.6001.18702, module
défaillant kernel32.dll, version 5.1.2600.3541, adresse de défaillance 0x00012a6b.

Error - 18/12/2010 05:16:42 | Computer Name = PC217681214228 | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 8.0.6001.18702, module
défaillant kernel32.dll, version 5.1.2600.3541, adresse de défaillance 0x00012a6b.

Error - 20/12/2010 01:16:48 | Computer Name = PC217681214228 | Source = Application Hang | ID = 1002
Description = Application bloquée msimn.exe, version 6.0.2900.2180, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 20/12/2010 08:07:04 | Computer Name = PC217681214228 | Source = Application Error | ID = 1000
Description = Application défaillante msimn.exe, version 6.0.2900.2180, module défaillant
msoe.dll, version 6.0.2900.3664, adresse de défaillance 0x00056a2d.

Error - 20/12/2010 08:07:08 | Computer Name = PC217681214228 | Source = Application Error | ID = 1000
Description = Application défaillante drwtsn32.exe, version 5.1.2600.0, module défaillant
dbghelp.dll, version 5.1.2600.2180, adresse de défaillance 0x0001295d.

Error - 20/12/2010 16:29:07 | Computer Name = PC217681214228 | Source = Application Error | ID = 1000
Description = Application défaillante javara.exe, version 1.16.1.1763, module défaillant
ntdll.dll, version 5.1.2600.3520, adresse de défaillance 0x0000100b.

Error - 20/12/2010 16:58:45 | Computer Name = PC217681214228 | Source = Application Error | ID = 1000
Description = Application défaillante , version 0.0.0.0, module défaillant unknown,
version 0.0.0.0, adresse de défaillance 0x00000000.

Error - 21/12/2010 02:03:29 | Computer Name = PC217681214228 | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 8.0.6001.18702, module
défaillant kernel32.dll, version 5.1.2600.3541, adresse de défaillance 0x00012a6b.

Error - 22/12/2010 02:16:19 | Computer Name = PC217681214228 | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 8.0.6001.18702, module
défaillant kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x00012afb.

[ System Events ]
Error - 20/12/2010 14:51:33 | Computer Name = PC217681214228 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 20/12/2010 14:51:33 | Computer Name = PC217681214228 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 20/12/2010 14:51:33 | Computer Name = PC217681214228 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 20/12/2010 14:51:33 | Computer Name = PC217681214228 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 20/12/2010 14:51:34 | Computer Name = PC217681214228 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 20/12/2010 14:51:34 | Computer Name = PC217681214228 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 20/12/2010 14:51:34 | Computer Name = PC217681214228 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 20/12/2010 14:51:34 | Computer Name = PC217681214228 | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 20/12/2010 15:02:31 | Computer Name = PC217681214228 | Source = Service Control Manager | ID = 7034
Description = Le service hpqwmiex s'est terminé de façon inattendue pour la 1ème
fois.

Error - 20/12/2010 15:02:31 | Computer Name = PC217681214228 | Source = Service Control Manager | ID = 7034
Description = Le service Pml Driver HPZ12 s'est terminé de façon inattendue pour
la 1ème fois.

< End of report >
Je n'ai pas fixé skype car, auparavant, je voudrais savoir si ce faisant je pourrais m'en servir malgré sa disparition au démmarrage (en lançant skype.exe peut-être ?).

Malekal.com forum

[Résolu] Infection ?

[Résolu] Infection ?

Re: Infection ?

Re: Infection ?

Re: Infection ?

Re: Infection ?

Re: Infection ?

Re: Infection ?

Re: Infection ?

Re: Infection ?

Re: Infection ?

Re: Infection ?

Re: Infection ?

Re: Infection ?

Re: Infection ?

Re: Infection ?