Il y a actuellement 639 visiteurs
Dimanche 22 Décembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

Infection TR Rootkit gen • page 2

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

Re:

Message le 13 Avr 2010 17:24

Skynet a écrit:@bernard53 & lilparadize, les fichiers cités :

-------------------\\ Cracks & Keygens ..

C:\Users\LNA~1\Downloads\Incoming\Eminem - Crack A Bottle feat. Dr Dre & 50 Cent.mp3
C:\Users\LNA~1\Downloads\Incoming\Eminem feat dr dre & 50 cent - crack a bottle.mp3
C:\Users\LNA~1\Downloads\Incoming\Eminem Ft 50 Cent & Dr.Dre - Crack A Bottle [CeRa, KiKo & NiGGa Reggaeton Hip Hop] (Enero 2009).mp3
C:\PROGRA~2\Fugazo\Cooking Academy\cached\sounds\eggcrack.wav
C:\PROGRA~2\Fugazo\Cooking Academy 2\cached\sounds\eggcrack.wav



... ne sont pas des cracks ou keygens ;). Fichiers même parfaitement sains en mp3 et wav d'un jeu en ligne et d'un album de musique. La recherche est parfois faussée puisqu'il fait une simple recherche par nom.

Par contre, en regardant le chemin du dossier, il apparaît que tu télécharges ces musiques par le biais d'Emule.
Je ne savais pas que Eminem diffusait gratuitement ses titres :lol:. Bien sûr je rigole et c'est totalement illégal.

Attention lilparadize :roll:...



Bonjour Skynet

Merci pour ton info et toutes mes excuses lilparadize :wink:
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 


Re: Infection TR Rootkit gen

Message le 13 Avr 2010 17:25

Très bien pour MalwaresBytes.

Mets moi le rapport OTM s.t.p situé dans C:\_OTM\MovedFiles\06092009_130526.log "Exemple"
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Message le 13 Avr 2010 17:26

De rien ;), mais comme tu vois l'utilisateur n'est pas non plus irréprochable.

++
Avatar de l'utilisateur
Skynet
Moderateur
Moderateur
 
Messages: 14807
Inscription: 19 Juil 2007 21:12
 

Re: Infection TR Rootkit gen

Message le 14 Avr 2010 13:48

Voilà le rapport OTM :wink: :

All processes killed
========== FILES ==========
File/Folder c:\windows\system32\drivers\jyiuw.sys not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User

User: Léna
->Temp folder emptied: 0 bytes

User: Léna
->Temp folder emptied: 55049 bytes
->Temporary Internet Files folder emptied: 821384 bytes
->Java cache emptied: 12711496 bytes
->FireFox cache emptied: 113781550 bytes
->Flash cache emptied: 13743 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2838 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 13725401 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 135,00 mb


OTM by OldTimer - Version 3.1.10.1 log created on 04142010_144258

Files moved on Reboot...

Registry entries deleted on Reboot...
lilparadize
Apprenti(e)
Apprenti(e)
 
Messages: 38
Inscription: 02 Avr 2010 18:50
 

Re: Infection TR Rootkit gen

Message le 14 Avr 2010 17:32

Très bien, comment va ton pc maintenant!
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: Infection TR Rootkit gen

Message le 14 Avr 2010 18:18

Il ralentit moins !!! Merci pour tout :wink:
lilparadize
Apprenti(e)
Apprenti(e)
 
Messages: 38
Inscription: 02 Avr 2010 18:50
 

Re: Infection TR Rootkit gen

Message le 14 Avr 2010 18:52

lilparadize a écrit:Il ralentit moins !!! Merci pour tout :wink:


Ok dans ce cas ceci pour contrôle.


* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Output" (en haut à droite) la case "minimal Output" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Custom scan/fixes"

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
vstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles





* Cliques sur l'icône "Run Scan" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: Infection TR Rootkit gen

Message le 14 Avr 2010 21:36

Mais je rencontre toujours un problème avec le temps de téléchargement trés long... Rien que pour télécharger ce petit logiciel ( OTM) je met plus de 5 minutes et sa ne m'arrivait pas avant...

Sinon voici le rapport :

OTL logfile created on: 14/04/2010 22:20:48 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Léna\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 18,22 Gb Free Space | 24,45% Space Free | Partition Type: NTFS
Drive D: | 67,69 Gb Total Space | 8,95 Gb Free Space | 13,23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-LÉNA
Current User Name: Léna
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Léna\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\oopmagentts.exe ()
PRC - C:\Windows\ASScrPro.exe ()
PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Windows\System32\ASUSTPE.exe (ASUS)
PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)


========== Modules (SafeList) ==========

MOD - C:\Users\Léna\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (CLTNetCnService) -- File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (incdrm) -- C:\Windows\System32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- C:\Windows\System32\drivers\InCDPass.sys (Nero AG)
DRV - (InCDfs) -- C:\Windows\System32\drivers\InCDfs.sys (Nero AG)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (Atc002) -- C:\Windows\System32\drivers\L260x86.sys (Attansic Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\Windows\System32\drivers\ssm_bus.sys (MCCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.windows.fr/ie8/bienvenue
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official"
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.03
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:4.1.12s
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/02 23:05:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 13:53:43 | 000,000,000 | ---D | M]

[2008/12/06 10:50:58 | 000,000,000 | ---D | M] -- C:\Users\Léna\AppData\Roaming\mozilla\Extensions
[2010/04/14 15:38:52 | 000,000,000 | ---D | M] -- C:\Users\Léna\AppData\Roaming\mozilla\Firefox\Profiles\k6929x90.default\extensions
[2009/09/03 18:34:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Léna\AppData\Roaming\mozilla\Firefox\Profiles\k6929x90.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/01 20:02:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Léna\AppData\Roaming\mozilla\Firefox\Profiles\k6929x90.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/10/08 17:05:03 | 000,000,000 | ---D | M] (BitComet Download Helper) -- C:\Users\Léna\AppData\Roaming\mozilla\Firefox\Profiles\k6929x90.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/05/25 17:55:14 | 000,000,000 | ---D | M] -- C:\Users\Léna\AppData\Roaming\mozilla\Firefox\Profiles\k6929x90.default\extensions\searchrecs@veoh.com
[2010/03/31 13:13:10 | 000,000,000 | ---D | M] -- C:\Users\Léna\AppData\Roaming\mozilla\Firefox\Profiles\k6929x90.default\extensions\SkipScreen@SkipScreen
[2010/04/14 15:38:52 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/12/27 03:02:52 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/12/06 10:50:54 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2008/01/23 08:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2009/04/25 22:29:52 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2009/04/25 22:29:52 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2009/04/25 22:29:52 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2009/04/25 22:29:52 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2009/04/25 22:29:52 | 000,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/04/12 19:02:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [ooquickpdfv7] C:\Windows\System32\oopmagentts.exe ()
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (http://www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (http://www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (http://www.BitComet.com)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: 01net.exe ([kav8.0.0.506.fr] * in Sites de confiance)
O15 - HKCU\..Trusted Domains: 191megaupload.com ([www] * in Sites de confiance)
O15 - HKCU\..Trusted Domains: apple.com ([www] http in Local intranet)
O15 - HKCU\..Trusted Domains: apple.com ([www] https in Sites de confiance)
O15 - HKCU\..Trusted Domains: avgate.net ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: avgfree.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: bestofmedia.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: bitdefender.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: bleepingcomputer.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: boonty.com ([tdm] * in Sites de confiance)
O15 - HKCU\..Trusted Domains: clubic.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: commentcamarche.net ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: commentcamarche.net ([dl] * in Sites de confiance)
O15 - HKCU\..Trusted Domains: commentsamarche.net ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: edgesuite.net ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: edgesuite.net ([appldnld.apple.com] * in Sites de confiance)
O15 - HKCU\..Trusted Domains: edgesuite.net ([www] * in Sites de confiance)
O15 - HKCU\..Trusted Domains: filehippo.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: first_class_flurry-setup.exe ([]https in Sites de confiance)
O15 - HKCU\..Trusted Domains: gamecentersolution.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: gmer.exe ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: kaspersky.fr ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: kaspersky.fr ([www] * in Sites de confiance)
O15 - HKCU\..Trusted Domains: kaspersky.net ([telecharger] * in Sites de confiance)
O15 - HKCU\..Trusted Domains: malwarebytes.org ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: megaupload.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: msgpluslive.net ([mirror1] * in Sites de confiance)
O15 - HKCU\..Trusted Domains: orange.fr ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: orange.fr ([jeuxentelechargement] https in Sites de confiance)
O15 - HKCU\..Trusted Domains: orange.fr ([www] https in Sites de confiance)
O15 - HKCU\..Trusted Domains: siurceforge.net ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: skipscreen.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: softonic.fr ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: sourceforge.net ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: sourceforge.net ([freefr.dl] * in Sites de confiance)
O15 - HKCU\..Trusted Domains: spybotupdates.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: telechargement.fr ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: veoh.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: veoh.com ([]https in Sites de confiance)
O15 - HKCU\..Trusted Domains: veoh.com ([www.apserver] https in Sites de confiance)
O15 - HKCU\..Trusted Domains: veohvideocompasssetup_eng.exe ([]https in Sites de confiance)
O15 - HKCU\..Trusted Domains: wildgames.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: windowslive.fr ([www] * in Sites de confiance)
O15 - HKCU\..Trusted Domains: zylom.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Sites de confiance)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Léna\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Léna\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2010/02/03 21:01:46 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/14 22:15:10 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Léna\Desktop\OTL.exe
[2010/04/14 19:16:56 | 001,437,651 | ---- | C] (Nicolas Coolman ) -- C:\Users\Léna\Desktop\ZHPDiag 1.25.13.exe
[2010/04/14 15:23:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/04/14 15:23:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/04/14 15:23:06 | 000,000,000 | ---D | C] -- C:\Users\Léna\AppData\Local\temp
[2010/04/14 15:09:05 | 000,000,000 | ---D | C] -- C:\Bibitte
[2010/04/14 15:08:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/04/14 14:42:58 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/04/12 23:44:41 | 000,000,000 | ---D | C] -- C:\Ad-Remover
[2010/04/12 19:49:14 | 000,000,000 | ---D | C] -- C:\Users\Léna\Desktop\Nouveau dossier
[2010/04/12 19:44:37 | 000,000,000 | ---D | C] -- C:\Lop SD
[2010/04/12 10:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2010/04/11 21:39:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/04/11 21:39:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/04/11 21:39:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/04/11 21:39:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/11 21:34:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/11 11:09:18 | 000,000,000 | ---D | C] -- C:\Users\Léna\AppData\Roaming\Malwarebytes
[2010/04/11 11:09:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/11 11:08:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/11 11:08:56 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/11 11:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/11 10:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/31 13:53:43 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/03/31 13:53:43 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/03/31 13:53:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/03/31 13:53:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/03/31 13:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/03/30 19:22:22 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/03/30 19:22:22 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/30 19:22:22 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/30 19:22:22 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/30 19:22:21 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/03/30 19:22:21 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/30 19:22:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/03/30 19:22:21 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/03/30 19:22:21 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/03/30 19:22:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/03/30 19:22:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/03/30 19:22:21 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/30 19:22:21 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/03/30 19:22:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/30 19:22:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/21 12:01:42 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/14 22:19:48 | 008,388,608 | -HS- | M] () -- C:\Users\Léna\NTUSER.DAT
[2010/04/14 22:19:36 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Léna\Desktop\OTL.exe
[2010/04/14 22:06:59 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/14 22:06:59 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/14 22:06:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/14 19:33:03 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/14 19:27:18 | 000,000,795 | ---- | M] () -- C:\Users\Public\Desktop\ZHPDiag.lnk
[2010/04/14 19:27:18 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2010/04/14 19:18:14 | 001,437,651 | ---- | M] (Nicolas Coolman ) -- C:\Users\Léna\Desktop\ZHPDiag 1.25.13.exe
[2010/04/14 16:52:12 | 000,684,658 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/04/14 16:52:12 | 000,591,872 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/14 16:52:12 | 000,128,638 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/04/14 16:52:11 | 001,500,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/14 16:52:11 | 000,105,752 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/14 16:25:30 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/04/14 16:25:01 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010/04/14 16:24:59 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/14 16:24:53 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/14 16:23:55 | 2012,471,296 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/14 15:18:37 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/04/14 14:43:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/04/14 14:43:30 | 000,524,288 | -HS- | M] () -- C:\Users\Léna\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/14 14:43:30 | 000,065,536 | -HS- | M] () -- C:\Users\Léna\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/14 14:34:17 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9B8CB6BC-2AEF-4BCD-9049-47AA98A78071}.job
[2010/04/13 15:07:09 | 003,017,840 | -H-- | M] () -- C:\Users\Léna\AppData\Local\IconCache.db
[2010/04/12 19:02:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/04/12 10:54:41 | 000,019,456 | ---- | M] () -- C:\Users\Léna\Documents\FILMS ,,.doc
[2010/04/12 10:43:46 | 000,002,663 | ---- | M] () -- C:\Users\Léna\Desktop\Microsoft Word.lnk
[2010/04/11 11:09:08 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/11 10:24:05 | 000,001,677 | ---- | M] () -- C:\Users\Léna\Desktop\CCleaner.lnk
[2010/04/10 14:46:42 | 000,023,040 | ---- | M] () -- C:\Users\Léna\Documents\ALCOOL.doc
[2010/04/05 15:47:45 | 000,189,952 | ---- | M] () -- C:\Users\Léna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/04 23:43:44 | 000,022,261 | ---- | M] () -- C:\Users\Léna\73448158-930cb99ba6a33eb611698872e7.jpg
[2010/03/31 13:52:50 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/03/31 13:52:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/03/31 13:52:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/03/31 13:52:48 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/29 17:28:17 | 000,020,480 | ---- | M] () -- C:\Users\Léna\Documents\Adresses.doc
[2010/03/29 17:23:41 | 000,020,480 | ---- | M] () -- C:\Users\Léna\Documents\Lettre motiv ASH.doc
[2010/03/24 10:32:58 | 000,019,456 | ---- | M] () -- C:\Users\Léna\Documents\Band of horses.doc
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/14 19:19:57 | 000,000,790 | ---- | C] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2010/04/14 19:19:56 | 000,000,795 | ---- | C] () -- C:\Users\Public\Desktop\ZHPDiag.lnk
[2010/04/14 16:25:01 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2010/04/11 21:39:23 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/04/11 21:39:23 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/04/11 21:39:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/04/11 21:39:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/04/11 21:39:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/04/11 11:09:08 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/11 10:24:05 | 000,001,677 | ---- | C] () -- C:\Users\Léna\Desktop\CCleaner.lnk
[2010/04/04 23:43:39 | 000,022,261 | ---- | C] () -- C:\Users\Léna\73448158-930cb99ba6a33eb611698872e7.jpg
[2010/04/04 11:26:39 | 000,023,040 | ---- | C] () -- C:\Users\Léna\Documents\ALCOOL.doc
[2010/03/29 17:28:17 | 000,020,480 | ---- | C] () -- C:\Users\Léna\Documents\Adresses.doc
[2010/03/24 10:32:56 | 000,019,456 | ---- | C] () -- C:\Users\Léna\Documents\Band of horses.doc
[2010/02/17 12:14:40 | 003,854,274 | ---- | C] () -- C:\Users\Léna\1x16 The Kills- U.R.A. Fever.mp3
[2010/02/07 01:22:55 | 000,001,474 | ---- | C] () -- C:\Users\Léna\.recently-used.xbel
[2010/02/02 20:40:12 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/02/02 20:40:11 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/02/02 20:39:43 | 000,002,528 | ---- | C] () -- C:\Users\Léna\AppData\Roaming\$_hpcst$.hpc
[2010/01/29 21:41:29 | 000,000,016 | ---- | C] () -- C:\Users\Léna\AppData\Roaming\anvkgp.dat
[2009/12/16 21:03:37 | 000,009,785 | -HS- | C] () -- C:\Users\Léna\AlbumArt_{FB185E1F-13B6-4F4C-B65D-D2147C0D94BA}_Large.jpg
[2009/12/16 21:03:37 | 000,002,133 | -HS- | C] () -- C:\Users\Léna\AlbumArt_{FB185E1F-13B6-4F4C-B65D-D2147C0D94BA}_Small.jpg
[2009/12/16 19:58:52 | 000,383,163 | ---- | C] () -- C:\Users\Léna\DSC04087.JPG
[2009/12/16 19:58:52 | 000,368,175 | ---- | C] () -- C:\Users\Léna\DSC04090.JPG
[2009/12/16 19:58:52 | 000,356,413 | ---- | C] () -- C:\Users\Léna\DSC04086.JPG
[2009/12/11 18:57:47 | 003,889,117 | ---- | C] () -- C:\Users\Léna\eb3-3.gif
[2009/12/11 18:57:44 | 007,281,694 | ---- | C] () -- C:\Users\Léna\eb4-2.gif
[2009/12/11 18:57:36 | 004,408,136 | ---- | C] () -- C:\Users\Léna\eb7-3.gif
[2009/11/22 14:49:36 | 000,012,933 | -HS- | C] () -- C:\Users\Léna\AlbumArt_{433A6A2D-5769-44BA-83B6-28C2EE0956E5}_Large.jpg
[2009/11/22 14:49:36 | 000,002,621 | -HS- | C] () -- C:\Users\Léna\AlbumArt_{433A6A2D-5769-44BA-83B6-28C2EE0956E5}_Small.jpg
[2009/11/20 22:53:38 | 000,054,745 | ---- | C] () -- C:\Users\Léna\05 - Copie.jpg
[2009/11/20 22:49:41 | 000,059,749 | ---- | C] () -- C:\Users\Léna\05.jpg
[2009/11/20 22:45:03 | 000,134,631 | ---- | C] () -- C:\Users\Léna\VD09-PR-0016.jpg
[2009/11/19 22:11:21 | 000,091,772 | ---- | C] () -- C:\Users\Léna\normal_vf-outtake004.jpg
[2009/11/18 18:47:52 | 005,833,325 | ---- | C] () -- C:\Users\Léna\08 Sleep.mp3
[2009/11/18 18:47:29 | 005,390,336 | ---- | C] () -- C:\Users\Léna\09 Into Dust.mp3
[2009/11/15 02:36:33 | 000,061,659 | ---- | C] () -- C:\Users\Léna\normal_IMG1_(21).jpg
[2009/11/05 19:38:10 | 000,060,701 | ---- | C] () -- C:\Users\Léna\cam-gigandet.jpg
[2009/11/04 19:46:55 | 000,031,785 | ---- | C] () -- C:\Users\Léna\pattinsona091206 - rouge - Copie - Copie.jpg
[2009/11/02 14:05:13 | 000,052,906 | ---- | C] () -- C:\Users\Léna\pattinsona091206 - rouge - Copie.jpg
[2009/11/02 14:03:02 | 000,092,543 | ---- | C] () -- C:\Users\Léna\pattinsona091206 - rouge.jpg
[2009/10/15 20:13:17 | 000,030,724 | ---- | C] () -- C:\Users\Léna\024_AC072 - Copie.jpg
[2009/10/15 20:12:22 | 000,037,175 | ---- | C] () -- C:\Users\Léna\024_AC072.jpg
[2009/09/16 07:33:30 | 007,400,872 | ---- | C] () -- C:\Users\Léna\15 - Two Steps From Hell - Moving Mountains.mp3
[2009/08/29 15:24:28 | 000,010,376 | -HS- | C] () -- C:\Users\Léna\AlbumArt_{795B8FEE-CBD2-4D66-A5E1-64C84872658D}_Large.jpg
[2009/08/29 15:24:27 | 000,009,785 | -HS- | C] () -- C:\Users\Léna\Folder.jpg
[2009/08/29 15:24:27 | 000,002,770 | -HS- | C] () -- C:\Users\Léna\AlbumArt_{795B8FEE-CBD2-4D66-A5E1-64C84872658D}_Small.jpg
[2009/08/29 15:24:27 | 000,002,133 | -HS- | C] () -- C:\Users\Léna\AlbumArtSmall.jpg
[2009/08/27 23:57:37 | 004,848,267 | ---- | C] () -- C:\Users\Léna\2Pac - Ghetto Gospel.mp3
[2009/08/23 11:34:06 | 000,026,451 | ---- | C] () -- C:\Users\Léna\gq2.jpg
[2009/07/08 17:51:40 | 000,354,030 | ---- | C] () -- C:\Users\Léna\image.bmp
[2009/07/06 11:43:12 | 000,032,014 | ---- | C] () -- C:\Users\Léna\5975_1183485987972_1252896237_501301_1337426_n.jpg
[2009/07/06 11:43:04 | 000,027,538 | ---- | C] () -- C:\Users\Léna\5975_1183486107975_1252896237_501304_3781612_n.jpg
[2009/07/06 11:42:41 | 000,042,926 | ---- | C] () -- C:\Users\Léna\5975_1183482507885_1252896237_501283_6506997_n.jpg
[2009/06/30 11:22:55 | 000,016,817 | ---- | C] () -- C:\Users\Léna\normal_d6 - Copie.jpg
[2009/06/10 19:08:37 | 001,491,264 | ---- | C] () -- C:\Users\Léna\tracysong-angel.mp3
[2009/05/31 23:17:58 | 000,020,499 | ---- | C] () -- C:\Users\Léna\normal_d6.jpg
[2009/05/04 19:56:24 | 003,630,504 | ---- | C] () -- C:\Users\Léna\Madonna - love profusion.mp3
[2009/04/01 17:59:05 | 006,454,743 | ---- | C] () -- C:\Users\Léna\Anna Nalick - Breathe.mp3
[2009/03/20 22:39:40 | 005,455,486 | ---- | C] () -- C:\Users\Léna\EMRA'Z 3.wma
[2009/03/20 22:39:33 | 004,218,454 | ---- | C] () -- C:\Users\Léna\Elsa.wma
[2008/07/23 18:50:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/07/23 18:47:34 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/07/23 18:47:34 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/07/23 18:46:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/12/30 00:42:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/12/26 13:38:41 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2007/12/26 13:24:27 | 000,189,952 | ---- | C] () -- C:\Users\Léna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/26 00:11:49 | 000,016,384 | ---- | C] () -- C:\Windows\System32\DsrSleep.dll
[2007/12/26 00:10:16 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2007/12/26 00:10:16 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2007/12/26 00:08:25 | 000,026,112 | ---- | C] () -- C:\Windows\System32\oopmpm.dll
[2007/12/21 13:47:10 | 000,000,020 | -HS- | C] () -- C:\Users\Léna\ntuser.ini
[2007/12/21 13:47:09 | 000,524,288 | -HS- | C] () -- C:\Users\Léna\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2007/12/21 13:47:09 | 000,524,288 | -HS- | C] () -- C:\Users\Léna\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2007/12/21 13:47:09 | 000,262,144 | -H-- | C] () -- C:\Users\Léna\ntuser.dat.LOG1
[2007/12/21 13:47:09 | 000,065,536 | -HS- | C] () -- C:\Users\Léna\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2007/12/21 13:47:09 | 000,000,000 | -H-- | C] () -- C:\Users\Léna\ntuser.dat.LOG2
[2007/12/21 13:47:08 | 008,388,608 | -HS- | C] () -- C:\Users\Léna\NTUSER.DAT
[2007/11/10 06:25:45 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/04/18 11:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/10 04:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1999/01/22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\agp440.sys
[2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\agp440.sys
[2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2008/01/19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll
[2008/01/19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\ERDNT\cache\scecli.dll
[2008/01/19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2008/01/19 09:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/19 09:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:A42A9F39
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E5AFE07D
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0651F96C
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F50F1555
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:726FDB23
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:B3B92717
< End of report >

et le 2ème rapport extra :

OTL Extras logfile created on: 14/04/2010 22:20:48 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Léna\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 18,22 Gb Free Space | 24,45% Space Free | Partition Type: NTFS
Drive D: | 67,69 Gb Total Space | 8,95 Gb Free Space | 13,23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-LÉNA
Current User Name: Léna
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E39A26B-4CE1-4FA3-BBB8-40376FC10AB9}" = rport=2869 | protocol=6 | dir=out | app=system |
"{23E35E06-D182-47B2-B448-2995EB564108}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2E271896-EBEC-45D8-9461-2CC189CA0FC8}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{45E8DAA3-D7FC-4278-BA37-059CF060EB03}" = lport=10001 | protocol=17 | dir=in | name=udp |
"{5B96622E-D5DB-455D-B493-E7D266A8679E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{60AC779C-FDD9-4BC9-9250-55ADD4201FC1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{73A4C8C2-1930-4A4C-8417-043F429E1F14}" = lport=23840 | protocol=17 | dir=in | name=bitcomet 23840 udp |
"{77AE7EE0-68C2-480E-A37E-F9C7B28679AA}" = lport=10000 | protocol=6 | dir=in | name=tcp |
"{9D642DB0-4172-43AD-B438-226449F64553}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AAA13F3E-5FF7-40CF-AA07-14C4C552B0D9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ACD1B71F-7DF1-4C36-A0B7-8E01D1F0DB6D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B81D751B-41A6-41EC-97F3-39D8C093581F}" = lport=23840 | protocol=6 | dir=in | name=bitcomet 23840 tcp |
"{CA1CBD25-9E6D-4CE5-AD11-DDBEA8AC343C}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E802DCCC-9F9B-4638-934B-0C603D8C1499}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18669F84-E964-45C9-A911-791941BBF6C5}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{2051DFC0-180E-4892-AE5E-98C16DD1E7F7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2CB3CB9E-8CA6-49C3-ABA1-FC992A4E2056}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{34B5FC52-BF74-4F30-BDDF-5364F67874A2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5EA29E4D-6E02-41B0-850B-0BD2572F2147}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7A9E7B75-E710-4090-9986-552C8FF1FF2D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{846CE076-2BAA-42F3-A6E5-F83B050AED91}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{9B33E6BC-8FC9-4C39-8918-0300FDC88DB8}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{9FE15881-3438-40EA-A76D-6A2CF71DA2AD}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{A5BB24EE-D6E3-4897-A65E-FC9B4E52B72D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{CB154586-6FB0-457A-AEC9-3CBF18D79933}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D13D9735-29EB-4B8B-AC10-0A46C1F3C4E2}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{D33566E9-60C1-4B98-BFEE-F9CB7FF6B9A6}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DB0D295B-33C1-4E37-947C-2C650D87ED13}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F48AEEE0-A83C-465A-84B2-99A4157863E8}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"TCP Query User{1C69A630-82D3-4D77-8AFE-42227AC027DD}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{2C301B58-DF7D-4AC8-B5D6-DBCF42E05F70}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{34E9FF84-C6FD-498C-86A8-F3BD77B2F432}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{77D34DB7-F3D1-4E8A-B9CC-582B7927DA2B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{81F90A9B-9CDB-42E5-A13E-D0845801705B}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{ADA25AA9-70B1-4163-9FCF-1773CC786002}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{BDC429EF-B447-4162-B7B1-E85E773D0EE9}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{EAE2A907-6534-4B24-A3EA-62E42BA5F45C}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{F5E8265B-0F69-42F2-94DE-D79515B2086D}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{FB6B5826-266B-4B66-9537-7BE7D7F5996C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{0189A4BE-7365-4361-B0F5-55989F061B5C}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{08084E66-1723-4A77-AF18-CCB8E5337E9C}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{0AF34DE0-C07C-4057-886D-8A75B8096B33}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{53EE4B7C-FAD0-48B0-8AC3-8F16A8E82C76}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{6F0183C6-8F9D-42FE-8D77-D1CDC9A686B4}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{A03BD536-FF6D-4C1E-9A90-ACC6405BA4DB}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{B1D1B66F-1F58-4C8A-8326-E72902CAE821}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D09F65A1-DFBA-4381-9C42-AB6DA8FD774A}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{DBF5D5CF-2F93-4A7E-9949-2256073F1531}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{FBA83C78-4C83-45C5-8F38-DB37F769F582}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05D67915-50EC-56C9-7148-552F8D205383}" = CCC Help German
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08C69626-1E29-7EE2-E122-D475D7BAAF0B}" = Catalyst Control Center Localization Hungarian
"{09E9F3B1-2965-3D8B-F624-2F44D99B53B0}" = Catalyst Control Center Graphics Light
"{0E4E7AB0-6FFB-4C76-FD74-810DE985D518}" = Catalyst Control Center Localization Greek
"{10D3701B-1463-0C2F-748E-3E03FADEB711}" = Catalyst Control Center Localization Norwegian
"{117FBA8C-9325-4BCD-B19A-0BF21EA9A374}" = Catalyst Control Center Localization Spanish
"{122321B4-A450-0052-CAD8-B419C0EAD392}" = CCC Help Spanish
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1606E90F-5327-EE07-9137-C518BF3DFFCE}" = Catalyst Control Center Localization Swedish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196BC239-53AB-615F-9B0D-FD2D61D31A58}" = Catalyst Control Center Localization Czech
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Giga Ethernet Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2AE949D0-89B5-479B-A2C3-3482F68C1E7E}" = OFFICE One BankPerfect
"{2D06A54D-6FA7-62F1-E824-E0109C069D8E}" = CCC Help Russian
"{2EBC713F-3022-A21B-6266-376ED7C43C07}" = CCC Help French
"{2FE38EFA-06B3-4FC0-A06B-B173A3E3422E}" = OFFICE One v7 Paint.net
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3969961F-4B9A-DEB9-BC69-F0348E527DEA}" = Catalyst Control Center Localization Chinese Standard
"{39EAC702-D866-AA54-97C6-13E8AAAC2219}" = CCC Help Hungarian
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CE73C5D-D8F0-D6D0-E5AB-39A798BF4571}" = Skins
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{46663439-F39E-BF21-673C-19A035F9C708}" = Catalyst Control Center Localization Thai
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4C4A9592-2854-E201-F7A9-2AE77AB35E37}" = CCC Help Portuguese
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{5A74F5DD-CD86-FE24-C8D3-9850F43FD42D}" = CCC Help Czech
"{5BD877FE-9E11-D996-DEDB-ABAF4A251C39}" = CCC Help Chinese Standard
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5D2683BE-2C44-4DB5-BECD-87B324077A7F}" = OFFICE One Notes v7
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{6153EBDC-A52B-6B24-4A3C-5CC8F85BE0DF}" = Catalyst Control Center Graphics Full New
"{6173A4FC-D42D-69A6-52CA-A30496389760}" = ccc-core-static
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{661EA4BC-FF51-FE25-7E59-D8BA41170189}" = Catalyst Control Center Localization Chinese Traditional
"{67645155-2149-7ED9-003E-92BFB7EA262A}" = Catalyst Control Center Localization Portuguese
"{68AB9F5B-85BA-1A49-F5B9-103C172A90F6}" = Catalyst Control Center Localization Korean
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{740323AF-4EFD-EB99-8632-6B5AA9D53411}" = Catalyst Control Center Localization Dutch
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7D5F5F2C-B978-2AD9-B54D-BC9006C35333}" = CCC Help Japanese
"{7D6E6E66-8B3D-42C2-DE13-E3F0C6A178D9}" = CCC Help Korean
"{7DFBD5A5-F88B-ED78-E5FD-FB994138BB25}" = ccc-utility
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{80A88659-E13D-46C8-8BDC-312A8F1FE8A2}" = OFFICE One Games - The Postman
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{85C5827E-106F-4497-8066-B7CFEBBEA91D}" = OFFICE One Menu v7
"{87DEF84E-51A5-4A0E-91C2-E012E92DE69B}" = OFFICE One QuickZip v7
"{893EFD7C-B705-892C-E6E0-49BFB6C621BC}" = Catalyst Control Center Localization Russian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B8FC6A3-3467-5786-657E-6893DDA7F52D}" = CCC Help Swedish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97F32DF8-D66E-446A-A425-C1D7B45C1033}" = Nero 7 Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A70075D-6071-4704-EAF6-6DEB51CB777B}" = Catalyst Control Center Localization Finnish
"{9D513AEB-187D-C020-317A-5804F781CC95}" = CCC Help Chinese Traditional
"{9D88CAFF-7CB3-916A-0A1F-5E0DB4ECD073}" = Catalyst Control Center Localization Danish
"{9EE7095B-F74E-4DC9-FAF7-75C940A1C3E9}" = Catalyst Control Center Localization French
"{A315B77A-24C5-95D9-9325-61C98FBB7C53}" = Catalyst Control Center Localization German
"{A480B428-5A5E-8D8F-6D8E-2CCBFF6029FA}" = CCC Help Norwegian
"{A7AF2BC7-FCFB-03CB-DA36-5E9D44A53091}" = CCC Help Turkish
"{A8FD0C55-0D21-89F3-57E9-1E22235765B3}" = CCC Help Finnish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1036-7B44-A70800000002}" = Adobe Reader 7.0.8 - Français
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B243ABE9-57C2-4B97-BA6B-37DF6C0208ED}" = OFFICE One Safety-Box v7
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5DCE5D7-6FDD-D5C2-C6B7-14E264E695C9}" = Catalyst Control Center Core Implementation
"{B5FE6702-0B5F-6866-7FD2-A7B28BCAB15B}" = Catalyst Control Center Localization Japanese
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B89BD504-63FF-03DC-5B8B-CEBCEBF2B08D}" = CCC Help English
"{B8F3555E-B918-445E-97D1-BC4861C4EF59}" = OFFICE One ClipArt v7
"{BA147801-8946-4BBE-BE17-A2199CE52C81}" = OFFICE One 150 Templates v7
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C263E891-CA9F-7CE4-B31D-6A100D5D2F3C}" = CCC Help Polish
"{C42E03E9-E897-4D96-968F-24BFF2D693CF}" = OFFICE One Games - Robots
"{C4693D41-87C5-A2E0-00AB-5E0A0A205E9E}" = CCC Help Italian
"{C78D647E-3895-4621-A1F7-BD62784B95B4}" = OFFICE One Games - Water in Fire 2
"{CC0C788C-7C68-47A9-BFBF-0DF7B205B4CC}" = OFFICE One Fonts v7
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D85E64FE-A7F1-496B-858F-4D55A622C50D}" = OFFICE One QuickPDF v7
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCC7315A-F551-0778-AFC1-C19D853E0AFA}" = Catalyst Control Center Localization Turkish
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{DCE907E3-4D72-4CD3-A08A-BEFC8C7A5869}" = Branding
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DF6D07CB-BA1B-60D3-8D51-69A5775AC7D9}" = CCC Help Thai
"{E26DD81D-91CF-7348-65E2-5AC16E14612B}" = Catalyst Control Center Localization Polish
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E33E9943-2679-C829-5E9E-4D981A1C264C}" = CCC Help Danish
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E7F0262E-84B8-9EBE-D6FD-E3865FCDB0EB}" = Catalyst Control Center Localization Italian
"{EA7D2E55-386E-488D-9880-F6B939534AAE}" = OFFICE One 7.0
"{ED8C5498-6C39-92E6-B17F-414BF1722E42}" = Catalyst Control Center Graphics Previews Vista
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F173C327-FAA5-D463-2CBD-A4818C7EDC8C}" = Catalyst Control Center Graphics Full Existing
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F29DDAD0-447D-4BDB-80CB-4276B4D5C9A7}" = Ciel Devis Factures 6.0
"{F49109F4-EA87-B982-8A66-CCD32C6FC8AF}" = CCC Help Greek
"{F5AB638D-91F6-6517-9872-BE6996E06AF6}" = CCC Help Dutch
"{F6B10961-45A0-48AD-BB50-777A99286B39}" = OFFICE One Games - Pharaohs Curse
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone
"{FEC30F06-A382-47D1-B828-859AC641EB1D}" = OFFICE One Startup v7
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Ad-Remover" = Ad-Remover By C_XX
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"ATI Uninstaller" = ATI Uninstaller
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitComet" = BitComet 1.04
"CCleaner" = CCleaner
"DVD Shrink_is1" = DVD Shrink 3.2
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Package de pilotes Windows - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
"eMule" = eMule
"Free.fr" = Free - Kit de connexion
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MpcStar" = MpcStar 3.1
"RealPlayer 6.0" = RealPlayer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB2.0 1.3M WebCam" = USB2.0 1.3M WebCam
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Installation Windows Live
"ZHPDiag_is1" = ZHPDiag 1.25

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/03/2010 01:18:10 | Computer Name = PC-de-Léna | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 04/03/2010 14:02:36 | Computer Name = PC-de-Léna | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 04/03/2010 14:02:36 | Computer Name = PC-de-Léna | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 05/03/2010 01:24:29 | Computer Name = PC-de-Léna | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 05/03/2010 01:24:29 | Computer Name = PC-de-Léna | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 05/03/2010 01:49:11 | Computer Name = PC-de-Léna | Source = EventSystem | ID = 4621
Description =

Error - 05/03/2010 17:52:51 | Computer Name = PC-de-Léna | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 05/03/2010 17:52:51 | Computer Name = PC-de-Léna | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 06/03/2010 04:18:58 | Computer Name = PC-de-Léna | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 06/03/2010 04:18:58 | Computer Name = PC-de-Léna | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Media Center Events ]
Error - 20/02/2009 07:40:50 | Computer Name = PC-de-Léna | Source = MCUpdate | ID = 0
Description = Échec de l'attente du mutex MCUpdate avec l'exception : « Attente
terminée en raison d'un mutex abandonné. ».

[ System Events ]
Error - 14/04/2010 10:24:42 | Computer Name = PC-de-Léna | Source = disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\DR0 comporte un bloc défectueux.

Error - 14/04/2010 10:24:45 | Computer Name = PC-de-Léna | Source = disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\DR0 comporte un bloc défectueux.

Error - 14/04/2010 10:24:47 | Computer Name = PC-de-Léna | Source = disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\DR0 comporte un bloc défectueux.

Error - 14/04/2010 10:24:49 | Computer Name = PC-de-Léna | Source = disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\DR0 comporte un bloc défectueux.

Error - 14/04/2010 10:24:53 | Computer Name = PC-de-Léna | Source = HTTP | ID = 15016
Description =

Error - 14/04/2010 10:25:16 | Computer Name = PC-de-Léna | Source = Service Control Manager | ID = 7000
Description =

Error - 14/04/2010 11:27:02 | Computer Name = PC-de-Léna | Source = ipnathlp | ID = 31004
Description = L'agent proxy DNS n'a pas pu allouer 0 octets de mémoire. Ceci peut
indiquer que le système n'a plus beaucoup de mémoire virtuelle, ou que le gestionnaire
de mémoire a rencontré une erreur interne.

Error - 14/04/2010 13:13:40 | Computer Name = PC-de-Léna | Source = ipnathlp | ID = 31004
Description = L'agent proxy DNS n'a pas pu allouer 0 octets de mémoire. Ceci peut
indiquer que le système n'a plus beaucoup de mémoire virtuelle, ou que le gestionnaire
de mémoire a rencontré une erreur interne.

Error - 14/04/2010 13:14:06 | Computer Name = PC-de-Léna | Source = ipnathlp | ID = 31004
Description = L'agent proxy DNS n'a pas pu allouer 0 octets de mémoire. Ceci peut
indiquer que le système n'a plus beaucoup de mémoire virtuelle, ou que le gestionnaire
de mémoire a rencontré une erreur interne.

Error - 14/04/2010 16:06:54 | Computer Name = PC-de-Léna | Source = ipnathlp | ID = 31004
Description = L'agent proxy DNS n'a pas pu allouer 0 octets de mémoire. Ceci peut
indiquer que le système n'a plus beaucoup de mémoire virtuelle, ou que le gestionnaire
de mémoire a rencontré une erreur interne.


< End of report >
lilparadize
Apprenti(e)
Apprenti(e)
 
Messages: 38
Inscription: 02 Avr 2010 18:50
 

Re: Infection TR Rootkit gen

Message le 15 Avr 2010 16:53

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Output" (en haut à droite) la case "minimal Output" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Custom scan/fixes"

:OTL
PRC - C:\Windows\System32\oopmagentts.exe ()
PRC - C:\Windows\ASScrPro.exe ()

SRV - (CLTNetCnService) -- File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.




* Cliques sur l'icône "Run Fix" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés


Ensuite ceci:


Télécharge CCLEANER

TUTO

Fait un nettoyage comme cela :

**Décoche la case dans Options –avancé- Effacer uniquement les fichiers, du dossier temp de Windows : plus vieux que 24 Heures

Recocher cette case une fois le premier nettoyage effectué

1-Élimine les fichiers temporaires et les traces ( onglet nettoyeur ) Imageque vous laissez en naviguant sur Internet ou bien en ouvrant simplement des fichiers avec n'importe quel logiciel sous Windows : le Lecteur Windows Media, Emule, Office, Nero, Adobe Reader, etc.


Ensuite tu as beaucoup de chose au démarrage du pc.


Tu peux contrôler le démarrage de tous ces processus avec un logiciel comme Starter de Code Stuff.
Télécharge et installe Code Stuff Starter :
http://www.clubic.com/telecharger-fiche ... arter.html

Tu l'ouvres et tu cliques sur AllSection dans la colonne de gauche.
Si tu n'es pas en français, clique sur Configurations, Options, Language et choisis French.

Ensuite vas dans l’onglet démarrage et décoches les lignes voulues.

Ne t'inquiète pas si a l'usage tu veux réactiver l'une d'elles, il suffit de la. recocher

Elles sont lancées inutilement au démarrage du système et cela ne comporte aucun danger.

:!: Installe le logiciel comme ceci, si tu es sous Vista.

Tu le dé zippes puis fais un Clic-droit sur le .exe et choisis "Exécuter en tant qu'administrateur".


Tu peux cocher tout cela: "tu auras juste lez 04 qui ne va pas apparaitre.

O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM\..\Run: [ooquickpdfv7] C:\Windows\System32\oopmagentts.exe ()
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe ()
O4 - HKLM\..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)




Redémarres le pc .
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: Infection TR Rootkit gen

Message le 15 Avr 2010 18:51

Merci voilà le rapport d'OTL :

OTL logfile created on: 15/04/2010 19:42:07 - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Léna\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 19,42 Gb Free Space | 26,06% Space Free | Partition Type: NTFS
Drive D: | 67,69 Gb Total Space | 67,60 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-LÉNA
Current User Name: Léna
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Léna\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\oopmagentts.exe ()
PRC - C:\Windows\ASScrPro.exe ()
PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Windows\System32\ASUSTPE.exe (ASUS)
PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)


========== Modules (SafeList) ==========

MOD - C:\Users\Léna\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (CLTNetCnService) -- File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (incdrm) -- C:\Windows\System32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- C:\Windows\System32\drivers\InCDPass.sys (Nero AG)
DRV - (InCDfs) -- C:\Windows\System32\drivers\InCDfs.sys (Nero AG)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (Atc002) -- C:\Windows\System32\drivers\L260x86.sys (Attansic Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\Windows\System32\drivers\ssm_bus.sys (MCCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.windows.fr/ie8/bienvenue
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official"
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.03
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:4.1.12s
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/02 23:05:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/15 14:02:35 | 000,000,000 | ---D | M]

[2008/12/06 10:50:58 | 000,000,000 | ---D | M] -- C:\Users\Léna\AppData\Roaming\mozilla\Extensions
[2010/04/15 15:49:31 | 000,000,000 | ---D | M] -- C:\Users\Léna\AppData\Roaming\mozilla\Firefox\Profiles\k6929x90.default\extensions
[2009/09/03 18:34:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Léna\AppData\Roaming\mozilla\Firefox\Profiles\k6929x90.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/01 20:02:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Léna\AppData\Roaming\mozilla\Firefox\Profiles\k6929x90.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/10/08 17:05:03 | 000,000,000 | ---D | M] (BitComet Download Helper) -- C:\Users\Léna\AppData\Roaming\mozilla\Firefox\Profiles\k6929x90.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/05/25 17:55:14 | 000,000,000 | ---D | M] -- C:\Users\Léna\AppData\Roaming\mozilla\Firefox\Profiles\k6929x90.default\extensions\searchrecs@veoh.com
[2010/03/31 13:13:10 | 000,000,000 | ---D | M] -- C:\Users\Léna\AppData\Roaming\mozilla\Firefox\Profiles\k6929x90.default\extensions\SkipScreen@SkipScreen
[2010/04/15 14:02:44 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/12/27 03:02:52 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/15 14:02:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/12/06 10:50:54 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2008/01/23 08:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/04/25 22:29:52 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2009/04/25 22:29:52 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2009/04/25 22:29:52 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2009/04/25 22:29:52 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2009/04/25 22:29:52 | 000,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/04/12 19:02:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [ooquickpdfv7] C:\Windows\System32\oopmagentts.exe ()
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: 01net.exe ([kav8.0.0.506.fr] * in Sites de confiance)
O15 - HKCU\..Trusted Domains: 191megaupload.com ([www] * in Sites de confiance)
O15 - HKCU\..Trusted Domains: apple.com ([www] http in Local intranet)
O15 - HKCU\..Trusted Domains: apple.com ([www] https in Sites de confiance)
O15 - HKCU\..Trusted Domains: avgate.net ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: avgfree.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: bestofmedia.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: bitdefender.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: bleepingcomputer.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: boonty.com ([tdm] * in Sites de confiance)
O15 - HKCU\..Trusted Domains: clubic.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: commentcamarche.net ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: commentcamarche.net ([dl] * in Sites de confiance)
O15 - HKCU\..Trusted Domains: commentsamarche.net ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: edgesuite.net ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: edgesuite.net ([appldnld.apple.com] * in Sites de confiance)
O15 - HKCU\..Trusted Domains: edgesuite.net ([www] * in Sites de confiance)
O15 - HKCU\..Trusted Domains: filehippo.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: first_class_flurry-setup.exe ([]https in Sites de confiance)
O15 - HKCU\..Trusted Domains: gamecentersolution.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: gmer.exe ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: kaspersky.fr ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: kaspersky.fr ([www] * in Sites de confiance)
O15 - HKCU\..Trusted Domains: kaspersky.net ([telecharger] * in Sites de confiance)
O15 - HKCU\..Trusted Domains: malwarebytes.org ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: megaupload.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: msgpluslive.net ([mirror1] * in Sites de confiance)
O15 - HKCU\..Trusted Domains: orange.fr ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: orange.fr ([jeuxentelechargement] https in Sites de confiance)
O15 - HKCU\..Trusted Domains: orange.fr ([www] https in Sites de confiance)
O15 - HKCU\..Trusted Domains: siurceforge.net ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: skipscreen.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: softonic.fr ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: sourceforge.net ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: sourceforge.net ([freefr.dl] * in Sites de confiance)
O15 - HKCU\..Trusted Domains: spybotupdates.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: telechargement.fr ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: veoh.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: veoh.com ([]https in Sites de confiance)
O15 - HKCU\..Trusted Domains: veoh.com ([www.apserver] https in Sites de confiance)
O15 - HKCU\..Trusted Domains: veohvideocompasssetup_eng.exe ([]https in Sites de confiance)
O15 - HKCU\..Trusted Domains: wildgames.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Domains: windowslive.fr ([www] * in Sites de confiance)
O15 - HKCU\..Trusted Domains: zylom.com ([]* in Sites de confiance)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Sites de confiance)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Léna\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Léna\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/15 19:40:04 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Léna\Desktop\OTL.exe
[2010/04/15 19:25:46 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2010/04/15 19:24:26 | 001,502,262 | ---- | C] (Nicolas Coolman ) -- C:\Users\Léna\Desktop\ZHPDiag 1.25.13.exe
[2010/04/15 14:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/15 14:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/15 14:02:35 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/04/15 14:02:35 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/15 14:02:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/15 14:02:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/14 19:24:47 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/14 19:24:46 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/14 19:23:23 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/14 19:23:21 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/14 15:23:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/04/14 15:23:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/04/14 15:23:06 | 000,000,000 | ---D | C] -- C:\Users\Léna\AppData\Local\temp
[2010/04/14 15:08:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/04/14 14:42:58 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/04/11 21:39:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/04/11 21:39:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/04/11 21:39:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/04/11 21:39:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/11 21:34:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/11 11:09:18 | 000,000,000 | ---D | C] -- C:\Users\Léna\AppData\Roaming\Malwarebytes
[2010/04/11 11:09:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/11 11:08:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/11 11:08:56 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/11 11:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/11 10:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/31 13:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/03/30 19:22:22 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/03/30 19:22:22 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/30 19:22:22 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/30 19:22:22 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/30 19:22:21 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/03/30 19:22:21 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/30 19:22:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/03/30 19:22:21 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/03/30 19:22:21 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/03/30 19:22:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/03/30 19:22:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/03/30 19:22:21 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/30 19:22:21 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/03/30 19:22:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/30 19:22:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/21 12:01:42 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/15 19:48:02 | 008,388,608 | -HS- | M] () -- C:\Users\Léna\NTUSER.DAT
[2010/04/15 19:45:38 | 000,680,340 | ---- | M] () -- C:\Users\Léna\Desktop\starter_starter_5.6.2.9_francais_12492.zip
[2010/04/15 19:41:03 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Léna\Desktop\OTL.exe
[2010/04/15 19:36:06 | 001,500,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/15 19:36:06 | 000,684,658 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/04/15 19:36:06 | 000,591,872 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/15 19:36:06 | 000,128,638 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/04/15 19:36:06 | 000,105,752 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/15 19:33:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/15 19:31:18 | 000,000,680 | ---- | M] () -- C:\Users\Léna\AppData\Local\d3d9caps.dat
[2010/04/15 19:30:16 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/04/15 19:28:58 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/15 19:28:58 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/15 19:28:56 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/15 19:28:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/15 19:28:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/15 19:28:33 | 2012,471,296 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/15 19:27:35 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/04/15 19:27:27 | 000,524,288 | -HS- | M] () -- C:\Users\Léna\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/15 19:27:27 | 000,065,536 | -HS- | M] () -- C:\Users\Léna\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/15 19:27:09 | 003,376,123 | -H-- | M] () -- C:\Users\Léna\AppData\Local\IconCache.db
[2010/04/15 19:25:30 | 001,502,262 | ---- | M] (Nicolas Coolman ) -- C:\Users\Léna\Desktop\ZHPDiag 1.25.13.exe
[2010/04/15 19:21:24 | 000,085,836 | ---- | M] () -- C:\Users\Léna\Documents\cc_20100415_192054.reg
[2010/04/15 19:10:57 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9B8CB6BC-2AEF-4BCD-9049-47AA98A78071}.job
[2010/04/15 11:13:59 | 000,000,008 | ---- | M] () -- C:\Users\Léna\AppData\Roaming\ejtzir.dat
[2010/04/15 10:27:40 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010/04/14 15:18:37 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/04/12 19:02:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/04/12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/04/12 10:54:41 | 000,019,456 | ---- | M] () -- C:\Users\Léna\Documents\FILMS ,,.doc
[2010/04/12 10:43:46 | 000,002,663 | ---- | M] () -- C:\Users\Léna\Desktop\Microsoft Word.lnk
[2010/04/11 11:09:08 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/11 10:24:05 | 000,001,677 | ---- | M] () -- C:\Users\Léna\Desktop\CCleaner.lnk
[2010/04/10 14:46:42 | 000,023,040 | ---- | M] () -- C:\Users\Léna\Documents\ALCOOL.doc
[2010/04/05 15:47:45 | 000,189,952 | ---- | M] () -- C:\Users\Léna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/04 23:43:44 | 000,022,261 | ---- | M] () -- C:\Users\Léna\73448158-930cb99ba6a33eb611698872e7.jpg
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/29 17:28:17 | 000,020,480 | ---- | M] () -- C:\Users\Léna\Documents\Adresses.doc
[2010/03/29 17:23:41 | 000,020,480 | ---- | M] () -- C:\Users\Léna\Documents\Lettre motiv ASH.doc
[2010/03/24 10:32:58 | 000,019,456 | ---- | M] () -- C:\Users\Léna\Documents\Band of horses.doc
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/15 19:44:48 | 000,680,340 | ---- | C] () -- C:\Users\Léna\Desktop\starter_starter_5.6.2.9_francais_12492.zip
[2010/04/15 19:31:18 | 000,000,680 | ---- | C] () -- C:\Users\Léna\AppData\Local\d3d9caps.dat
[2010/04/15 19:21:09 | 000,085,836 | ---- | C] () -- C:\Users\Léna\Documents\cc_20100415_192054.reg
[2010/04/15 11:13:59 | 000,000,008 | ---- | C] () -- C:\Users\Léna\AppData\Roaming\ejtzir.dat
[2010/04/14 16:25:01 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2010/04/11 21:39:23 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/04/11 21:39:23 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/04/11 21:39:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/04/11 21:39:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/04/11 21:39:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/04/11 11:09:08 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/11 10:24:05 | 000,001,677 | ---- | C] () -- C:\Users\Léna\Desktop\CCleaner.lnk
[2010/04/04 23:43:39 | 000,022,261 | ---- | C] () -- C:\Users\Léna\73448158-930cb99ba6a33eb611698872e7.jpg
[2010/04/04 11:26:39 | 000,023,040 | ---- | C] () -- C:\Users\Léna\Documents\ALCOOL.doc
[2010/03/29 17:28:17 | 000,020,480 | ---- | C] () -- C:\Users\Léna\Documents\Adresses.doc
[2010/03/24 10:32:56 | 000,019,456 | ---- | C] () -- C:\Users\Léna\Documents\Band of horses.doc
[2010/02/17 12:14:40 | 003,854,274 | ---- | C] () -- C:\Users\Léna\1x16 The Kills- U.R.A. Fever.mp3
[2010/02/07 01:22:55 | 000,001,474 | ---- | C] () -- C:\Users\Léna\.recently-used.xbel
[2010/02/02 20:40:12 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/02/02 20:40:11 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/02/02 20:39:43 | 000,002,528 | ---- | C] () -- C:\Users\Léna\AppData\Roaming\$_hpcst$.hpc
[2010/01/30 11:47:18 | 003,939,486 | ---- | C] () -- C:\Users\Léna\08 Untitled.mp3
[2010/01/29 21:41:29 | 000,000,016 | ---- | C] () -- C:\Users\Léna\AppData\Roaming\anvkgp.dat
[2009/12/16 21:03:37 | 000,009,785 | -HS- | C] () -- C:\Users\Léna\AlbumArt_{FB185E1F-13B6-4F4C-B65D-D2147C0D94BA}_Large.jpg
[2009/12/16 21:03:37 | 000,002,133 | -HS- | C] () -- C:\Users\Léna\AlbumArt_{FB185E1F-13B6-4F4C-B65D-D2147C0D94BA}_Small.jpg
[2009/12/16 19:58:52 | 000,383,163 | ---- | C] () -- C:\Users\Léna\DSC04087.JPG
[2009/12/16 19:58:52 | 000,368,175 | ---- | C] () -- C:\Users\Léna\DSC04090.JPG
[2009/12/16 19:58:52 | 000,356,413 | ---- | C] () -- C:\Users\Léna\DSC04086.JPG
[2009/12/11 18:57:47 | 003,889,117 | ---- | C] () -- C:\Users\Léna\eb3-3.gif
[2009/12/11 18:57:44 | 007,281,694 | ---- | C] () -- C:\Users\Léna\eb4-2.gif
[2009/12/11 18:57:36 | 004,408,136 | ---- | C] () -- C:\Users\Léna\eb7-3.gif
[2009/11/22 14:49:36 | 000,012,933 | -HS- | C] () -- C:\Users\Léna\AlbumArt_{433A6A2D-5769-44BA-83B6-28C2EE0956E5}_Large.jpg
[2009/11/22 14:49:36 | 000,002,621 | -HS- | C] () -- C:\Users\Léna\AlbumArt_{433A6A2D-5769-44BA-83B6-28C2EE0956E5}_Small.jpg
[2009/11/20 22:53:38 | 000,054,745 | ---- | C] () -- C:\Users\Léna\05 - Copie.jpg
[2009/11/20 22:49:41 | 000,059,749 | ---- | C] () -- C:\Users\Léna\05.jpg
[2009/11/20 22:45:03 | 000,134,631 | ---- | C] () -- C:\Users\Léna\VD09-PR-0016.jpg
[2009/11/19 22:11:21 | 000,091,772 | ---- | C] () -- C:\Users\Léna\normal_vf-outtake004.jpg
[2009/11/18 18:47:52 | 005,833,325 | ---- | C] () -- C:\Users\Léna\08 Sleep.mp3
[2009/11/18 18:47:29 | 005,390,336 | ---- | C] () -- C:\Users\Léna\09 Into Dust.mp3
[2009/11/15 02:36:33 | 000,061,659 | ---- | C] () -- C:\Users\Léna\normal_IMG1_(21).jpg
[2009/11/05 19:38:10 | 000,060,701 | ---- | C] () -- C:\Users\Léna\cam-gigandet.jpg
[2009/11/04 19:46:55 | 000,031,785 | ---- | C] () -- C:\Users\Léna\pattinsona091206 - rouge - Copie - Copie.jpg
[2009/11/02 14:05:13 | 000,052,906 | ---- | C] () -- C:\Users\Léna\pattinsona091206 - rouge - Copie.jpg
[2009/11/02 14:03:02 | 000,092,543 | ---- | C] () -- C:\Users\Léna\pattinsona091206 - rouge.jpg
[2009/10/15 20:13:17 | 000,030,724 | ---- | C] () -- C:\Users\Léna\024_AC072 - Copie.jpg
[2009/10/15 20:12:22 | 000,037,175 | ---- | C] () -- C:\Users\Léna\024_AC072.jpg
[2009/09/16 07:33:30 | 007,400,872 | ---- | C] () -- C:\Users\Léna\15 - Two Steps From Hell - Moving Mountains.mp3
[2009/08/29 15:24:28 | 000,010,376 | -HS- | C] () -- C:\Users\Léna\AlbumArt_{795B8FEE-CBD2-4D66-A5E1-64C84872658D}_Large.jpg
[2009/08/29 15:24:27 | 000,009,785 | -HS- | C] () -- C:\Users\Léna\Folder.jpg
[2009/08/29 15:24:27 | 000,002,770 | -HS- | C] () -- C:\Users\Léna\AlbumArt_{795B8FEE-CBD2-4D66-A5E1-64C84872658D}_Small.jpg
[2009/08/29 15:24:27 | 000,002,133 | -HS- | C] () -- C:\Users\Léna\AlbumArtSmall.jpg
[2009/08/27 23:57:37 | 004,848,267 | ---- | C] () -- C:\Users\Léna\2Pac - Ghetto Gospel.mp3
[2009/08/23 11:34:06 | 000,026,451 | ---- | C] () -- C:\Users\Léna\gq2.jpg
[2009/07/08 17:51:40 | 000,354,030 | ---- | C] () -- C:\Users\Léna\image.bmp
[2009/07/06 11:43:12 | 000,032,014 | ---- | C] () -- C:\Users\Léna\5975_1183485987972_1252896237_501301_1337426_n.jpg
[2009/07/06 11:43:04 | 000,027,538 | ---- | C] () -- C:\Users\Léna\5975_1183486107975_1252896237_501304_3781612_n.jpg
[2009/07/06 11:42:41 | 000,042,926 | ---- | C] () -- C:\Users\Léna\5975_1183482507885_1252896237_501283_6506997_n.jpg
[2009/06/30 11:22:55 | 000,016,817 | ---- | C] () -- C:\Users\Léna\normal_d6 - Copie.jpg
[2009/06/10 19:08:37 | 001,491,264 | ---- | C] () -- C:\Users\Léna\tracysong-angel.mp3
[2009/05/31 23:17:58 | 000,020,499 | ---- | C] () -- C:\Users\Léna\normal_d6.jpg
[2009/05/04 19:56:24 | 003,630,504 | ---- | C] () -- C:\Users\Léna\Madonna - love profusion.mp3
[2009/04/01 17:59:05 | 006,454,743 | ---- | C] () -- C:\Users\Léna\Anna Nalick - Breathe.mp3
[2009/03/20 22:39:40 | 005,455,486 | ---- | C] () -- C:\Users\Léna\EMRA'Z 3.wma
[2009/03/20 22:39:33 | 004,218,454 | ---- | C] () -- C:\Users\Léna\Elsa.wma
[2008/07/23 18:50:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/07/23 18:47:34 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/07/23 18:47:34 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/07/23 18:46:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/12/30 00:42:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/12/26 13:38:41 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2007/12/26 13:24:27 | 000,189,952 | ---- | C] () -- C:\Users\Léna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/26 00:11:49 | 000,016,384 | ---- | C] () -- C:\Windows\System32\DsrSleep.dll
[2007/12/26 00:10:16 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2007/12/26 00:10:16 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2007/12/26 00:08:25 | 000,026,112 | ---- | C] () -- C:\Windows\System32\oopmpm.dll
[2007/12/21 13:47:10 | 000,000,020 | -HS- | C] () -- C:\Users\Léna\ntuser.ini
[2007/12/21 13:47:09 | 000,524,288 | -HS- | C] () -- C:\Users\Léna\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2007/12/21 13:47:09 | 000,524,288 | -HS- | C] () -- C:\Users\Léna\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2007/12/21 13:47:09 | 000,262,144 | -H-- | C] () -- C:\Users\Léna\ntuser.dat.LOG1
[2007/12/21 13:47:09 | 000,065,536 | -HS- | C] () -- C:\Users\Léna\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2007/12/21 13:47:09 | 000,000,000 | -H-- | C] () -- C:\Users\Léna\ntuser.dat.LOG2
[2007/12/21 13:47:08 | 008,388,608 | -HS- | C] () -- C:\Users\Léna\NTUSER.DAT
[2007/11/10 06:25:45 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/04/18 11:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/10 04:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1999/01/22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< :OTL >

< PRC - C:\Windows\System32\oopmagentts.exe () >

< PRC - C:\Windows\ASScrPro.exe () >

< >

< SRV - (CLTNetCnService) -- File not found >

< O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. >

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:A42A9F39
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E5AFE07D
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0651F96C
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F50F1555
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:726FDB23
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:B3B92717
< End of report >
lilparadize
Apprenti(e)
Apprenti(e)
 
Messages: 38
Inscription: 02 Avr 2010 18:50
 

Re: Infection TR Rootkit gen

Message le 15 Avr 2010 18:58

tu as du faire une petite erreur dans ma demande précédente. il te faut bien valider Run Fix et non Run scan que tu as du faire
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: Infection TR Rootkit gen

Message le 15 Avr 2010 19:19

Ok désolée mais moi c'est tout écrit en français et non en anglais c'est pour sa que je me suis trompée... Voilà donc l'autre rapport :

========== OTL ==========
No active process named oopmagentts.exe was found!
No active process named ASScrPro.exe was found!
Error: No service named CLTNetCnService was found to stop!
Service\Driver key CLTNetCnService not found.
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

OTL by OldTimer - Version 3.2.1.1 log created on 04152010_201836
lilparadize
Apprenti(e)
Apprenti(e)
 
Messages: 38
Inscription: 02 Avr 2010 18:50
 

Re: Infection TR Rootkit gen

Message le 15 Avr 2010 19:40

Très bien comment va ton pc maintenant?
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: Infection TR Rootkit gen

Message le 15 Avr 2010 21:05

Les pages sont toujours longues à charger ainsi que les vidéos du genre sur youtube... :cry: Mais bon tout les logiciels me disent que j'ai plus de virus donc peut être que c'est tout simplement la vieillesse de mon ordi, sa va faire 3 ans que je l'ai.
lilparadize
Apprenti(e)
Apprenti(e)
 
Messages: 38
Inscription: 02 Avr 2010 18:50
 

Re: Infection TR Rootkit gen

Message le 16 Avr 2010 11:50

bon pour linfection cela est réglé. :wink:

Fait ceci pour supprimer les logiciels qui ont servis à cette désinfection.
>> Télécharge ToolsCleaner (de A.Rothstein & dj QUIOU) http://pc-system.fr/TC/ToolsCleaner2.exe

>> Double-clique dessus pour lancer le programme

>> Clique sur Recherche et laisse le scan se terminer (il peut durer une dizaine de minutes au maximum).

>> Une fois la recherche lancée, ne clique pas dans la fenêtre, cela provoquerait un léger bug du programme.

>> Si toutes fois la mention (ne réponds pas) apparaissait dans le titre de la fenêtre ToolsCleaner, ne t'en occupes pas et laisse quand même le programme terminer son travail

** Clique sur Suppression pour finaliser.

• Tu peux, si tu le souhaites, te servir des Options facultatives.

**Poste-moi le rapport qui apparait



Ensuite::

Bon maintenant on va mettre la restauration du système propre.
Pour cela:

1- Valides les touches Windows et Pause en même temps.

Puis Protection du système

Sur cette fenêtre décoches la case concernant le DD ou est installé ton système normalement C:

Valide et acceptes les demandes suivantes.

***Pour Windows 7** il faut valider l'onglet Configurer puis valider la désactivation de la restauration.

**Toujours sur cette même fenêtre : Il te faut donc maintenant recrée un nouveau point de restauration.

Coche cette même case et valides cela par l’onglet APPLIQUER puis onglet « CREER »

Nommes ce point PC- Clean: Valides.

Vous pouvez maintenant fermer toutes les fenêtres.


Maintenant tu peux me dire si ton pc peine au lancement de logiciel ou plutôt sur internet!
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

PrécédenteSuivante


Sujets similaires

Message [Résolu] infection probable
Bonjour à tousalors voila, je pense être infecter par virus et ou malware, ou quelqu'un, depuis un bon moment j'ai des bannières qui viennent ce glisser et entrer sur mon écran à droite, elles apparaissent par 3 l'une sur l'autre, je peut les fermer, mais elles reviennent,principalement ca concerne ...
Réponses: 22

Message Suspicion d'infection
Bonjour,Il y a peu mon PC m'a paru ralenti et répondant bizarrement.Voici les rapports FRST.Merci d'avance.JF
Réponses: 3

Message [Réglé] infection probable
Bonjour à tousalors voila, je pense être infecter par virus et ou malware, ou quelqu'un, depuis un bon moment j'ai des bannières qui viennent ce glisser et entrer sur mon écran en bas à droite, dans la journée elles apparaissent par 3 l'une sur l'autre, je peut les fermer, mais sitôt que je quitte ...
Réponses: 12

Message [Réglé] vérification possible infection ou autres
bonjour a tous, j'ai mon PC qui ralenti fort en ce moment, un disque qui est a 100% d'activité alors qu'il est a 50% sur le processus et une impossibilité de désinstaller CCLEANER et MALWARmerci de votre aide
Réponses: 28

Message [Réglé] infection ou pas pc
ci joint le rapport zhp
Réponses: 14

Message Infection
Bonjour, Je suis nouveau sur votre Forum, à vrai dire c'est la 1er fois que je m'inscris puisque je trouve facilement mes réponses sur d'autres topics en général. Mais là, c'est un peu trop compliqué pour moi. Je suis débrouillard en informatique mais pas expert ! Voilà mes problèmes, dans mes appli ...
Réponses: 7

Message Infection Netutils2016
Bonjour à tous !Voilà, mon souci est l'infection du PC via netutils2016(il me semble).Je joint les rapports générés via FRST64.Je sèche donc si vous avez des solutions...Merci d'avance.
Réponses: 1


Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 20 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.