Il y a actuellement 674 visiteurs
Dimanche 22 Décembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

rootkit vin 32 gen [Résolu]

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

rootkit vin 32 gen [Résolu]

Message le 26 Oct 2010 20:38

qui peut m aider, j ai passé avast rien de rien le v irus est en quarantaine anti spywerre rien de rien j ai ete voir dans avast les elements en quarantaine, mais je sais pas comment les supprimer en plus à chaque fois que ce arré rouge m informe pour la menace sa rajoute une ligne, je peux y passer la nuit ???

toutes les 10 secondes j ai ce carré rouge, qui dit une menace a ete detecté , la menace est mis en quarantaine et que j ai aucune action a faire, mais bon c est enervant ce message et se truc rouge qui revient sans arret j ai window 7

infection win32 rootkit gen rtk
objet C/window syswow64 api ms win core memory 1 1 032 dll

processus C window sys WOW64 wmdmps32 exe

merci de votre aide
esther65
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 21
Inscription: 26 Oct 2010 20:26
 


Re: rootkit vin 32 gen

Message le 26 Oct 2010 21:28

Salut,

Clique sur le lien ComboFix de sUBs
Dans la fenêtre d'enregistrement, renomme "ComboFix" en "esther65" et télécharge ce logiciel sur ton Bureau et pas ailleurs.

Ferme toutes les fenêtres et applications, déconnecte-toi du net et désactive tes protections résidentes (antivirus, antispy, etc ...) :
http://forum.pcastuces.com/desactiver_l ... -f31s4.htm

Sur le Bureau, double-clique sur esther65.
Tape sur la touche Y (Yes) pour démarrer le scan.

Important : si l’ installation de la Console de récupération est demandé, accepte et suis les étapes. A la fin de l'installation le scan démarrera tout seul.

A la fin du scan ComboFix redémarrera ton PC.
Lorsque le scan sera complété, un rapport apparaîtra.
Copie/colle ce rapport dans ta prochaine réponse.

PS : le rapport se trouve également ici : C:\Combofix.txt

Info :
Ne clique pas dans la fenêtre de Combofix durant l’analyse : cela pourrait provoquer le gel du programme.
marvel
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 161
Inscription: 11 Oct 2010 14:20
 

Re: rootkit vin 32 gen

Message le 27 Oct 2010 07:45

bonjour et merci pour la reponse

j ai essayé de telecharger combofix on me dit que c est pas compatible avec window 7????? je regarderais sa ce soir je dois partir garder mes ptits enfants
esther65
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 21
Inscription: 26 Oct 2010 20:26
 

Re: rootkit vin 32 gen

Message le 27 Oct 2010 08:47

Salut,

• Suis ce tutoriel --> MBAM
• Effectue un scan complet du PC ...
• En cas de détection, sélectionne le bouton "Supprimer la sélection" ...
•Copie et colle ici en réponse le contenu du rapport de suppression.

Ensuite ...

• Télécharge DDS de sUBs, sur le Bureau.
• L'outil ne nécessite pas d'installation, lance-le en cliquant sur l'icône dds.scr
(clique droit dessus > Exécuter en tant qu"Administrateur).

• Une fenêtre DOS va apparaître. Un premier rapport va s'ouvrir que tu enregistreras sous DDS.txt par défaut sur le Bureau.
Il te sera demandé si tu veux faire le scan optionnel > Accepte.
• Un nouveau rapport s'ouvre que tu enregistreras sous Compl.txt sur le Bureau.

• Copie et colle ici le contenu des rapports DDS.txt et Compl.txt.
marvel
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 161
Inscription: 11 Oct 2010 14:20
 

Message le 27 Oct 2010 16:12

Code: Tout sélectionner
Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Version de la base de données: 4862

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27/10/2010 17:09:52
mbam-log-2010-10-27 (17-09-52).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 239769
Temps écoulé: 47 minute(s), 20 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
avec MBAM rien du tout  je continue


 
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


EDIT :

Code: Tout sélectionner
DDS (Ver_10-10-21.02) - NTFS_AMD64 
Run by esther at 17:14:35,15 on 27/10/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Édition Familiale Premium   6.1.7600.0.1252.33.1036.18.4026.2314 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\esther\AppData\Roaming\Smilebox\SmileboxTray.exe
C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\esther\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\wmdmps32.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&m=easynote_lj65&r=27361010r945l04c4z1j5f4682r635
uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&m=easynote_lj65&r=27361010r945l04c4z1j5f4682r635
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&m=easynote_lj65&r=27361010r945l04c4z1j5f4682r635
mStart Page = hxxp://home.sweetim.com
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: SYSTRAN Web Translator 5.0 : {a5899b52-3af9-4f56-85fe-ad7b3be8490f} - C:\Program Files (x86)\SYSTRAN\5.0\Personal\IEPlugIn.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: SYSTRAN Web Translator 5.0 : {f7e0096a-951b-41d3-9b35-ea2aa5ab0840} - C:\Program Files (x86)\SYSTRAN\5.0\Personal\IEPlugIn.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SmileboxTray] "C:\Users\esther\AppData\Roaming\Smilebox\SmileboxTray.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\esther\AppData\Roaming\Mozilla\Firefox\Profiles\a9vdt8t8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R?2 WdiSystemHost32;Hôte système de diagnostics ;c:\windows\system32\wmdmps32.exe --> c:\windows\system32\wmdmps32.exe [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-29 55024]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-10-2 121936]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-10-2 20048]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-10-2 61008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-2 40384]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2009-10-24 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2009-9-25 62720]
R2 OberonGameConsoleService;Oberon Media Game Console service;C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [2009-10-24 44312]
R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-10-24 240160]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-2 40384]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-2 40384]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-10-24 139264]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-24 317480]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-1 135664]
S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 27136]
S2 SensrSvc32;Brillance adaptative ;c:\windows\system32\certcredprovider32.exe --> c:\windows\system32\certcredprovider32.exe [?]
S3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-8 169312]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-24 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-2 1255736]

=============== Created Last 30 ================

2010-10-26 19:01:00   2560   ----a-w-   C:\Windows\_MSRSTRT.EXE
2010-10-26 18:29:42   --------   d-----w-   C:\Program Files (x86)\Trend Micro
2010-10-26 12:08:29   469256   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\7f0950ed1cb75060f\InstallManager_WLE_WLE.exe
2010-10-26 12:07:53   15712   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\6ae634aa1cb750603\MeshBetaRemover.exe
2010-10-26 11:20:59   --------   d-----w-   C:\Program Files (x86)\Conduit
2010-10-26 11:20:57   --------   d-----w-   C:\Program Files (x86)\Softonic_France
2010-10-26 10:38:38   173056   ----a-w-   C:\Windows\SysWow64\igdumdx3232.exe
2010-10-26 10:20:30   8006480   ----a-w-   C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{F51B5E18-2FB1-4B37-9B6B-A94F539B2384}\mpengine.dll
2010-10-24 19:01:08   1353728   ----a-w-   C:\Windows\SysWow64\wmdmps32.exe
2010-10-24 18:58:38   173056   ----a-w-   C:\Windows\SysWow64\igd10umd3232.exe
2010-10-24 18:57:36   1353728   ----a-w-   C:\Windows\SysWow64\certCredProvider32.exe
2010-10-24 15:48:27   --------   d-----w-   C:\Program Files (x86)\Ask.com
2010-10-24 15:47:33   411368   ----a-w-   C:\Windows\SysWow64\deploytk.dll
2010-10-24 15:47:33   411368   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
2010-10-24 15:46:58   --------   d-----w-   C:\Program Files (x86)\LimeWire
2010-10-21 10:43:47   69464   ----a-w-   C:\Windows\SysWow64\XAPOFX1_3.dll
2010-10-21 10:43:47   515416   ----a-w-   C:\Windows\SysWow64\XAudio2_5.dll
2010-10-21 10:43:46   523088   ----a-w-   C:\Windows\System32\d3dx10_42.dll
2010-10-21 10:43:46   453456   ----a-w-   C:\Windows\SysWow64\d3dx10_42.dll
2010-10-21 10:43:20   94040   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\c6943eca1cb710c06\DSETUP.dll
2010-10-21 10:43:20   525656   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\c6943eca1cb710c06\DXSETUP.exe
2010-10-21 10:43:20   1691480   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\c6943eca1cb710c06\dsetup32.dll
2010-10-21 10:43:18   94040   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\c3bbd9b71cb710c05\DSETUP.dll
2010-10-21 10:43:18   525656   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\c3bbd9b71cb710c05\DXSETUP.exe
2010-10-21 10:43:18   1691480   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\c3bbd9b71cb710c05\dsetup32.dll
2010-10-21 10:42:57   --------   d-----w-   C:\Users\esther\AppData\Local\Windows Live
2010-10-21 10:42:15   257024   ----a-w-   C:\Windows\System32\mfreadwrite.dll
2010-10-21 10:42:15   206848   ----a-w-   C:\Windows\System32\mfps.dll
2010-10-21 10:42:15   196608   ----a-w-   C:\Windows\SysWow64\mfreadwrite.dll
2010-10-21 10:42:15   1888256   ----a-w-   C:\Windows\System32\WMVDECOD.DLL
2010-10-21 10:42:15   1619456   ----a-w-   C:\Windows\SysWow64\WMVDECOD.DLL
2010-10-21 10:42:14   4068864   ----a-w-   C:\Windows\System32\mf.dll
2010-10-21 10:42:13   3181568   ----a-w-   C:\Windows\SysWow64\mf.dll
2010-10-21 08:07:22   --------   d-----w-   C:\Program Files (x86)\SYSTRAN
2010-10-21 08:03:28   --------   d-----w-   C:\PROGRA~3\Brother
2010-10-20 06:49:59   --------   d-----w-   C:\Program Files (x86)\Yahoo!
2010-10-20 06:49:56   --------   d-----w-   C:\Program Files (x86)\CCleaner
2010-10-17 18:52:58   38224   ----a-w-   C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-10-17 16:24:16   --------   d-----w-   C:\Users\esther\AppData\Local\Smilebox
2010-10-17 16:23:30   --------   d-----w-   C:\Users\esther\AppData\Roaming\Smilebox
2010-10-15 15:44:16   --------   d-----w-   C:\Users\esther\AppData\Local\Adobe
2010-10-05 17:05:19   --------   d-----w-   C:\Users\esther\AppData\Local\WMTools Downloaded Files
2010-10-05 17:03:22   --------   d-----w-   C:\Program Files (x86)\Movie Maker 2.6
2010-10-05 06:14:21   8006480   ----a-w-   C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-10-04 08:25:13   2724120   ----a-w-   C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-10-04 08:24:59   42776   ----a-w-   C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-10-04 08:24:55   639296   ----a-w-   C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-10-04 07:45:41   --------   d-----w-   C:\Windows\RegisteredPackages
2010-10-04 07:39:23   --------   d-----w-   C:\Users\esther\AppData\Roaming\PhotoFiltre
2010-10-04 07:39:17   --------   d-----w-   C:\Program Files (x86)\PhotoFiltre
2010-10-03 19:08:13   --------   d-----w-   C:\Users\esther\AppData\Local\Diagnostics
2010-10-03 19:02:05   --------   d-----w-   C:\Users\esther\AppData\Roaming\GameConsole
2010-10-02 19:13:02   311808   ----a-w-   C:\Windows\System32\msv1_0.dll
2010-10-02 19:13:02   257024   ----a-w-   C:\Windows\SysWow64\msv1_0.dll
2010-10-02 19:09:03   --------   d-----w-   C:\Program Files (x86)\MSXML 4.0
2010-10-02 18:08:07   61008   ----a-w-   C:\Windows\System32\drivers\aswMonFlt.sys
2010-10-02 18:06:57   38848   ----a-w-   C:\Windows\avastSS.scr
2010-10-02 18:06:54   --------   d-----w-   C:\PROGRA~3\Alwil Software
2010-10-02 17:16:10   --------   d-----w-   C:\Windows\SysWow64\Wat
2010-10-02 17:16:10   --------   d-----w-   C:\Windows\System32\Wat
2010-10-02 11:03:53   99176   ----a-w-   C:\Windows\SysWow64\PresentationHostProxy.dll
2010-10-02 11:03:53   297808   ----a-w-   C:\Windows\SysWow64\mscoree.dll
2010-10-02 11:03:53   295264   ----a-w-   C:\Windows\SysWow64\PresentationHost.exe
2010-10-02 11:03:52   49472   ----a-w-   C:\Windows\SysWow64\netfxperf.dll
2010-10-02 11:03:52   48960   ----a-w-   C:\Windows\System32\netfxperf.dll
2010-10-02 11:03:52   444752   ----a-w-   C:\Windows\System32\mscoree.dll
2010-10-02 11:03:52   320352   ----a-w-   C:\Windows\System32\PresentationHost.exe
2010-10-02 11:03:52   1942856   ----a-w-   C:\Windows\System32\dfshim.dll
2010-10-02 11:03:52   1130824   ----a-w-   C:\Windows\SysWow64\dfshim.dll
2010-10-02 11:03:52   109912   ----a-w-   C:\Windows\System32\PresentationHostProxy.dll
2010-10-02 11:03:38   294912   ----a-w-   C:\Windows\System32\browserchoice.exe
2010-10-02 10:53:04   243712   ----a-w-   C:\Windows\System32\drivers\ks.sys
2010-10-02 10:53:04   184832   ----a-w-   C:\Windows\System32\drivers\usbvideo.sys
2010-10-02 10:16:33   82944   ----a-w-   C:\Windows\SysWow64\iccvid.dll
2010-10-02 07:04:10   --------   d-----w-   C:\Program Files (x86)\Common Files\Symantec Shared
2010-10-01 16:04:52   --------   d-----w-   C:\Users\esther\AppData\Roaming\Malwarebytes
2010-10-01 16:04:37   24664   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2010-10-01 16:04:37   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-10-01 16:04:37   --------   d-----w-   C:\PROGRA~3\Malwarebytes
2010-10-01 15:58:56   --------   d-----w-   C:\Users\esther\AppData\Roaming\GlarySoft
2010-10-01 15:56:42   --------   d-----w-   C:\Program Files (x86)\Glary Utilities
2010-10-01 15:01:22   --------   d-----w-   C:\Users\esther\Tracing
2010-10-01 15:01:16   --------   d-----w-   C:\Program Files (x86)\SweetIM
2010-10-01 15:01:16   --------   d-----w-   C:\PROGRA~3\SweetIM
2010-10-01 14:51:06   --------   d-----w-   C:\Users\esther\AppData\Local\Mozilla
2010-10-01 14:30:17   --------   d-----w-   C:\Users\esther\AppData\Roaming\Packard Bell
2010-10-01 14:30:15   --------   d-----w-   C:\Users\esther\AppData\Local\Packard Bell
2010-10-01 11:46:46   --------   d-----w-   C:\Users\esther\AppData\Local\Google
2010-10-01 11:43:38   --------   d-sh--w-   C:\Users\esther\AppData\Roaming\.#
2010-10-01 11:37:19   220672   ----a-w-   C:\Windows\System32\wintrust.dll
2010-10-01 11:37:19   172032   ----a-w-   C:\Windows\SysWow64\wintrust.dll
2010-10-01 11:37:19   139264   ----a-w-   C:\Windows\System32\cabview.dll
2010-10-01 11:37:19   132608   ----a-w-   C:\Windows\SysWow64\cabview.dll
2010-10-01 11:35:09   --------   d-----w-   C:\Users\esther\AppData\Local\VirtualStore
2010-10-01 11:34:13   --------   d-----w-   C:\Program Files\PB Accessory Store

==================== Find3M  ====================

2010-10-19 09:41:44   270720   ------w-   C:\Windows\System32\MpSigStub.exe
2010-09-08 05:36:17   1192960   ----a-w-   C:\Windows\System32\wininet.dll
2010-09-08 05:34:34   57856   ----a-w-   C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04   978432   ----a-w-   C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15   44544   ----a-w-   C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38   482816   ----a-w-   C:\Windows\System32\html.iec
2010-09-08 03:35:30   1638912   ----a-w-   C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31   386048   ----a-w-   C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16   1638912   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09   12625920   ----a-w-   C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49   12625408   ----a-w-   C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34   3123712   ----a-w-   C:\Windows\System32\win32k.sys
2010-08-31 04:32:30   954752   ----a-w-   C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30   954288   ----a-w-   C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02   236032   ----a-w-   C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48   9728   ----a-w-   C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04   463360   ----a-w-   C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48   402944   ----a-w-   C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26   161792   ----a-w-   C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28   148992   ----a-w-   C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58   109056   ----a-w-   C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:38:47   1024512   ----a-w-   C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49   340992   ----a-w-   C:\Windows\System32\schannel.dll
2010-08-21 06:31:06   633856   ----a-w-   C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47   558592   ----a-w-   C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33   738816   ----a-w-   C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24   224256   ----a-w-   C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24   530432   ----a-w-   C:\Windows\SysWow64\comctl32.dll

============= FINISH: 17:15:26,59 ===============


EDIT Bis :

Code: Tout sélectionner
LLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Microsoft Windows 7 Édition Familiale Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 01/10/2010 13:33:51
System Uptime: 27/10/2010 16:15:54 (1 hours ago)

Motherboard: Packard Bell     |  | EasyNote LJ65   
Processor: Pentium(R) Dual-Core CPU       T4500  @ 2.30GHz | uPGA-478 | 2300/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 583 GiB total, 544,714 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 2 (SP2)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 7.0
Adobe Reader 9.1 MUI
Advertising Center
Alice Greenfingers
Amazonia
Assistant de connexion Windows Live
avast! Free Antivirus
Backup Manager Basic
CCleaner
Chicken Invaders 2
CyberLink PowerDVD 8
Dairy Dash
Dream Day First Home
Farm Frenzy 2
First Class Flurry
Galerie de photos Windows Live
Glary Utilities 2.28.0.1011
Google Chrome
Google Update Helper
Granny In Paradise
Heroes of Hellas
HijackThis 2.0.2
Identity Card
ImagXpress
Installation Windows Live
Java Auto Updater
Java(TM) 6 Update 18
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware
Merriam Websters Spell Jam
Metaboli
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (French) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Groove MUI (French) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (French) 2007
Microsoft Office Language Pack 2007 - French/Français
Microsoft Office O MUI (French) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint Viewer 2007 (French)
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office SharePoint Designer MUI (French) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office X MUI (French) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mise à jour Microsoft Office Excel 2007 Help  (KB963678)
Mise à jour Microsoft Office Outlook 2007 Help  (KB963677)
Mise à jour Microsoft Office Powerpoint 2007 Help  (KB963669)
Mise à jour Microsoft Office Word 2007 Help  (KB963665)
Module de compatibilité pour Microsoft Office System 2007
Mozilla Firefox (3.6.10)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Outil de téléchargement Windows Live
Packard Bell GameZone Console
Packard Bell InfoCentre
Packard Bell MyBackup
Packard Bell Power Management
Packard Bell Recovery Management
Packard Bell Registration
Packard Bell ScreenSaver
Packard Bell Updater
PhotoFiltre
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Smilebox
SweetIM for Messenger 3.2
SweetIM Toolbar for Internet Explorer 3.9
SYSTRAN Web Translator 5.0
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Video Web Camera
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live FolderShare
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Writer
Windows Movie Maker 2.6
Yahoo! Toolbar

==== End Of File ===========================




j espère que j ai tout compris j ai pas vu compl.txt?? j ai vu attach

EDIT Skynet : Messages fusionnés & balises [code] ajoutées, merci de lire les consignes en haut du sujet !
esther65
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 21
Inscription: 26 Oct 2010 20:26
 

Re: rootkit vin 32 gen

Message le 27 Oct 2010 22:19

Le RootKit RTK n'est pas visible dans tes rapports ...

Fais comme ceci maintenant :
-1/ Relance MBAM > Effectue la mise à jour du logiciel (ta version actuelle : 4862, nous sommes à la 4968 ...).
> Lance un scan rapide et poste moi le rapport généré.

-2/ Télécharge OTL sur ton Bureau.
• Fait un double-clic sur l'icône d'OTL pour le lancer. (Sous Vista > Clic droit > Exécuter en tant qu'Administrateur).
• Assure toi d'avoir fermé toutes les applications en court de fonctionnement.
• Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport Minimal" soit cochée.
• Copie et colle le contenu de cette citation dans la partie inférieure d'OTL "Personalisation" :
Code: Tout sélectionner
netsvcs
msconfig
safebootminimal
drivers32
/md5start
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
vaxscsi.sys
nvatabus.sys
SiSRaid.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

• Cliques sur l'icône "Analyse" (en haut à gauche) .
• Laisse le scan aller à son terme sans te servir du PC.
• A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
• Copie et colle le ou les rapports dans ta réponse.

Note : Tu peux les retrouver dans le dossier C:\OTL ou sur ton Bureau en fonction des cas rencontrés

-3/ Télécharge Gmer sur ton Bureau.
• Enregistre le fichier sur ton Bureau et exécute le. (Clic droit > Exécuter en tant qu'Administrateur ...)
Il se lancera automatiquement.

**! Attention !**
GMER peut produire des faux positifs. Ne prends pas d'action seul sur les "ROOTKIT entries".


• Enregistre le rapport sur ton Bureau et copie/colle le contenu ici en réponse.
marvel
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 161
Inscription: 11 Oct 2010 14:20
 

Message le 30 Oct 2010 10:08

bonjour excuse le retard je gardais les ptits enfants



Code: Tout sélectionner
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4977

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

30/10/2010 11:05:14
mbam-log-2010-10-30 (11-05-14).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 235849
Temps écoulé: 49 minute(s), 1 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)


Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


EDIT :

Code: Tout sélectionner
OTL logfile created on: 30/10/2010 11:15:37 - Run 1
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\esther\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583,06 Gb Total Space | 545,72 Gb Free Space | 93,60% Space Free | Partition Type: NTFS
 
Computer Name: ESTHER-PC | User Name: esther | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\esther\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
PRC - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\esther\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:[b]64bit:[/b] - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:[b]64bit:[/b] - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:[b]64bit:[/b] - (ePowerSvc) -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (Updater Service) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (OberonGameConsoleService) -- C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (AdobeActiveFileMonitor7.0) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:[b]64bit:[/b] - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:[b]64bit:[/b] - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:[b]64bit:[/b] - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:[b]64bit:[/b] - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:[b]64bit:[/b] - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:[b]64bit:[/b] - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:[b]64bit:[/b] - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:[b]64bit:[/b] - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:[b]64bit:[/b] - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:[b]64bit:[/b] - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:[b]64bit:[/b] - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:[b]64bit:[/b] - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (RSUSBSTOR) -- C:\Windows\System32\Drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&m=easynote_lj65&r=27361010r945l04c4z1j5f4682r635
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&m=easynote_lj65&r=27361010r945l04c4z1j5f4682r635
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&m=easynote_lj65&r=27361010r945l04c4z1j5f4682r635
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&m=easynote_lj65&r=27361010r945l04c4z1j5f4682r635
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&m=easynote_lj65&r=27361010r945l04c4z1j5f4682r635
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B4 F5 34 01 E4 11 2A 47 96 5E 13 3F 33 0E 70 C6  [binary data]
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[2010/10/28 12:47:09 | 000,000,000 | ---D | M] -- C:\Users\esther\AppData\Roaming\mozilla\Extensions
[2010/10/24 17:49:06 | 000,000,000 | ---D | M] -- C:\Users\esther\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/10/28 12:56:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SYSTRAN Web Translator 5.0 ) - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files (x86)\SYSTRAN\5.0\Personal\IEPlugIn.dll (SYSTRAN)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:[b]64bit:[/b] - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:[b]64bit:[/b] AppMgmt - Service
SafeBootMin:[b]64bit:[/b] Base - Driver Group
SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group
SafeBootMin:[b]64bit:[/b] File system - Driver Group
SafeBootMin:[b]64bit:[/b] Filter - Driver Group
SafeBootMin:[b]64bit:[/b] HelpSvc - Service
SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootMin:[b]64bit:[/b] PEVSystemStart - Service
SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group
SafeBootMin:[b]64bit:[/b] procexp90.Sys - Driver
SafeBootMin:[b]64bit:[/b] sacsvr - Service
SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] vmms - Service
SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/10/30 11:11:39 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\esther\Desktop\OTL.exe
[2010/10/28 20:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/28 20:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/10/28 19:05:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/28 19:05:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/28 13:25:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/28 13:09:03 | 000,000,000 | ---D | C] -- C:\Windows\fr
[2010/10/28 13:06:04 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2010/10/28 13:06:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/10/27 19:10:21 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\skypePM
[2010/10/27 19:08:28 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\Skype
[2010/10/27 19:08:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/10/27 16:38:52 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/10/27 16:38:51 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/10/27 16:38:51 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/10/27 16:38:51 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/10/27 16:38:51 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/10/27 16:38:51 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/10/27 16:38:51 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/10/27 16:38:38 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010/10/27 08:42:20 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/10/26 20:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/10/26 13:20:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/10/26 13:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Softonic_France
[2010/10/24 17:49:15 | 000,000,000 | ---D | C] -- C:\Users\esther\Documents\LimeWire
[2010/10/24 17:48:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2010/10/24 17:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/24 17:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/10/24 17:47:33 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2010/10/24 17:47:33 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/24 17:47:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/24 17:47:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/24 17:47:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/10/24 17:46:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LimeWire
[2010/10/21 18:40:08 | 000,028,160 | ---- | C] (WhitSoft Development) -- C:\Users\esther\Desktop\UnFREEz.exe
[2010/10/21 18:33:48 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\WinRAR
[2010/10/21 18:32:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2010/10/21 12:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/10/21 12:43:47 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/10/21 12:43:47 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/10/21 12:43:46 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/10/21 12:43:46 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/10/21 12:42:57 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Local\Windows Live
[2010/10/21 12:42:15 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010/10/21 12:42:15 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010/10/21 12:42:15 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010/10/21 12:42:15 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010/10/21 12:42:15 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010/10/21 12:42:14 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010/10/21 12:42:13 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010/10/21 10:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SYSTRAN
[2010/10/21 10:03:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2010/10/21 09:55:18 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\Template
[2010/10/20 08:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/10/20 08:50:00 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\Yahoo!
[2010/10/20 08:49:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/10/20 08:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/10/15 17:44:16 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Local\Adobe
[2010/10/14 08:18:51 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/14 08:18:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/14 08:18:49 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/14 08:18:46 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/10/14 08:18:43 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/14 08:18:41 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/14 08:18:41 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/14 08:18:39 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/14 08:18:39 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/14 08:18:33 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/14 08:18:33 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/14 08:18:32 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/14 08:18:32 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/14 08:18:32 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/14 08:18:31 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/14 08:18:31 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/14 08:18:31 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/14 08:18:31 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/14 08:18:31 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/14 08:18:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/14 08:18:31 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/14 08:18:31 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/14 08:18:31 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/14 08:18:26 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/14 08:18:25 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/14 08:18:23 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/14 08:18:23 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/14 08:18:15 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/05 19:05:19 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Local\WMTools Downloaded Files
[2010/10/05 19:03:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie Maker 2.6
[2010/10/04 09:45:41 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2010/10/04 09:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie Maker
[2010/10/04 09:39:23 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\PhotoFiltre
[2010/10/04 09:39:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoFiltre
[2010/10/03 21:08:13 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Local\Diagnostics
[2010/10/03 21:02:05 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\GameConsole
[2010/10/03 19:21:16 | 002,788,816 | ---- | C] (Adobe Systems, Inc.) -- C:\Users\esther\Desktop\install_flash_player.exe
[2010/10/03 13:37:06 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\Nero
[2010/10/02 21:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/10/02 20:56:54 | 000,000,000 | R-SD | C] -- C:\Users\esther\Documents\My Stationery
[2010/10/02 20:08:16 | 000,020,048 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/10/02 20:08:15 | 000,121,936 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/10/02 20:08:13 | 000,028,752 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/10/02 20:08:11 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/10/02 20:08:07 | 000,061,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/10/02 20:06:57 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/10/02 20:06:57 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/10/02 20:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/10/02 20:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/10/02 19:16:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/10/02 19:16:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/10/02 13:03:53 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/10/02 13:03:53 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/10/02 13:03:52 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/10/02 13:03:52 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/10/02 13:03:52 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/10/02 13:03:52 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/10/02 13:03:52 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/10/02 13:03:52 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/10/02 13:03:38 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010/10/02 12:18:34 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010/10/02 12:18:30 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/10/02 12:18:24 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010/10/02 12:18:23 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010/10/02 12:18:15 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/10/02 12:18:14 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/10/02 12:18:14 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/10/02 12:18:14 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/10/02 12:18:13 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/10/02 12:18:13 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/10/02 12:18:13 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/10/02 12:18:13 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/10/02 12:18:13 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/10/02 12:18:13 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/10/02 12:18:13 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/10/02 12:18:13 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/10/02 12:18:13 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/10/02 12:18:13 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/10/02 12:18:12 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/10/02 12:18:12 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/10/02 12:17:39 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/10/02 12:17:39 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/10/02 12:17:38 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/10/02 12:17:27 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010/10/02 12:17:24 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/10/02 12:17:24 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/10/02 12:17:23 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010/10/02 12:17:22 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010/10/02 12:17:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010/10/02 12:17:22 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010/10/02 12:17:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010/10/02 12:17:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010/10/02 12:17:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010/10/02 12:17:19 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/10/02 12:17:19 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/10/02 12:16:33 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/10/02 12:16:26 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010/10/02 12:16:18 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010/10/02 12:16:17 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/10/02 12:16:13 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010/10/02 12:16:12 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/10/02 12:16:12 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/10/02 12:16:12 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/10/02 12:16:02 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/10/02 12:15:57 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/10/02 12:15:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/10/02 12:15:45 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010/10/02 12:15:28 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/10/02 12:15:28 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/10/02 12:15:28 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010/10/02 12:15:28 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/10/02 12:15:28 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/10/02 12:15:28 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/10/02 09:04:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010/10/01 18:04:52 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\Malwarebytes
[2010/10/01 18:04:37 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/01 18:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/01 17:58:56 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\GlarySoft
[2010/10/01 17:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2010/10/01 17:10:15 | 000,000,000 | ---D | C] -- C:\Users\esther\Desktop\setup installation
[2010/10/01 17:01:22 | 000,000,000 | ---D | C] -- C:\Users\esther\Tracing
[2010/10/01 17:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2010/10/01 17:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM
[2010/10/01 16:51:06 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\Mozilla
[2010/10/01 16:51:06 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Local\Mozilla
[2010/10/01 16:50:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/10/01 16:30:17 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\Packard Bell
[2010/10/01 16:30:15 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Local\Packard Bell
[2010/10/01 13:46:46 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\Google
[2010/10/01 13:46:46 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Local\Google
[2010/10/01 13:44:59 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\Adobe
[2010/10/01 13:43:38 | 000,000,000 | -HSD | C] -- C:\Users\esther\AppData\Roaming\.#
[2010/10/01 13:37:19 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/10/01 13:37:19 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/10/01 13:37:19 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/10/01 13:37:19 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/10/01 13:35:46 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\Macromedia
[2010/10/01 13:35:23 | 000,000,000 | R--D | C] -- C:\Users\esther\Searches
[2010/10/01 13:35:13 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\Identities
[2010/10/01 13:35:11 | 000,000,000 | R--D | C] -- C:\Users\esther\Contacts
[2010/10/01 13:35:09 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Local\VirtualStore
[2010/10/01 13:34:48 | 000,000,000 | -H-D | C] -- C:\Users\esther\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/10/01 13:34:13 | 000,000,000 | ---D | C] -- C:\Program Files\PB Accessory Store
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\Voisinage réseau
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\Voisinage d'impression
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\AppData\Local\Temporary Internet Files
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\SendTo
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\Recent
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\Modèles
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\Documents\Mes vidéos
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\Documents\Mes images
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\Mes documents
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\Menu Démarrer
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\Documents\Ma musique
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\Local Settings
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\AppData\Local\Historique
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\Cookies
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\Application Data
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\AppData\Local\Application Data
[2010/10/01 13:33:58 | 000,000,000 | --SD | C] -- C:\Users\esther\AppData\Roaming\Microsoft
[2010/10/01 13:33:58 | 000,000,000 | R--D | C] -- C:\Users\esther\Videos
[2010/10/01 13:33:58 | 000,000,000 | R--D | C] -- C:\Users\esther\Saved Games
[2010/10/01 13:33:58 | 000,000,000 | R--D | C] -- C:\Users\esther\Pictures
[2010/10/01 13:33:58 | 000,000,000 | R--D | C] -- C:\Users\esther\Music
[2010/10/01 13:33:58 | 000,000,000 | R--D | C] -- C:\Users\esther\Links
[2010/10/01 13:33:58 | 000,000,000 | R--D | C] -- C:\Users\esther\Favorites
[2010/10/01 13:33:58 | 000,000,000 | R--D | C] -- C:\Users\esther\Downloads
[2010/10/01 13:33:58 | 000,000,000 | R--D | C] -- C:\Users\esther\Documents
[2010/10/01 13:33:58 | 000,000,000 | R--D | C] -- C:\Users\esther\Desktop
[2010/10/01 13:33:58 | 000,000,000 | -H-D | C] -- C:\Users\esther\AppData
[2010/10/01 13:33:58 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Local\Temp
[2010/10/01 13:33:58 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Local\Microsoft
[2010/10/01 13:33:58 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\Media Center Programs
[2010/10/01 13:33:48 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/10/01 13:33:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Modèles
[2010/10/01 13:33:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mes vidéos
[2010/10/01 13:33:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mes images
[2010/10/01 13:33:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Démarrer
[2010/10/01 13:33:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Ma musique
[2010/10/01 13:33:48 | 000,000,000 | -HSD | C] -- C:\Program Files\Fichiers communs
[2010/10/01 13:33:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoris
[2010/10/01 13:33:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Bureau
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/10/30 11:18:01 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/30 11:11:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\esther\Desktop\OTL.exe
[2010/10/30 10:21:33 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/30 10:21:33 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/30 10:14:13 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/30 10:14:07 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/10/30 10:13:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/30 10:13:43 | 3166,158,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/29 20:43:27 | 000,003,334 | ---- | M] () -- C:\Users\esther\Documents\cc_20101029_204311.reg
[2010/10/28 22:15:18 | 000,006,530 | ---- | M] () -- C:\Windows\wininit.ini
[2010/10/28 19:05:29 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/27 19:10:23 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/10/26 21:01:01 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2010/10/24 21:01:08 | 000,000,031 | ---- | M] () -- C:\Windows\SysWow64\510468748
[2010/10/24 17:47:29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2010/10/24 17:47:29 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/24 17:47:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/24 17:47:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/21 20:55:18 | 000,009,216 | ---- | M] () -- C:\Users\esther\Desktop\capture d ecran.wps
[2010/10/21 20:55:18 | 000,000,102 | ---- | M] () -- C:\Users\esther\AppData\Roaming\wklnhst.dat
[2010/10/21 12:29:07 | 000,352,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/21 10:25:50 | 001,549,700 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/21 10:25:50 | 000,704,480 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2010/10/21 10:25:50 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/21 10:25:50 | 000,130,754 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2010/10/21 10:25:50 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/21 10:25:14 | 000,000,434 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010/10/21 10:25:14 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2010/10/21 10:24:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/10/20 08:49:57 | 000,001,019 | ---- | M] () -- C:\Users\esther\Desktop\CCleaner.lnk
[2010/10/12 11:50:16 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat
[2010/10/11 20:01:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/10/05 19:06:12 | 000,002,507 | ---- | M] () -- C:\Users\esther\Desktop\Windows Movie Maker 2.6.lnk
[2010/10/04 09:39:18 | 000,001,055 | ---- | M] () -- C:\Users\esther\Desktop\PhotoFiltre.lnk
[2010/10/03 19:21:23 | 002,788,816 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\esther\Desktop\install_flash_player.exe
[2010/10/02 21:12:14 | 000,001,183 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2010/10/02 20:08:17 | 000,001,864 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/10/02 20:08:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/10/01 19:24:45 | 000,053,560 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/10/01 19:24:45 | 000,053,560 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/10/01 17:56:45 | 000,001,000 | ---- | M] () -- C:\Users\esther\Desktop\Glary Utilities.lnk
[2010/10/01 16:51:10 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/10/01 13:46:39 | 000,001,465 | ---- | M] () -- C:\Users\esther\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/01 13:34:13 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\PB Boutique Accessoire.lnk
[2010/10/01 13:34:10 | 000,002,080 | ---- | M] () -- C:\Users\esther\Desktop\Metaboli - Téléchargement de jeux vidéos.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/10/29 20:43:17 | 000,003,334 | ---- | C] () -- C:\Users\esther\Documents\cc_20101029_204311.reg
[2010/10/28 19:05:29 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/27 19:10:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/26 21:01:00 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/10/24 21:05:31 | 000,012,828 | ---- | C] () -- C:\Users\esther\Documents\AEZT.jpg
[2010/10/24 20:57:36 | 000,000,031 | ---- | C] () -- C:\Windows\SysWow64\510468748
[2010/10/21 20:55:18 | 000,009,216 | ---- | C] () -- C:\Users\esther\Desktop\capture d ecran.wps
[2010/10/21 10:25:14 | 000,000,434 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/10/21 10:25:14 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/10/21 10:24:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/10/21 09:55:07 | 000,000,102 | ---- | C] () -- C:\Users\esther\AppData\Roaming\wklnhst.dat
[2010/10/20 08:49:57 | 000,001,019 | ---- | C] () -- C:\Users\esther\Desktop\CCleaner.lnk
[2010/10/17 18:18:46 | 000,006,530 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/12 11:50:16 | 000,003,304 | ---- | C] () -- C:\bootsqm.dat
[2010/10/11 20:01:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/10/05 19:06:12 | 000,002,507 | ---- | C] () -- C:\Users\esther\Desktop\Windows Movie Maker 2.6.lnk
[2010/10/04 09:39:18 | 000,001,055 | ---- | C] () -- C:\Users\esther\Desktop\PhotoFiltre.lnk
[2010/10/02 21:12:14 | 000,001,183 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2010/10/02 20:08:17 | 000,001,864 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/10/02 20:08:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/10/01 17:56:47 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/10/01 17:56:45 | 000,001,000 | ---- | C] () -- C:\Users\esther\Desktop\Glary Utilities.lnk
[2010/10/01 16:51:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/01 13:55:52 | 000,001,068 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/01 13:55:51 | 000,001,064 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/01 13:46:39 | 000,001,465 | ---- | C] () -- C:\Users\esther\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/01 13:34:13 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\PB Boutique Accessoire.lnk
[2010/10/01 13:34:10 | 000,002,080 | ---- | C] () -- C:\Users\esther\Desktop\Metaboli - Téléchargement de jeux vidéos.lnk
[2010/10/01 13:33:59 | 000,000,290 | ---- | C] () -- C:\Users\esther\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/10/01 13:33:59 | 000,000,272 | ---- | C] () -- C:\Users\esther\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2009/10/24 00:55:39 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/10/24 00:55:19 | 000,776,614 | ---- | C] () -- C:\Program Files (x86)\Common Files\packardbell.ico
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2010/10/24 17:47:29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.)[b] Unable to obtain MD5[/b] -- C:\Windows\SysWOW64\deploytk.dll
[2009/07/14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\SysWOW64\dxtmsft.dll
[2009/07/14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\SysWOW64\dxtrans.dll
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

< End of report >


EDIT Bis :

Code: Tout sélectionner
OTL logfile created on: 30/10/2010 11:15:37 - Run 1
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\esther\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583,06 Gb Total Space | 545,72 Gb Free Space | 93,60% Space Free | Partition Type: NTFS
 
Computer Name: ESTHER-PC | User Name: esther | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\esther\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
PRC - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\esther\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:[b]64bit:[/b] - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:[b]64bit:[/b] - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:[b]64bit:[/b] - (ePowerSvc) -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (Updater Service) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (OberonGameConsoleService) -- C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (AdobeActiveFileMonitor7.0) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:[b]64bit:[/b] - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:[b]64bit:[/b] - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:[b]64bit:[/b] - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:[b]64bit:[/b] - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:[b]64bit:[/b] - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:[b]64bit:[/b] - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:[b]64bit:[/b] - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:[b]64bit:[/b] - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:[b]64bit:[/b] - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:[b]64bit:[/b] - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:[b]64bit:[/b] - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:[b]64bit:[/b] - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (RSUSBSTOR) -- C:\Windows\System32\Drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&m=easynote_lj65&r=27361010r945l04c4z1j5f4682r635
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&m=easynote_lj65&r=27361010r945l04c4z1j5f4682r635
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&m=easynote_lj65&r=27361010r945l04c4z1j5f4682r635
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&m=easynote_lj65&r=27361010r945l04c4z1j5f4682r635
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&m=easynote_lj65&r=27361010r945l04c4z1j5f4682r635
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B4 F5 34 01 E4 11 2A 47 96 5E 13 3F 33 0E 70 C6  [binary data]
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[2010/10/28 12:47:09 | 000,000,000 | ---D | M] -- C:\Users\esther\AppData\Roaming\mozilla\Extensions
[2010/10/24 17:49:06 | 000,000,000 | ---D | M] -- C:\Users\esther\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/10/28 12:56:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SYSTRAN Web Translator 5.0 ) - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files (x86)\SYSTRAN\5.0\Personal\IEPlugIn.dll (SYSTRAN)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:[b]64bit:[/b] - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:[b]64bit:[/b] AppMgmt - Service
SafeBootMin:[b]64bit:[/b] Base - Driver Group
SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group
SafeBootMin:[b]64bit:[/b] File system - Driver Group
SafeBootMin:[b]64bit:[/b] Filter - Driver Group
SafeBootMin:[b]64bit:[/b] HelpSvc - Service
SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootMin:[b]64bit:[/b] PEVSystemStart - Service
SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group
SafeBootMin:[b]64bit:[/b] procexp90.Sys - Driver
SafeBootMin:[b]64bit:[/b] sacsvr - Service
SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] vmms - Service
SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/10/30 11:11:39 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\esther\Desktop\OTL.exe
[2010/10/28 20:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/28 20:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/10/28 19:05:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/28 19:05:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/28 13:25:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/28 13:09:03 | 000,000,000 | ---D | C] -- C:\Windows\fr
[2010/10/28 13:06:04 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2010/10/28 13:06:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/10/27 19:10:21 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\skypePM
[2010/10/27 19:08:28 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\Skype
[2010/10/27 19:08:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/10/27 16:38:52 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/10/27 16:38:51 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/10/27 16:38:51 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/10/27 16:38:51 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/10/27 16:38:51 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/10/27 16:38:51 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/10/27 16:38:51 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/10/27 16:38:38 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010/10/27 08:42:20 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/10/26 20:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/10/26 13:20:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/10/26 13:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Softonic_France
[2010/10/24 17:49:15 | 000,000,000 | ---D | C] -- C:\Users\esther\Documents\LimeWire
[2010/10/24 17:48:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2010/10/24 17:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/24 17:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/10/24 17:47:33 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2010/10/24 17:47:33 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/24 17:47:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/24 17:47:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/24 17:47:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/10/24 17:46:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LimeWire
[2010/10/21 18:40:08 | 000,028,160 | ---- | C] (WhitSoft Development) -- C:\Users\esther\Desktop\UnFREEz.exe
[2010/10/21 18:33:48 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\WinRAR
[2010/10/21 18:32:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2010/10/21 12:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/10/21 12:43:47 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/10/21 12:43:47 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/10/21 12:43:46 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/10/21 12:43:46 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/10/21 12:42:57 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Local\Windows Live
[2010/10/21 12:42:15 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010/10/21 12:42:15 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010/10/21 12:42:15 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010/10/21 12:42:15 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010/10/21 12:42:15 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010/10/21 12:42:14 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010/10/21 12:42:13 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010/10/21 10:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SYSTRAN
[2010/10/21 10:03:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2010/10/21 09:55:18 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\Template
[2010/10/20 08:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/10/20 08:50:00 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\Yahoo!
[2010/10/20 08:49:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/10/20 08:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/10/15 17:44:16 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Local\Adobe
[2010/10/14 08:18:51 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/14 08:18:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/14 08:18:49 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/14 08:18:46 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/10/14 08:18:43 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/14 08:18:41 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/14 08:18:41 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/14 08:18:39 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/14 08:18:39 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/14 08:18:33 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/14 08:18:33 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/14 08:18:32 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/14 08:18:32 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/14 08:18:32 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/14 08:18:31 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/14 08:18:31 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/14 08:18:31 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/14 08:18:31 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/14 08:18:31 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/14 08:18:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/14 08:18:31 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/14 08:18:31 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/14 08:18:31 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/14 08:18:26 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/14 08:18:25 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/14 08:18:23 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/14 08:18:23 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/14 08:18:15 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/05 19:05:19 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Local\WMTools Downloaded Files
[2010/10/05 19:03:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie Maker 2.6
[2010/10/04 09:45:41 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2010/10/04 09:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie Maker
[2010/10/04 09:39:23 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\PhotoFiltre
[2010/10/04 09:39:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoFiltre
[2010/10/03 21:08:13 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Local\Diagnostics
[2010/10/03 21:02:05 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\GameConsole
[2010/10/03 19:21:16 | 002,788,816 | ---- | C] (Adobe Systems, Inc.) -- C:\Users\esther\Desktop\install_flash_player.exe
[2010/10/03 13:37:06 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\Nero
[2010/10/02 21:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/10/02 20:56:54 | 000,000,000 | R-SD | C] -- C:\Users\esther\Documents\My Stationery
[2010/10/02 20:08:16 | 000,020,048 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/10/02 20:08:15 | 000,121,936 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/10/02 20:08:13 | 000,028,752 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/10/02 20:08:11 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/10/02 20:08:07 | 000,061,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/10/02 20:06:57 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/10/02 20:06:57 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/10/02 20:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/10/02 20:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/10/02 19:16:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/10/02 19:16:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/10/02 13:03:53 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/10/02 13:03:53 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/10/02 13:03:52 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/10/02 13:03:52 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/10/02 13:03:52 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/10/02 13:03:52 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/10/02 13:03:52 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/10/02 13:03:52 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/10/02 13:03:38 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010/10/02 12:18:34 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010/10/02 12:18:30 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/10/02 12:18:24 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010/10/02 12:18:23 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010/10/02 12:18:15 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/10/02 12:18:14 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/10/02 12:18:14 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/10/02 12:18:14 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/10/02 12:18:13 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/10/02 12:18:13 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/10/02 12:18:13 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/10/02 12:18:13 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/10/02 12:18:13 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/10/02 12:18:13 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/10/02 12:18:13 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/10/02 12:18:13 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/10/02 12:18:13 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/10/02 12:18:13 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/10/02 12:18:12 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/10/02 12:18:12 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/10/02 12:17:39 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/10/02 12:17:39 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/10/02 12:17:38 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/10/02 12:17:27 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010/10/02 12:17:24 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/10/02 12:17:24 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/10/02 12:17:23 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010/10/02 12:17:22 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010/10/02 12:17:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010/10/02 12:17:22 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010/10/02 12:17:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010/10/02 12:17:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010/10/02 12:17:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010/10/02 12:17:19 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/10/02 12:17:19 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/10/02 12:16:33 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/10/02 12:16:26 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010/10/02 12:16:18 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010/10/02 12:16:17 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/10/02 12:16:13 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010/10/02 12:16:12 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/10/02 12:16:12 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/10/02 12:16:12 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/10/02 12:16:02 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/10/02 12:15:57 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/10/02 12:15:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/10/02 12:15:45 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010/10/02 12:15:28 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/10/02 12:15:28 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/10/02 12:15:28 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010/10/02 12:15:28 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/10/02 12:15:28 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/10/02 12:15:28 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/10/02 09:04:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010/10/01 18:04:52 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\Malwarebytes
[2010/10/01 18:04:37 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/01 18:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/01 17:58:56 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\GlarySoft
[2010/10/01 17:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2010/10/01 17:10:15 | 000,000,000 | ---D | C] -- C:\Users\esther\Desktop\setup installation
[2010/10/01 17:01:22 | 000,000,000 | ---D | C] -- C:\Users\esther\Tracing
[2010/10/01 17:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2010/10/01 17:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM
[2010/10/01 16:51:06 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\Mozilla
[2010/10/01 16:51:06 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Local\Mozilla
[2010/10/01 16:50:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/10/01 16:30:17 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\Packard Bell
[2010/10/01 16:30:15 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Local\Packard Bell
[2010/10/01 13:46:46 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\Google
[2010/10/01 13:46:46 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Local\Google
[2010/10/01 13:44:59 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\Adobe
[2010/10/01 13:43:38 | 000,000,000 | -HSD | C] -- C:\Users\esther\AppData\Roaming\.#
[2010/10/01 13:37:19 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/10/01 13:37:19 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/10/01 13:37:19 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/10/01 13:37:19 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/10/01 13:35:46 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\Macromedia
[2010/10/01 13:35:23 | 000,000,000 | R--D | C] -- C:\Users\esther\Searches
[2010/10/01 13:35:13 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\Identities
[2010/10/01 13:35:11 | 000,000,000 | R--D | C] -- C:\Users\esther\Contacts
[2010/10/01 13:35:09 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Local\VirtualStore
[2010/10/01 13:34:48 | 000,000,000 | -H-D | C] -- C:\Users\esther\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/10/01 13:34:13 | 000,000,000 | ---D | C] -- C:\Program Files\PB Accessory Store
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\Voisinage réseau
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\Voisinage d'impression
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\AppData\Local\Temporary Internet Files
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\SendTo
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\Recent
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\Modèles
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\Documents\Mes vidéos
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\Documents\Mes images
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\Mes documents
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\Menu Démarrer
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\Documents\Ma musique
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\Local Settings
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\AppData\Local\Historique
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\Cookies
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\Application Data
[2010/10/01 13:33:59 | 000,000,000 | -HSD | C] -- C:\Users\esther\AppData\Local\Application Data
[2010/10/01 13:33:58 | 000,000,000 | --SD | C] -- C:\Users\esther\AppData\Roaming\Microsoft
[2010/10/01 13:33:58 | 000,000,000 | R--D | C] -- C:\Users\esther\Videos
[2010/10/01 13:33:58 | 000,000,000 | R--D | C] -- C:\Users\esther\Saved Games
[2010/10/01 13:33:58 | 000,000,000 | R--D | C] -- C:\Users\esther\Pictures
[2010/10/01 13:33:58 | 000,000,000 | R--D | C] -- C:\Users\esther\Music
[2010/10/01 13:33:58 | 000,000,000 | R--D | C] -- C:\Users\esther\Links
[2010/10/01 13:33:58 | 000,000,000 | R--D | C] -- C:\Users\esther\Favorites
[2010/10/01 13:33:58 | 000,000,000 | R--D | C] -- C:\Users\esther\Downloads
[2010/10/01 13:33:58 | 000,000,000 | R--D | C] -- C:\Users\esther\Documents
[2010/10/01 13:33:58 | 000,000,000 | R--D | C] -- C:\Users\esther\Desktop
[2010/10/01 13:33:58 | 000,000,000 | -H-D | C] -- C:\Users\esther\AppData
[2010/10/01 13:33:58 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Local\Temp
[2010/10/01 13:33:58 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Local\Microsoft
[2010/10/01 13:33:58 | 000,000,000 | ---D | C] -- C:\Users\esther\AppData\Roaming\Media Center Programs
[2010/10/01 13:33:48 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/10/01 13:33:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Modèles
[2010/10/01 13:33:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mes vidéos
[2010/10/01 13:33:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mes images
[2010/10/01 13:33:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Démarrer
[2010/10/01 13:33:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Ma musique
[2010/10/01 13:33:48 | 000,000,000 | -HSD | C] -- C:\Program Files\Fichiers communs
[2010/10/01 13:33:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoris
[2010/10/01 13:33:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Bureau
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/10/30 11:18:01 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/30 11:11:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\esther\Desktop\OTL.exe
[2010/10/30 10:21:33 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/30 10:21:33 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/30 10:14:13 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/30 10:14:07 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/10/30 10:13:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/30 10:13:43 | 3166,158,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/29 20:43:27 | 000,003,334 | ---- | M] () -- C:\Users\esther\Documents\cc_20101029_204311.reg
[2010/10/28 22:15:18 | 000,006,530 | ---- | M] () -- C:\Windows\wininit.ini
[2010/10/28 19:05:29 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/27 19:10:23 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/10/26 21:01:01 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2010/10/24 21:01:08 | 000,000,031 | ---- | M] () -- C:\Windows\SysWow64\510468748
[2010/10/24 17:47:29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2010/10/24 17:47:29 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/24 17:47:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/24 17:47:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/21 20:55:18 | 000,009,216 | ---- | M] () -- C:\Users\esther\Desktop\capture d ecran.wps
[2010/10/21 20:55:18 | 000,000,102 | ---- | M] () -- C:\Users\esther\AppData\Roaming\wklnhst.dat
[2010/10/21 12:29:07 | 000,352,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/21 10:25:50 | 001,549,700 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/21 10:25:50 | 000,704,480 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2010/10/21 10:25:50 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/21 10:25:50 | 000,130,754 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2010/10/21 10:25:50 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/21 10:25:14 | 000,000,434 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010/10/21 10:25:14 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2010/10/21 10:24:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/10/20 08:49:57 | 000,001,019 | ---- | M] () -- C:\Users\esther\Desktop\CCleaner.lnk
[2010/10/12 11:50:16 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat
[2010/10/11 20:01:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/10/05 19:06:12 | 000,002,507 | ---- | M] () -- C:\Users\esther\Desktop\Windows Movie Maker 2.6.lnk
[2010/10/04 09:39:18 | 000,001,055 | ---- | M] () -- C:\Users\esther\Desktop\PhotoFiltre.lnk
[2010/10/03 19:21:23 | 002,788,816 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\esther\Desktop\install_flash_player.exe
[2010/10/02 21:12:14 | 000,001,183 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2010/10/02 20:08:17 | 000,001,864 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/10/02 20:08:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/10/01 19:24:45 | 000,053,560 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/10/01 19:24:45 | 000,053,560 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/10/01 17:56:45 | 000,001,000 | ---- | M] () -- C:\Users\esther\Desktop\Glary Utilities.lnk
[2010/10/01 16:51:10 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/10/01 13:46:39 | 000,001,465 | ---- | M] () -- C:\Users\esther\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/01 13:34:13 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\PB Boutique Accessoire.lnk
[2010/10/01 13:34:10 | 000,002,080 | ---- | M] () -- C:\Users\esther\Desktop\Metaboli - Téléchargement de jeux vidéos.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/10/29 20:43:17 | 000,003,334 | ---- | C] () -- C:\Users\esther\Documents\cc_20101029_204311.reg
[2010/10/28 19:05:29 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/27 19:10:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/26 21:01:00 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/10/24 21:05:31 | 000,012,828 | ---- | C] () -- C:\Users\esther\Documents\AEZT.jpg
[2010/10/24 20:57:36 | 000,000,031 | ---- | C] () -- C:\Windows\SysWow64\510468748
[2010/10/21 20:55:18 | 000,009,216 | ---- | C] () -- C:\Users\esther\Desktop\capture d ecran.wps
[2010/10/21 10:25:14 | 000,000,434 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/10/21 10:25:14 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/10/21 10:24:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/10/21 09:55:07 | 000,000,102 | ---- | C] () -- C:\Users\esther\AppData\Roaming\wklnhst.dat
[2010/10/20 08:49:57 | 000,001,019 | ---- | C] () -- C:\Users\esther\Desktop\CCleaner.lnk
[2010/10/17 18:18:46 | 000,006,530 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/12 11:50:16 | 000,003,304 | ---- | C] () -- C:\bootsqm.dat
[2010/10/11 20:01:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/10/05 19:06:12 | 000,002,507 | ---- | C] () -- C:\Users\esther\Desktop\Windows Movie Maker 2.6.lnk
[2010/10/04 09:39:18 | 000,001,055 | ---- | C] () -- C:\Users\esther\Desktop\PhotoFiltre.lnk
[2010/10/02 21:12:14 | 000,001,183 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2010/10/02 20:08:17 | 000,001,864 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/10/02 20:08:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/10/01 17:56:47 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/10/01 17:56:45 | 000,001,000 | ---- | C] () -- C:\Users\esther\Desktop\Glary Utilities.lnk
[2010/10/01 16:51:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/01 13:55:52 | 000,001,068 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/01 13:55:51 | 000,001,064 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/01 13:46:39 | 000,001,465 | ---- | C] () -- C:\Users\esther\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/01 13:34:13 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\PB Boutique Accessoire.lnk
[2010/10/01 13:34:10 | 000,002,080 | ---- | C] () -- C:\Users\esther\Desktop\Metaboli - Téléchargement de jeux vidéos.lnk
[2010/10/01 13:33:59 | 000,000,290 | ---- | C] () -- C:\Users\esther\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/10/01 13:33:59 | 000,000,272 | ---- | C] () -- C:\Users\esther\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2009/10/24 00:55:39 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/10/24 00:55:19 | 000,776,614 | ---- | C] () -- C:\Program Files (x86)\Common Files\packardbell.ico
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2010/10/24 17:47:29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.)[b] Unable to obtain MD5[/b] -- C:\Windows\SysWOW64\deploytk.dll
[2009/07/14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\SysWOW64\dxtmsft.dll
[2009/07/14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\SysWOW64\dxtrans.dll
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

< End of report >


EDIT Ter :

pour l analyse GMER rien n est ressortie aucun resultat, j ai meme appuyer sur scan pour voir sa a analysé, mais rien est ressortie

bon j ai fais un scan avec avast y avais un autre virus que j ai supprimé du coup le carré rouge s est arreté j ai supprimé tous les quarantaine et j ai plus rien????? mais bon j espère qu il est partie, j ai juste un message à l ouverture de mon pc, je vais le mettre après car il faut que je ferme et rallume, peut etre ai je fais une fausse manoeuvre à force de nettoyer avant ton intervention???

EDIT Skynet : Messages fusionnés.
esther65
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 21
Inscription: 26 Oct 2010 20:26
 

Re: rootkit vin 32 gen

Message le 06 Nov 2010 11:05

bon je vois aucune reponse depuis mon dernier passage, je sais pas comment on fait pour dire que le problème est resolue merci
esther65
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 21
Inscription: 26 Oct 2010 20:26
 

Re: rootkit vin 32 gen

Message le 06 Nov 2010 11:21

Salut esther65
Désolé je n'avais pas vu ton dernier post en date du 30/10.

Je regarde le rapport de OTL et je repasse dans l'après midi.
marvel
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 161
Inscription: 11 Oct 2010 14:20
 

Re: rootkit vin 32 gen

Message le 06 Nov 2010 16:31

Ferme toutes les fenêtres actives sur ton PC.
Relance OTL > Clic droit dessus > "Exécuter en tant qu'Administrateur".
Dans l'interface d'OTL, vérifie que la case "Rapport minimal" soit bien cochée.
Copie (TOUT SELECTIONNER) et colle le contenue de cette citation dans la fenêtre "Personnalisation"
Code: Tout sélectionner
:files
C:\Program Files\SweetIM

:OTL
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
[2010/10/02 13:03:38 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010/10/26 13:20:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/10/01 17:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2010/10/01 17:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM
[2010/10/24 17:48:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com

:Commands
[emptytemp]
[emptyflash]
[resethosts]
[reboot]


Clique sur le bouton Correction.
Ne touche plus au PC avant son redémarrage.
A l'ouverture du PC un rapport va s'ouvrir --> OTL.txt ... Si ce n'est le cas tu le retrouveras sous le même nom sur le Bureau ou alors dans son dossier --> C:\OTL
Copie et colle ici en réponse le contenu de ce rapport.
marvel
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 161
Inscription: 11 Oct 2010 14:20
 

Re: rootkit vin 32 gen

Message le 07 Nov 2010 17:39

bonjour voila j ai fait le rapport


Code: Tout sélectionner
 All processes killed
========== FILES ==========
File\Folder C:\Program Files\SweetIM not found.
========== OTL ==========
No active process named Program Files was found!
No active process named Program Files was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully.
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe moved successfully.
C:\Windows\SysNative\browserchoice.exe moved successfully.
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
C:\ProgramData\SweetIM folder moved successfully.
C:\Program Files (x86)\SweetIM\Messenger\resources\images folder moved successfully.
C:\Program Files (x86)\SweetIM\Messenger\resources folder moved successfully.
C:\Program Files (x86)\SweetIM\Messenger folder moved successfully.
C:\Program Files (x86)\SweetIM folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: esther
->Temp folder emptied: 4411142 bytes
->Temporary Internet Files folder emptied: 64941398 bytes
->Java cache emptied: 2023 bytes
->Flash cache emptied: 81877 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82046 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 1964125 bytes
 
Total Files Cleaned = 68,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: esther
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.17.3 log created on 11072010_173312

Files\Folders moved on Reboot...
C:\Users\esther\AppData\Local\Temp\Low\~DFDA6CDA1A68ADB87D.TMP moved successfully.
C:\Users\esther\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\esther\AppData\Local\Temp\~DF490DC4AC2941268E.TMP not found!
File\Folder C:\Users\esther\AppData\Local\Temp\~DFBA934EC45FD120DF.TMP not found!
File\Folder C:\Users\esther\AppData\Local\Temp\~DFC0D0520C2453001D.TMP not found!
File\Folder C:\Users\esther\AppData\Local\Temp\~DFD5500B40A0D356DC.TMP not found!
C:\Users\esther\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\931KM3CM\iframescript[1].htm moved successfully.
C:\Users\esther\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7T6Q97RO\iframes_api_loader[1].html moved successfully.
C:\Users\esther\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7T6Q97RO\viewtopic[1].php moved successfully.
C:\Users\esther\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4LIVRLQ4\adsCALVQDHW.txt moved successfully.
C:\Users\esther\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4LIVRLQ4\adsCAPHJOZP.txt moved successfully.
C:\Users\esther\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\esther\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
esther65
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 21
Inscription: 26 Oct 2010 20:26
 

Re: rootkit vin 32 gen

Message le 07 Nov 2010 17:57

OK!

Je consulte le rapport et je repasse :wink:
marvel
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 161
Inscription: 11 Oct 2010 14:20
 

Re: rootkit vin 32 gen

Message le 07 Nov 2010 18:26

je repasserais demain je pars au boulot et merci, :wink:
esther65
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 21
Inscription: 26 Oct 2010 20:26
 

Re: rootkit vin 32 gen

Message le 07 Nov 2010 21:07

Tu travailles de nuit ... Cela doit être sérieux :o

Fait ceci maintenant:

- Relance OTL et clique sur le bouton --> Purge Outil
(Ton PC va redémarrer pour confirmer la désinstallation des outils de nettoyage).

***

Ensuite fais ceci :

• Télécharge TFC de OldTimer sur ton Bureau et pas ailleurs.
• Lance TFC.exe ...
XP --> Double-clics
Vista & Seven --> Clic droit > Exécuter en tant qu'Administrateur
... et sélectionne le bouton Start

* Ne touche à rien et voici ce qu'il va se passer:
TFC va d'abord fermer Explorer(le Bureau) et tout les processus logiciels chargés, incluant : antivirus et autre protections. Après avoir compléter son nettoyage, TFC va relancer Explorer et peut proposer-ou-non un redémarrage de l'ordi. pour compléter le nettoyage. Quoi qu'il en soit, avec toute les protections de désactivées ...
--> Redémarre ton PC !

Confirme moi la bonne réalisation de ces étapes afin que nous passions sur un Résolu et fermions ce topic.
marvel
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 161
Inscription: 11 Oct 2010 14:20
 

Re: rootkit vin 32 gen

Message le 08 Nov 2010 11:48

ben voilà j ai tout finie ce que tu m a demandé, j espère que sa va aller apparemment j ai plus de cheval de troie, merci encore

oui je garde une mamie la nuit 90 ans qui vient de faire un AVC,

merci beaucoup :lol:
esther65
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 21
Inscription: 26 Oct 2010 20:26
 

Suivante


Sujets similaires

Message [Résolu] infection probable
Bonjour à tousalors voila, je pense être infecter par virus et ou malware, ou quelqu'un, depuis un bon moment j'ai des bannières qui viennent ce glisser et entrer sur mon écran à droite, elles apparaissent par 3 l'une sur l'autre, je peut les fermer, mais elles reviennent,principalement ca concerne ...
Réponses: 22

Message [résolu] Appels indésirables
Bonsoir? J'ai besoin d'aide, je n'en peux plus, mon portable est sur liste rouge, j'ai plusieurs appels par jour, d'un cabinet de santé, "santénéa", ils demandent à parler à ma femme, qui est décédée en octobre 2022, je ne comprends pas le lien entre mon numéro de portable et ma femme. ? J ...
Réponses: 27

Message [Résolu] Récupération du dual boot
Bonjour,Pourriez-vous m'aider à remettre le dual boot" sur un pc portable HP modèle G7 1235 SF" qui a Windows 10 et Ubuntu 24.04 que j'ai installé dans " l'espace libre" du disque dur mais au démarrage c'est Ubuntu qui est démarre directement, comment faire ?J'aurai voulu garder ...
Réponses: 13

Message [résolu] Inscris à l'insu de mon plein gré
Bonjour J'ai un souci, qui m'énerve vraiment, ma fille m'a réglé une smart TV, pour que le Chromecast intégré fonctionne elle m'a créé un compte sur google. Presque sur chaque site, j'ai ceci :Sur le site TV loisir, je n'ai pas fait exprès, j'ai cliqué sur ok, au lieu de la croix, ça m'a créé un com ...
Réponses: 3

Message Partition inutilisée [Résolu]
Bonjour à tous !J'ai encore des lacunes (normal vu mon âge....):Après avoir fait du ménage sur mon disque SSD, il y reste Win 8 et Ubuntu 22.04 plus une partition de 6 Go que je voudrais utiliser pour y stocker des sauvegardes non critiques.Elle est nommée "Lost+found"Je ne peux pas avoir ...
Réponses: 3

Message [résolu] C'est le bazar sur mon bureau
Bonjour Quand je veux héberger une image ou autre chose de mon bureau, j'ai ça, maisquescequecestdoncquetoutcestmachins? Merci
Réponses: 8


Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 17 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.