infection Win32:Bubak[Rtk] • page 2

nankech7 · le 18 Aoû 2010 17:01

Fichier OTL :

Code: Tout sélectionner: OTL logfile created on: 18/08/2010 16:25:30 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Dubot\Bureau Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 85.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free Paging file location(s): C:\pagefile.sys 320 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.11 Gb Total Space | 16.04 Gb Free Space | 43.22% Space Free | Partition Type: NTFS Drive D: | 195.78 Gb Total Space | 52.79 Gb Free Space | 26.96% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 3.73 Gb Total Space | 3.70 Gb Free Space | 99.31% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TERMINAL-ETAGE Current User Name: Dubot Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Documents and Settings\Dubot\Bureau\OTL.exe (OldTimer Tools) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - C:\Documents and Settings\Dubot\Bureau\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (gojxvlyv) -- C:\WINDOWS\System32\ubguuut.dll File not found SRV - (ResultDns Service) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ResultDns\resultdns111.exe () SRV - (maconfservice) -- C:\Program Files\ma-config.com\maconfservice.exe (CybelSoft) SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (a2free) -- C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe (Emsi Software GmbH) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (NMIndexingService) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (Nero AG) SRV - (AntiVirScheduler) -- C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) SRV - (LVSrvLauncher) -- C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\System32\DRIVERS\LV302V32.SYS File not found DRV - (driverhardwarev2) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (CybelSoft) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia) DRV - (MSHUSBVideo) -- C:\WINDOWS\system32\drivers\nx6000.sys (Microsoft Corporation) DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech Inc.) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech Inc.) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech Inc.) DRV - (avgntflt) -- C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH) DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.) DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys () DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell) DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider) DRV - (PID_08A0) QuickCam IM(PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Logitech Inc.) DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys () [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.tangotoolbar.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.fr/firefox" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.8 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {1A615EA8-4C56-49EE-BE83-F9A264B79997}:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/18 03:11:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/24 15:59:28 | 000,000,000 | ---D | M] [2009/02/11 00:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dubot\Application Data\Mozilla\Extensions [2010/08/18 03:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dubot\Application Data\Mozilla\Firefox\Profiles\ilmmrfdy.default\extensions [2010/05/24 20:53:09 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Dubot\Application Data\Mozilla\Firefox\Profiles\ilmmrfdy.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2010/05/04 12:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dubot\Application Data\Mozilla\Firefox\Profiles\ilmmrfdy.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66} [2010/05/24 20:53:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Dubot\Application Data\Mozilla\Firefox\Profiles\ilmmrfdy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/08/18 03:26:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/08/18 03:10:48 | 000,000,000 | ---D | M] (ResultDns) -- C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997} [2010/08/18 03:11:02 | 000,211,456 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\gpff.dll [2010/03/12 19:08:34 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2010/03/12 19:08:34 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2010/03/12 19:08:34 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2006/09/10 13:35:08 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml [2010/03/12 19:08:35 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2010/03/24 11:07:44 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2001/08/24 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (EoBho Class) - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll File not found O2 - BHO: (Tango) - {7F23F4BD-1E50-4489-A9DF-083C6ADEB9EC} - C:\WINDOWS\system32\5b78.dll () O2 - BHO: () - {84025FE1-B5C6-4C8B-A991-9F2BC3E2B4E8} - C:\WINDOWS\System32\ubguuut.dll File not found O3 - HKLM\..\Toolbar: (Tango) - {7F23F4BC-1E50-4489-A9DF-083C6ADEB9EC} - C:\WINDOWS\system32\5b78.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Tango) - {7F23F4BC-1E50-4489-A9DF-083C6ADEB9EC} - C:\WINDOWS\system32\5b78.dll () O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [avgnt] C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ItsTV] C:\Program Files\ItsLabel\ItsTV.exe File not found O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [dccryjbp] C:\Documents and Settings\Dubot\Local Settings\Application Data\iswgmfjea\ibpvkjmshdw.exe () O4 - HKCU..\Run: [GabPath] C:\Documents and Settings\Dubot\Application Data\GabPath\gabpath.exe () O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.) O4 - HKCU..\Run: [SfKg6wIPuSp] C:\Documents and Settings\Dubot\Application Data\Microsoft\Windows\jnipmo.exe () O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\Dubot\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: D:\Julien\Musique\Pique La Lune !\Site\squelette.gif O24 - Desktop BackupWallPaper: D:\Antoine\Musique\sdfng.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/07/04 23:05:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{712d5e7a-9729-11df-8eaa-00e061082b99}\Shell\AutoRun\command - "" = ie.exe O33 - MountPoints2\{712d5e7a-9729-11df-8eaa-00e061082b99}\Shell\explore\Command - "" = ie.exe O33 - MountPoints2\{712d5e7a-9729-11df-8eaa-00e061082b99}\Shell\open\Command - "" = ie.exe O33 - MountPoints2\{af970ca0-3e3e-11de-8c53-00e061082b99}\Shell\AutoRun\command - "" = ie.exe O33 - MountPoints2\{af970ca0-3e3e-11de-8c53-00e061082b99}\Shell\explore\Command - "" = ie.exe O33 - MountPoints2\{af970ca0-3e3e-11de-8c53-00e061082b99}\Shell\open\Command - "" = ie.exe O33 - MountPoints2\{c148480e-7c03-11dd-8fae-00e061082b99}\Shell - "" = AutoRun O33 - MountPoints2\{c148480e-7c03-11dd-8fae-00e061082b99}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{e7aa1f22-22c5-11de-8c26-00e061082b99}\Shell\AutoRun\command - "" = ie.exe O33 - MountPoints2\{e7aa1f22-22c5-11de-8c26-00e061082b99}\Shell\explore\Command - "" = ie.exe O33 - MountPoints2\{e7aa1f22-22c5-11de-8c26-00e061082b99}\Shell\open\Command - "" = ie.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/08/18 13:44:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010/08/18 13:33:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dubot\Bureau\OTL.exe [2010/08/18 13:32:31 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2010/08/18 03:16:45 | 000,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010/08/18 03:16:45 | 000,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010/08/18 03:16:44 | 000,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr [2010/08/18 03:16:44 | 000,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010/08/18 03:16:43 | 000,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010/08/18 03:16:43 | 000,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010/08/18 03:16:43 | 000,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010/08/18 03:16:43 | 000,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010/08/18 03:16:30 | 001,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2010/08/18 03:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dubot\Application Data\Street-Ads [2010/08/18 03:11:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dubot\Application Data\Sky-Banners [2010/08/18 03:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\ResultDns [2010/08/18 03:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ResultDns [2010/08/18 03:10:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dubot\Local Settings\Application Data\iswgmfjea [2010/08/18 03:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dubot\Application Data\GabPath [2010/08/18 03:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dubot\Local Settings\Application Data\Windows Server [2010/08/18 03:10:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dubot\Application Data\A7D6AF9EF4FC583784AA19F4518F7FB0 [2010/08/15 11:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\RegCleaner [2010/08/02 10:11:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\Avatar [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/08/18 16:26:50 | 000,786,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\dykmukw.sys [2010/08/18 13:49:21 | 000,163,166 | ---- | M] () -- C:\Documents and Settings\Dubot\Bureau\regedit.JPG [2010/08/18 13:49:15 | 004,608,054 | ---- | M] () -- C:\Documents and Settings\Dubot\Bureau\regedit.bmp [2010/08/18 13:46:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/08/18 13:45:12 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Dubot\NTUSER.DAT [2010/08/18 13:45:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/08/18 13:45:00 | 004,861,354 | -H-- | M] () -- C:\Documents and Settings\Dubot\Local Settings\Application Data\IconCache.db [2010/08/18 13:34:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dubot\Bureau\OTL.exe [2010/08/18 04:59:16 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Dubot\ntuser.ini [2010/08/18 03:16:45 | 000,001,715 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\avast! Antivirus.lnk [2010/08/18 03:16:43 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010/08/18 03:10:36 | 000,815,104 | ---- | M] () -- C:\WINDOWS\System32\5b78.dll [2010/08/17 19:10:24 | 000,058,368 | ---- | M] () -- D:\Mes Documents\MY CAPRICE IS RICH.doc [2010/08/17 11:44:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/08/15 20:47:32 | 000,002,009 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2010/08/15 20:47:32 | 000,000,250 | ---- | M] () -- C:\WINDOWS\system.ini [2010/08/15 11:56:16 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\Dubot\Bureau\RegCleaner.lnk [2010/08/13 11:14:20 | 000,058,880 | ---- | M] () -- D:\Mes Documents\cv 2009 Fabrice DUBOT.doc [2010/08/03 20:23:20 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/08/18 13:49:21 | 000,163,166 | ---- | C] () -- C:\Documents and Settings\Dubot\Bureau\regedit.JPG [2010/08/18 13:49:14 | 004,608,054 | ---- | C] () -- C:\Documents and Settings\Dubot\Bureau\regedit.bmp [2010/08/18 03:16:45 | 000,001,715 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\avast! Antivirus.lnk [2010/08/18 03:10:44 | 000,786,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\dykmukw.sys [2010/08/18 03:10:36 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\5b78.dll [2010/08/15 11:55:55 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\Dubot\Bureau\RegCleaner.lnk [2010/06/27 19:58:44 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2010/06/24 23:57:05 | 000,300,896 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/06/08 01:10:19 | 000,473,600 | ---- | C] () -- C:\WINDOWS\System32\oldharmony.dll [2010/01/09 15:36:50 | 000,000,060 | ---- | C] () -- C:\WINDOWS\HFREP.INI [2010/01/09 15:36:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WD.INI [2009/10/20 20:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2009/09/17 23:52:36 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009/02/19 15:56:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\stmchart.INI [2009/02/14 18:14:15 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll [2009/02/09 21:33:55 | 000,000,012 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2009/01/26 19:48:00 | 000,010,107 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log [2008/10/20 20:27:55 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008/10/12 20:43:34 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Dubot\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/07/16 17:37:17 | 000,000,295 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2008/07/16 17:37:01 | 000,001,201 | ---- | C] () -- C:\WINDOWS\wininit.ini [2008/07/05 00:27:31 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2008/07/05 00:22:18 | 000,611,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008/07/05 00:18:36 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/10/04 11:14:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007/10/04 11:14:00 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007/10/04 11:14:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007/10/04 11:14:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007/10/04 11:14:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007/02/06 18:42:40 | 001,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys [2004/12/20 12:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2004/12/20 12:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2004/08/19 17:09:28 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2002/12/14 23:46:02 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll [2002/12/14 23:46:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2002/12/14 23:46:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2002/12/14 22:46:04 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2002/11/15 14:11:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll [1996/04/03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2006/05/09 10:11:17 | 017,104,107 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2006/05/09 10:11:17 | 017,104,107 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004/08/19 17:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\system32\dllcache\eventlog.dll [2004/08/19 17:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2004/08/19 17:09:38 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\system32\dllcache\netlogon.dll [2004/08/19 17:09:38 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\system32\netlogon.dll [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2004/08/19 17:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\system32\dllcache\scecli.dll [2004/08/19 17:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\system32\scecli.dll [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:24051EFF < End of report > [2010/08/18 16:29:50 | 000,786,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\dykmukw.sys [2010/08/18 16:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dubot\Bureau [2010/08/18 16:26:07 | 000,704,512 | -H-- | M] () -- C:\Documents and Settings\Dubot\ntuser.dat.LOG [2010/08/18 16:24:00 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Dubot\Recent [2010/08/18 13:49:21 | 000,163,166 | ---- | M] () -- C:\Documents and Settings\Dubot\Bureau\regedit.JPG [2010/08/18 13:49:15 | 004,608,054 | ---- | M] () -- C:\Documents and Settings\Dubot\Bureau\regedit.bmp [2010/08/18 13:46:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/08/18 13:45:12 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Dubot\NTUSER.DAT [2010/08/18 13:45:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/08/18 13:45:00 | 004,861,354 | -H-- | M] () -- C:\Documents and Settings\Dubot\Local Settings\Application Data\IconCache.db [2010/08/18 13:34:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dubot\Bureau\OTL.exe [2010/08/18 13:09:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Dubot\Cookies [2010/08/18 04:59:16 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Dubot\ntuser.ini [2010/08/18 03:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2010/08/18 03:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dubot\Application Data\BitTorrent [2010/08/18 03:16:45 | 000,001,715 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\avast! Antivirus.lnk [2010/08/18 03:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Bureau [2010/08/18 03:16:43 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010/08/18 03:16:28 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software [2010/08/18 03:13:01 | 000,000,000 | ---D | M] -- C:\Program Files\ResultDns [2010/08/18 03:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ResultDns [2010/08/18 03:11:05 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Dubot\Application Data [2010/08/18 03:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dubot\Application Data\Street-Ads [2010/08/18 03:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dubot\Application Data\Sky-Banners [2010/08/18 03:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dubot\Application Data\GabPath [2010/08/18 03:10:47 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data [2010/08/18 03:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dubot\Local Settings\Application Data\iswgmfjea [2010/08/18 03:10:36 | 000,815,104 | ---- | M] () -- C:\WINDOWS\System32\5b78.dll [2010/08/18 03:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dubot\Local Settings\Application Data\Windows Server [2010/08/18 03:10:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Dubot\Modèles [2010/08/18 03:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dubot\Application Data\A7D6AF9EF4FC583784AA19F4518F7FB0 [2010/08/17 19:10:24 | 000,058,368 | ---- | M] () -- D:\Mes Documents\MY CAPRICE IS RICH.doc [2010/08/17 11:44:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/08/15 21:57:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Dubot\Voisinage réseau [2010/08/15 20:47:32 | 000,002,009 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2010/08/15 20:47:32 | 000,000,250 | ---- | M] () -- C:\WINDOWS\system.ini [2010/08/15 12:03:42 | 000,000,000 | ---D | M] -- C:\Program Files\RegCleaner [2010/08/15 11:56:16 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\Dubot\Bureau\RegCleaner.lnk [2010/08/13 13:04:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox [2010/08/13 11:14:20 | 000,058,880 | ---- | M] () -- D:\Mes Documents\cv 2009 Fabrice DUBOT.doc [2010/08/03 20:23:20 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010/08/02 16:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software [2010/08/02 10:13:03 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users.WINDOWS\Documents [2010/07/04 02:49:48 | 000,300,896 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/07/04 00:36:05 | 000,068,760 | ---- | M] () -- C:\Documents and Settings\Dubot\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/07/03 19:09:57 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Dubot\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/03/22 15:52:04 | 000,010,107 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log [2008/07/05 00:59:54 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Dubot\Application Data\desktop.ini [2008/07/05 00:59:54 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/08/18 16:30:10 | 000,786,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\dykmukw.sys [2010/08/18 13:49:21 | 000,163,166 | ---- | M] () -- C:\Documents and Settings\Dubot\Bureau\regedit.JPG [2010/08/18 13:49:15 | 004,608,054 | ---- | M] () -- C:\Documents and Settings\Dubot\Bureau\regedit.bmp [2010/08/18 13:46:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/08/18 13:45:12 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Dubot\NTUSER.DAT [2010/08/18 13:45:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/08/18 13:45:00 | 004,861,354 | -H-- | M] () -- C:\Documents and Settings\Dubot\Local Settings\Application Data\IconCache.db [2010/08/18 13:34:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dubot\Bureau\OTL.exe [2010/08/18 04:59:16 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Dubot\ntuser.ini [2010/08/18 03:16:45 | 000,001,715 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\avast! Antivirus.lnk [2010/08/18 03:16:43 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010/08/18 03:10:36 | 000,815,104 | ---- | M] () -- C:\WINDOWS\System32\5b78.dll [2010/08/17 19:10:24 | 000,058,368 | ---- | M] () -- D:\Mes Documents\MY CAPRICE IS RICH.doc [2010/08/17 11:44:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/08/15 20:47:32 | 000,002,009 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2010/08/15 20:47:32 | 000,000,250 | ---- | M] () -- C:\WINDOWS\system.ini [2010/08/15 11:56:16 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\Dubot\Bureau\RegCleaner.lnk [2010/08/13 11:14:20 | 000,058,880 | ---- | M] () -- D:\Mes Documents\cv 2009 Fabrice DUBOT.doc [2010/08/03 20:23:20 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2006/05/09 10:11:17 | 017,104,107 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2006/05/09 10:11:17 | 017,104,107 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004/08/19 17:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\system32\dllcache\eventlog.dll [2004/08/19 17:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2004/08/19 17:09:38 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\system32\dllcache\netlogon.dll [2004/08/19 17:09:38 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\system32\netlogon.dll [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2004/08/19 17:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\system32\dllcache\scecli.dll [2004/08/19 17:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\system32\scecli.dll [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:24051EFF < End of report >

Fichier Extras

Code: Tout sélectionner: OTL Extras logfile created on: 18/08/2010 16:25:30 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Dubot\Bureau Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 85.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free Paging file location(s): C:\pagefile.sys 320 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.11 Gb Total Space | 16.04 Gb Free Space | 43.22% Space Free | Partition Type: NTFS Drive D: | 195.78 Gb Total Space | 52.79 Gb Free Space | 26.96% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 3.73 Gb Total Space | 3.70 Gb Free Space | 99.31% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TERMINAL-ETAGE Current User Name: Dubot Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Personnaliser ce dossier] -- IESHWIZ.EXE %1 (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "DisablePagingExecutive" = 1 "LargeSystemCache" = 0 "SecondLevelDataCache" = 512 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp "48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found "C:\Program Files\AOL 9.0a\waol.exe" = C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a -- File not found "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" = C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\AOL 9.0b\waol.exe" = C:\Program Files\AOL 9.0b\waol.exe:*:Enabled:AOL 9.0b -- File not found "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Counter-Strike 1.6\hl.exe" = C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher -- (Valve) "C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe" = C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam -- File not found "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" = C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- File not found "C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe:*:Disabled:AOL -- File not found "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL 9.0 -- File not found "C:\Program Files\AOL 9.0a\waol.exe" = C:\Program Files\AOL 9.0a\waol.exe:*:Disabled:AOL 9.0a -- File not found "C:\Program Files\AOL 9.0b\waol.exe" = C:\Program Files\AOL 9.0b\waol.exe:*:Disabled:AOL 9.0b -- File not found "C:\Program Files\Fichiers communs\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Fichiers communs\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation) "C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation) "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Disabled:SLVoice -- () "C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- (CybelSoft) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation) "C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation) "C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation) "C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation) "C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation) "C:\CAVEDOG\TOTALA\totala.exe" = C:\CAVEDOG\TOTALA\totala.exe:*:Enabled:Total Annihilation -- (Cavedog Entertainment) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "$NtUninstallMTF1011$" = Street-Ads Browser Enhancer "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{195FF80D-6C1E-4B7A-A48E-45C0AEAC0F24}" = Microsoft LifeCam "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 14 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1 "{2D3551DF-B54C-4F34-884D-8D51F1C62F03}" = Ma-Config.com "{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision "{37A58B85-C98F-11D5-B694-00E07D72A995}" = RM2K Mp3 Patch v1.1 "{38B39865-D988-4945-9A22-6107B8B40953}" = C4200 "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA "{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live "{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater "{50CE21D8-0F44-4f3f-A392-7F9AD3194DEF}" = PS_AIO_Software "{511DF669-2930-30C0-8EB6-552887E29EC8}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA "{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5AD045DF-11AA-473D-B4AA-2A4F0E213047}" = Google SketchUp 7 "{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail "{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8 "{6860B340-530D-46B3-91F8-1AE1F70F7C33}" = OpenOffice.org 3.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger "{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation "{7F23F4BC-1E50-4489-A9DF-083C6ADEB9EC}" = Tango "{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8641C1CB-03B3-41d4-8DEC-79826A4B5C0E}" = HP Photosmart All-In-One Software 8.0 "{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour "{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 Trial "{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer "{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.3 - Français "{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1 "{B668B2B8-70D4-4754-A890-17C1DDDA9418}" = PS_AIO_Software_min "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BD202930-5F70-4B35-B875-1E28604F328D}" = Logitech Communications Manager "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logiciel QuickCam de Logitech "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver "{CF097717-F174-4144-954A-FBC4BF301036}" = Nero 7 Premium "{D8E4A66D-DB68-481F-ABA8-AC622566D4CB}" = PC Connectivity Solution "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help "{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator "{EB5DF677-952C-11D8-B6FD-00C04F4351FF}" = Code de la Route V3 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{FE0C305A-37EE-4499-B4CF-0182E37B20C4}" = PS_AIO_ProductContext "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "4CFD94C379217A02D5EA067615FF789CD731BCDB" = Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Age of Empires" = Microsoft Age of Empires "AntiVir PersonalEdition Classic" = Avira AntiVir PersonalEdition Classic "a-squared Free_is1" = a-squared Free 2.1 "Audacity_is1" = Audacity 1.2.4 "avast!" = avast! Antivirus "BitTorrent" = BitTorrent "CDex" = CDex extraction audio "Counter-Strike 1.6" = Counter-Strike 1.6 "DemonStar - Shareware" = DemonStar - Shareware "Dyson_is1" = Dyson v1.20 "File Recover_is1" = File Recover 7.5 "Free PDF to Word Converter_is1" = Free PDF to Word Converter 1.5 "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "MIKSOFT Mobile 3GP converter_is1" = MIKSOFT Mobile 3GP converter "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "NVIDIA Drivers" = NVIDIA Drivers "QcDrv" = Programme de gestion Camera de Logitech® "RealPlayer 6.0" = RealPlayer Basic "ResultDns" = ResultDns 1.0 build 111 "RPG Maker 2000 1.07b" = RPG Maker 2000 1.07b "RTP 1.32 Add-On for RM2k" = RTP 1.32 Add-On for RM2k "RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts) "SecondLife" = SecondLife (remove only) "SFR_Kit" = SFR - Kit de connexion "SLD Codec Pack" = SLD Codec Pack "SpeedFan" = SpeedFan (remove only) "Total Annihilation" = Total Annihilation "Utilitaires Sierra" = Utilitaires Sierra "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VideoLAN VLC media player 0.8.6d "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WGA" = Windows Genuine Advantage Validation Tool "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "WinLiveSuite_Wave3" = Installation Windows Live "WinPcapInst" = WinPcap 4.1.1 "WinRAR archiver" = Archiveur WinRAR "WM Recorder 14" = WM Recorder 14 "WMFDist11" = Windows Media Format 11 runtime "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In "GabPath" = GabPath [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Antivirus Events ] Error - 17/12/2009 10:42:31 | Computer Name = TERMINAL_ETAGE | Source = avast! | ID = 33554522 Description = Error in aswChestC: chestAddFile Error 32. Error - 10/04/2010 10:04:14 | Computer Name = TERMINAL_ETAGE | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of F:\DCIM\100OLYMP\P2200016.JPG failed, 00000015. Error - 17/04/2010 16:31:52 | Computer Name = TERMINAL_ETAGE | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://thomaschen.freewebspace.com/photo.html failed, 00000005. Error - 05/05/2010 04:57:11 | Computer Name = TERMINAL_ETAGE | Source = avast! | ID = 33554522 Description = Error in aswChestS: chest s_AppFile Error 32. Error - 05/05/2010 04:57:11 | Computer Name = TERMINAL_ETAGE | Source = avast! | ID = 33554522 Description = Error in aswChestC: chestAddFile Error 32. Error - 05/05/2010 04:57:12 | Computer Name = TERMINAL_ETAGE | Source = avast! | ID = 33554522 Description = Error in aswChestS: chest s_AppFile Error 32. Error - 05/05/2010 04:57:12 | Computer Name = TERMINAL_ETAGE | Source = avast! | ID = 33554522 Description = Error in aswChestC: chestAddFile Error 32. Error - 07/06/2010 14:11:59 | Computer Name = TERMINAL_ETAGE | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://jeanplam.www3.50megs.com/sks56.html failed, 00000005. Error - 07/06/2010 14:12:05 | Computer Name = TERMINAL_ETAGE | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://jeanplam.www3.50megs.com/sks56.html failed, 00000005. Error - 17/08/2010 22:24:01 | Computer Name = TERMINAL-ETAGE | Source = avast! | ID = 33554522 Description = Internal error has occurred in module aswar scan function failed!, function 00000002. [color=#E56717]========== Last 10 Event Log Errors ==========[/color] Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Personnaliser ce dossier] -- IESHWIZ.EXE %1 (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "DisablePagingExecutive" = 1 "LargeSystemCache" = 0 "SecondLevelDataCache" = 512 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp "48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found "C:\Program Files\AOL 9.0a\waol.exe" = C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a -- File not found "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" = C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\AOL 9.0b\waol.exe" = C:\Program Files\AOL 9.0b\waol.exe:*:Enabled:AOL 9.0b -- File not found "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Counter-Strike 1.6\hl.exe" = C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher -- (Valve) "C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe" = C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam -- File not found "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" = C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- File not found "C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe:*:Disabled:AOL -- File not found "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL 9.0 -- File not found "C:\Program Files\AOL 9.0a\waol.exe" = C:\Program Files\AOL 9.0a\waol.exe:*:Disabled:AOL 9.0a -- File not found "C:\Program Files\AOL 9.0b\waol.exe" = C:\Program Files\AOL 9.0b\waol.exe:*:Disabled:AOL 9.0b -- File not found "C:\Program Files\Fichiers communs\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Fichiers communs\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation) "C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation) "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Disabled:SLVoice -- () "C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- (CybelSoft) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation) "C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation) "C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation) "C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation) "C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation) "C:\CAVEDOG\TOTALA\totala.exe" = C:\CAVEDOG\TOTALA\totala.exe:*:Enabled:Total Annihilation -- (Cavedog Entertainment) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "$NtUninstallMTF1011$" = Street-Ads Browser Enhancer "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{195FF80D-6C1E-4B7A-A48E-45C0AEAC0F24}" = Microsoft LifeCam "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 14 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1 "{2D3551DF-B54C-4F34-884D-8D51F1C62F03}" = Ma-Config.com "{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision "{37A58B85-C98F-11D5-B694-00E07D72A995}" = RM2K Mp3 Patch v1.1 "{38B39865-D988-4945-9A22-6107B8B40953}" = C4200 "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA "{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live "{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater "{50CE21D8-0F44-4f3f-A392-7F9AD3194DEF}" = PS_AIO_Software "{511DF669-2930-30C0-8EB6-552887E29EC8}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA "{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5AD045DF-11AA-473D-B4AA-2A4F0E213047}" = Google SketchUp 7 "{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail "{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8 "{6860B340-530D-46B3-91F8-1AE1F70F7C33}" = OpenOffice.org 3.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger "{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation "{7F23F4BC-1E50-4489-A9DF-083C6ADEB9EC}" = Tango "{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8641C1CB-03B3-41d4-8DEC-79826A4B5C0E}" = HP Photosmart All-In-One Software 8.0 "{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour "{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 Trial "{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer "{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.3 - Français "{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1 "{B668B2B8-70D4-4754-A890-17C1DDDA9418}" = PS_AIO_Software_min "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BD202930-5F70-4B35-B875-1E28604F328D}" = Logitech Communications Manager "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logiciel QuickCam de Logitech "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver "{CF097717-F174-4144-954A-FBC4BF301036}" = Nero 7 Premium "{D8E4A66D-DB68-481F-ABA8-AC622566D4CB}" = PC Connectivity Solution "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help "{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator "{EB5DF677-952C-11D8-B6FD-00C04F4351FF}" = Code de la Route V3 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{FE0C305A-37EE-4499-B4CF-0182E37B20C4}" = PS_AIO_ProductContext "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "4CFD94C379217A02D5EA067615FF789CD731BCDB" = Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Age of Empires" = Microsoft Age of Empires "AntiVir PersonalEdition Classic" = Avira AntiVir PersonalEdition Classic "a-squared Free_is1" = a-squared Free 2.1 "Audacity_is1" = Audacity 1.2.4 "avast!" = avast! Antivirus "BitTorrent" = BitTorrent "CDex" = CDex extraction audio "Counter-Strike 1.6" = Counter-Strike 1.6 "DemonStar - Shareware" = DemonStar - Shareware "Dyson_is1" = Dyson v1.20 "File Recover_is1" = File Recover 7.5 "Free PDF to Word Converter_is1" = Free PDF to Word Converter 1.5 "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "MIKSOFT Mobile 3GP converter_is1" = MIKSOFT Mobile 3GP converter "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "NVIDIA Drivers" = NVIDIA Drivers "QcDrv" = Programme de gestion Camera de Logitech® "RealPlayer 6.0" = RealPlayer Basic "ResultDns" = ResultDns 1.0 build 111 "RPG Maker 2000 1.07b" = RPG Maker 2000 1.07b "RTP 1.32 Add-On for RM2k" = RTP 1.32 Add-On for RM2k "RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts) "SecondLife" = SecondLife (remove only) "SFR_Kit" = SFR - Kit de connexion "SLD Codec Pack" = SLD Codec Pack "SpeedFan" = SpeedFan (remove only) "Total Annihilation" = Total Annihilation "Utilitaires Sierra" = Utilitaires Sierra "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VideoLAN VLC media player 0.8.6d "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WGA" = Windows Genuine Advantage Validation Tool "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "WinLiveSuite_Wave3" = Installation Windows Live "WinPcapInst" = WinPcap 4.1.1 "WinRAR archiver" = Archiveur WinRAR "WM Recorder 14" = WM Recorder 14 "WMFDist11" = Windows Media Format 11 runtime "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In "GabPath" = GabPath [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Antivirus Events ] Error - 17/12/2009 10:42:31 | Computer Name = TERMINAL_ETAGE | Source = avast! | ID = 33554522 Description = Error in aswChestC: chestAddFile Error 32. Error - 10/04/2010 10:04:14 | Computer Name = TERMINAL_ETAGE | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of F:\DCIM\100OLYMP\P2200016.JPG failed, 00000015. Error - 17/04/2010 16:31:52 | Computer Name = TERMINAL_ETAGE | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://thomaschen.freewebspace.com/photo.html failed, 00000005. Error - 05/05/2010 04:57:11 | Computer Name = TERMINAL_ETAGE | Source = avast! | ID = 33554522 Description = Error in aswChestS: chest s_AppFile Error 32. Error - 05/05/2010 04:57:11 | Computer Name = TERMINAL_ETAGE | Source = avast! | ID = 33554522 Description = Error in aswChestC: chestAddFile Error 32. Error - 05/05/2010 04:57:12 | Computer Name = TERMINAL_ETAGE | Source = avast! | ID = 33554522 Description = Error in aswChestS: chest s_AppFile Error 32. Error - 05/05/2010 04:57:12 | Computer Name = TERMINAL_ETAGE | Source = avast! | ID = 33554522 Description = Error in aswChestC: chestAddFile Error 32. Error - 07/06/2010 14:11:59 | Computer Name = TERMINAL_ETAGE | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://jeanplam.www3.50megs.com/sks56.html failed, 00000005. Error - 07/06/2010 14:12:05 | Computer Name = TERMINAL_ETAGE | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://jeanplam.www3.50megs.com/sks56.html failed, 00000005. Error - 17/08/2010 22:24:01 | Computer Name = TERMINAL-ETAGE | Source = avast! | ID = 33554522 Description = Internal error has occurred in module aswar scan function failed!, function 00000002. [color=#E56717]========== Last 10 Event Log Errors ==========[/color] Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >

nankech7 · le 18 Aoû 2010 17:27

Résultats USBfix

Code: Tout sélectionner: ############################## | UsbFix 7.020 | [Suppression] Utilisateur: Dubot (Administrateur) # TERMINAL-ETAGE [ ] Mis à jour le 12/08/10 par El Desaparecido / C_XX Lancé à 18:04:37 | 18/08/2010 Site Web: http://pagesperso-orange.fr/NosTools/index.html Contact: FindyKill.Contact@gmail.com CPU: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz CPU 2: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 2 Internet Explorer 6.0.2900.2180 Pare-feu Windows: Désactivé /!\ Antivirus: Avira AntiVir PersonalEdition 6.38.0.225 [(!) Disabled | (!) Outdated] Antivirus: avast! antivirus 4.8.1335 [VPS 100817-1] 4.8.1335 [(!) Disabled | Updated] RAM -> 1789 Mo C:\ (%systemdrive%) -> Disque fixe # 37 Go (18 Go libre(s) - 48%) [System] # NTFS D:\ -> Disque fixe # 196 Go (53 Go libre(s) - 27%) [Données] # NTFS E:\ -> CD-ROM F:\ -> Disque amovible # 4 Go (4 Go libre(s) - 99%) [USB DISK] # FAT32 ################## | Éléments infectieux | ################## | Registre | ################## | Mountpoints2 | Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{c148480e-7c03-11dd-8fae-00e061082b99} ################## | Listing | [18/08/2010 - 13:32:32 | D ] C:\32788R22FWJFW [26/06/2009 - 22:10:01 | D ] C:\3gptemp [08/02/2009 - 17:40:02 | A | 4679] C:\aoesync.txt [04/07/2008 - 23:05:27 | A | 0] C:\AUTOEXEC.BAT [04/07/2008 - 23:01:55 | SH | 212] C:\boot.ini [24/08/2001 - 14:00:00 | RASH | 4952] C:\Bootfont.bin [21/05/2010 - 22:04:47 | D ] C:\CAVEDOG [04/07/2010 - 11:05:20 | HD ] C:\Config.Msi [04/07/2008 - 23:05:27 | A | 0] C:\CONFIG.SYS [07/03/2009 - 18:56:48 | D ] C:\demonstar_shareware [10/02/2009 - 11:51:11 | D ] C:\Documents and Settings [04/07/2008 - 23:05:27 | RASH | 0] C:\IO.SYS [09/02/2009 - 23:52:23 | AH | 2443] C:\IPH.PH [10/03/2009 - 16:41:27 | A | 4] C:\loadcounter.dat [04/07/2008 - 23:05:27 | RASH | 0] C:\MSDOS.SYS [09/02/2009 - 20:33:36 | D ] C:\My Music [03/08/2004 - 23:38:34 | RASH | 47564] C:\NTDETECT.COM [03/08/2004 - 23:59:44 | RASH | 251712] C:\ntldr [18/04/2009 - 20:47:05 | AH | 561] C:\os357577.bin [18/08/2010 - 17:53:55 | ASH | 335544320] C:\pagefile.sys [18/08/2010 - 17:40:35 | RD ] C:\Program Files [18/08/2010 - 18:06:07 | SHD ] C:\RECYCLER [16/07/2008 - 17:39:23 | D ] C:\SIERRA [18/08/2010 - 17:41:32 | SHD ] C:\System Volume Information [18/08/2010 - 18:06:07 | D ] C:\UsbFix [18/08/2010 - 18:06:08 | A | 1060] C:\UsbFix.txt [18/08/2010 - 17:41:25 | D ] C:\WINDOWS [18/08/2010 - 17:40:27 | D ] C:\_OTL [20/06/2010 - 11:00:26 | D ] D:\Antoine [25/06/2010 - 00:06:44 | D ] D:\b84d6d77767dbeb697 [02/07/2010 - 17:40:21 | D ] D:\Christophe [27/04/2010 - 19:38:47 | D ] D:\Fabrice [13/05/2010 - 19:08:16 | D ] D:\Jeux [15/08/2010 - 19:48:02 | D ] D:\Julien [15/08/2010 - 19:53:12 | D ] D:\Logiciels [29/04/2010 - 20:23:28 | D ] D:\Mano [17/08/2010 - 19:10:24 | RD ] D:\Mes Documents [05/07/2008 - 00:16:57 | RHD ] D:\MSOCache [18/08/2010 - 18:06:07 | SHD ] D:\RECYCLER [18/08/2010 - 17:41:32 | SHD ] D:\System Volume Information [14/06/2010 - 19:37:36 | A | 23134252] F:\Main title.wav [18/08/2010 - 12:37:52 | A | 3818783] F:\Combofix.exe [18/08/2010 - 13:34:28 | A | 575488] F:\OTL.exe [18/08/2010 - 13:49:22 | A | 163166] F:\regedit.JPG [18/08/2010 - 17:55:36 | A | 78814] F:\otl.txt [18/08/2010 - 16:34:38 | A | 78814] F:\OTL-resu.Txt [18/08/2010 - 17:55:24 | A | 77158] F:\Extras.Txt [18/08/2010 - 18:06:12 | A | 1207838] F:\UsbFix(2).exe ################## | Vaccin | C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX) D:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX) F:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX) ################## | E.O.F |

J'ai fait la manip pour le proxy sous firefox et IE, j'ai redémarré.

Apparement, plus rien ne semble agir.
Dois-je effectuer un scan avast par sécurité ?

bernard53 · le 18 Aoû 2010 18:57

tu n'as pas mis le rapport de suppression fait par OTL!
L'as tu encore s.t.p

au besoin mets un nouveau rapport OTL en mode normal cette fois.

nankech7 · le 18 Aoû 2010 19:35

Au temps pour moi, j'ai oublié. J'ai refait une correction en mode normal, voici le rapport :

Code: Tout sélectionner: All processes killed ========== OTL ========== Error: No service named gojxvlyv was found to stop! Service\Driver key gojxvlyv not found. File C:\WINDOWS\System32\ubguuut.dll File not found not found. Error: No service named ResultDns Service was found to stop! Service\Driver key ResultDns Service not found. File C:\Documents and Settings\All Users.WINDOWS\Application Data\ResultDns\resultdns111.exe not found. Error: No service named wanatw) WAN Miniport (ATW was found to stop! Service\Driver key wanatw) WAN Miniport (ATW not found. File C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Ask.com" removed from browser.search.defaultenginename Prefs.js: "Ask.com" removed from browser.search.order.1 File C:\Program Files\Mozilla Firefox\components\gpff.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F23F4BD-1E50-4489-A9DF-083C6ADEB9EC}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F23F4BD-1E50-4489-A9DF-083C6ADEB9EC}\ not found. File C:\WINDOWS\system32\5b78.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84025FE1-B5C6-4C8B-A991-9F2BC3E2B4E8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84025FE1-B5C6-4C8B-A991-9F2BC3E2B4E8}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7F23F4BC-1E50-4489-A9DF-083C6ADEB9EC} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F23F4BC-1E50-4489-A9DF-083C6ADEB9EC}\ not found. File C:\WINDOWS\system32\5b78.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7F23F4BC-1E50-4489-A9DF-083C6ADEB9EC} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F23F4BC-1E50-4489-A9DF-083C6ADEB9EC}\ not found. File C:\WINDOWS\system32\5b78.dll not found. Registry key HKEY_CURRENT_USER\\Software\Microsoft\Windows\CurrentVersion\Run not found. File C:\Documents and Settings\Dubot\Local Settings\Application Data\iswgmfjea\ibpvkjmshdw.exe not found. Registry key HKEY_CURRENT_USER\\Software\Microsoft\Windows\CurrentVersion\Run not found. File C:\Documents and Settings\Dubot\Application Data\GabPath\gabpath.exe not found. Registry key HKEY_CURRENT_USER\\Software\Microsoft\Windows\CurrentVersion\Run not found. File C:\Documents and Settings\Dubot\Application Data\Microsoft\Windows\jnipmo.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{712d5e7a-9729-11df-8eaa-00e061082b99}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{712d5e7a-9729-11df-8eaa-00e061082b99}\ not found. File ie.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{712d5e7a-9729-11df-8eaa-00e061082b99}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{712d5e7a-9729-11df-8eaa-00e061082b99}\ not found. File ie.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{712d5e7a-9729-11df-8eaa-00e061082b99}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{712d5e7a-9729-11df-8eaa-00e061082b99}\ not found. File ie.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af970ca0-3e3e-11de-8c53-00e061082b99}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af970ca0-3e3e-11de-8c53-00e061082b99}\ not found. File ie.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af970ca0-3e3e-11de-8c53-00e061082b99}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af970ca0-3e3e-11de-8c53-00e061082b99}\ not found. File ie.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af970ca0-3e3e-11de-8c53-00e061082b99}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af970ca0-3e3e-11de-8c53-00e061082b99}\ not found. File ie.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7aa1f22-22c5-11de-8c26-00e061082b99}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e7aa1f22-22c5-11de-8c26-00e061082b99}\ not found. File ie.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7aa1f22-22c5-11de-8c26-00e061082b99}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e7aa1f22-22c5-11de-8c26-00e061082b99}\ not found. File ie.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7aa1f22-22c5-11de-8c26-00e061082b99}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e7aa1f22-22c5-11de-8c26-00e061082b99}\ not found. File ie.exe not found. File move failed. C:\WINDOWS\system32\drivers\dykmukw.sys scheduled to be moved on reboot. File C:\WINDOWS\System32\5b78.dll not found. ========== FILES ========== File\Folder C:\Documents and Settings\Dubot\Application Data\Street-Ads not found. File\Folder C:\Documents and Settings\Dubot\Application Data\Sky-Banners not found. File\Folder C:\Program Files\ResultDns not found. File\Folder C:\Documents and Settings\All Users.WINDOWS\Application Data\ResultDns not found. File\Folder C:\Documents and Settings\Dubot\Application Data\GabPath not found. File move failed. C:\WINDOWS\System32\drivers\dykmukw.sys scheduled to be moved on reboot. File\Folder C:\WINDOWS\System32\5b78.dll not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: All Users User: All Users.WINDOWS User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User.WINDOWS ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Dubot ->Temp folder emptied: 661178 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 39483610 bytes ->Flash cache emptied: 703 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 407517 bytes ->Flash cache emptied: 507 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 133309 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 39.00 mb [EMPTYFLASH] User: Administrateur User: All Users User: All Users.WINDOWS User: Default User User: Default User.WINDOWS User: Dubot ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully Restore points cleared and new OTL Restore Point set! Error starting restore point: System Restore is disabled. Error closing restore point: System Restore is disabled. OTL by OldTimer - Version 3.2.10.0 log created on 08182010_202927 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\system32\drivers\dykmukw.sys scheduled to be moved on reboot. File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found! C:\WINDOWS\temp\Perflib_Perfdata_574.dat moved successfully. Registry entries deleted on Reboot...

bernard53 · le 18 Aoû 2010 19:39

Très bien merci pour le rapport.

Juste ceci pour terminer le tout et après dis moi si tout va toujours bien.

Installe Malewarebytes' Antimalware,
Téléchargement

Lien direct ne fonctionne plus fait donc ton téléchargement ici:

http://www.commentcamarche.net/download ... lwarebytes

*** Met-le à jour puis choisi, Exécuter un examen complet

*** Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection

Poste le rapport final.
*** il est conseillé de désactivé Tea-Timer si tu as Spybot-S&D juste le temps du scan.

Voici comment faire: Lancez Spybot-S&D, passez en Mode avancé via le Menu Mode (en haut) → cliquez sur Oui--> choisissez Outils dans la barre de navigation sur la gauche -->Résident et là vous pouvez décocher les cases situées devant les deux outils.

nankech7 · le 18 Aoû 2010 22:17

résultat de malwarebyte :

Toutes les infections ont été cochées puis supprimées.

Merci pour tout. Je ne connaissait pas ce forum, il est très... infopratique

Code: Tout sélectionner: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4446 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 18/08/2010 22:39:54 mbam-log-2010-08-18 (22-39-54).txt Type d'examen: Examen complet (C:\|D:\|) Elément(s) analysé(s): 227041 Temps écoulé: 1 heure(s), 15 minute(s), 43 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 21 Valeur(s) du Registre infectée(s): 3 Elément(s) de données du Registre infecté(s): 3 Dossier(s) infecté(s): 5 Fichier(s) infecté(s): 12 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\GabPath (Adware.Adparatus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\IEBarProperties (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\GabPath (Adware.GabPath) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dccryjbp (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\gabpath (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sfkg6wipusp (Trojan.Downloader) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997} (Adware.ResultDns) -> Delete on reboot. C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome (Adware.ResultDns) -> Delete on reboot. C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\defaults (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\defaults\preferences (Adware.ResultDns) -> Quarantined and deleted successfully. C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\_OTL\MovedFiles\08182010_174027\C_Documents and Settings\All Users.WINDOWS\Application Data\ResultDns\resultdns111.exe (Adware.ResultDns) -> Quarantined and deleted successfully. C:\_OTL\MovedFiles\08182010_174027\C_Documents and Settings\Dubot\Local Settings\Application Data\iswgmfjea\ibpvkjmshdw.exe (Trojan.FakeAlert.Gen) -> Delete on reboot. C:\_OTL\MovedFiles\08182010_174027\C_Program Files\Mozilla Firefox\components\gpff.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\_OTL\MovedFiles\08182010_174027\C_Program Files\ResultDns\resultdns.exe (Adware.ResultDns) -> Quarantined and deleted successfully. C:\_OTL\MovedFiles\08182010_174027\C_WINDOWS\system32\5b78.dll (Adware.Mirar) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome.manifest (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\install.rdf (Adware.ResultDns) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome\resultdns.jar (Adware.ResultDns) -> Delete on reboot. C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\defaults\preferences\prefs.js (Adware.ResultDns) -> Quarantined and deleted successfully. C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully. C:\WINDOWS\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Dubot\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.

Par sécurité, je réinstallerai windows dans peu de temps.

bernard53 · le 19 Aoû 2010 10:26

bonjour

si tout va donc bien..

Fait ceci pour supprimer les logiciels qui ont servis à cette désinfection.

>> Télécharge ToolsCleaner (de A.Rothstein & dj QUIOU) http://pc-system.fr/TC/ToolsCleaner2.exe

>> Double-clique dessus pour lancer le programme

>> Clique sur Recherche et laisse le scan se terminer (il peut durer une dizaine de minutes au maximum).

>> Une fois la recherche lancée, ne clique pas dans la fenêtre, cela provoquerait un léger bug du programme.

>> Si toutes fois la mention (ne réponds pas) apparaissait dans le titre de la fenêtre ToolsCleaner, ne t'en occupes pas et laisse quand même le programme terminer son travail

** Clique sur Suppression pour finaliser.

• Tu peux, si tu le souhaites, te servir des Options facultatives.

**Poste-moi le rapport qui apparait

Puis::

Maintenant on va mettre la restauration du système propre.

Cliquez avec le bouton droit sur l'icône Poste de travail, puis cliquez sur Propriétés
ou touche "Windows+Pause"
Cliquez sur l'onglet Restauration du système

Sélectionnez Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs.

Cliquez sur Appliquer puis OUI dans la fenêtre suivante.

Attendre quelques instants puis :

activer la restauration du système de nouveau.

Cliquez avec le bouton droit sur Poste de travail, puis cliquez sur Propriétés
ou touche "Windows+Pause"
Cliquez sur l'onglet Restauration du système

Désélectionnez Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs»

Maintenant on crée un nouveau point de restauration.

Démarrer—Exécuter—ou touche "Windows+R" et tapes:

%SystemRoot%\System32\restore\rstrui.exe

Puis coche " Créer un point de restauration" que tu nommes PC- Clean. Valide.

Vous pouvez maintenant fermer toutes les fenêtres.

sinon dommage de formater alors que ton pc va bien maintenant :cry:

A+

nankech7 · le 19 Aoû 2010 11:27

Code: Tout sélectionner: [ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ] --> Recherche: C:\UsbFix.txt: trouvé ! C:\UsbFix: trouvé ! C:\UsbFix\UsbFix.exe: trouvé ! --------------------------------- --> Suppression: C:\UsbFix.txt: supprimé ! C:\UsbFix\UsbFix.exe: supprimé ! C:\UsbFix: supprimé !

J'ai toujours une alerte Avast sur un rootkit du nom de bubak :(

bernard53 · le 19 Aoû 2010 19:46

donne moi l'adresse de détection faite par AVAST.

nankech7 · le 19 Aoû 2010 22:09

Voilà la liste que me donne avast :

En revanche, les dates sont bizarres, j'ai eu des avertissement aujourd'hui, mais ils n'apparaissent pas, surtout celui nommé "win32:Bubak [Rtk]"

Code: Tout sélectionner: 18/08/2010 22:09:06 SYSTEM 1584 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\_OTL\MovedFiles\08182010_174027\C_Documents and Settings\Dubot\Local Settings\Application Data\iswgmfjea\ibpvkjmshdw.exe" file. 18/08/2010 22:08:02 SYSTEM 1584 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\_OTL\MovedFiles\08182010_174027\C_Documents and Settings\Dubot\Application Data\GabPath\gabpath.exe" file. 18/08/2010 21:58:33 SYSTEM 1584 Sign of "Win32:VB-JI [Trj]" has been found in "C:\UsbFix\UsbFix.exe\AutoIt.script" file. 18/08/2010 21:44:40 SYSTEM 1584 Sign of "Win32:VB-JI [Trj]" has been found in "C:\UsbFix\UsbFix.exe\>>>AUTOIT SCRIPT<<<" file. 18/08/2010 04:24:01 Dubot 1204 Sign of "" has been found in "C:\WINDOWS\System32\Drivers\dykmukw.sys||AntiRootkit [SVC]||Wi????????|40|0|2|COO1||COO2||" file. 18/08/2010 04:23:44 Dubot 1204 Sign of "Win32:Bubak [Rtk]" has been found in "C:\WINDOWS\System32\Drivers\dykmukw.sys" file. 18/08/2010 04:13:40 SYSTEM 1588 Sign of "Win32:Trojan-gen" has been found in "C:\WINDOWS\system32\ubguuut.dll" file. 18/08/2010 04:13:33 SYSTEM 1588 Sign of "Win32:Trojan-gen" has been found in "C:\WINDOWS\system32\ubguuut.dll" file. 18/08/2010 04:13:22 SYSTEM 1588 Sign of "Win32:Trojan-gen" has been found in "C:\windows\system32\ubguuut.dll" file. 18/08/2010 04:07:32 SYSTEM 1588 Sign of "Win32:Trojan-gen" has been found in "C:\WINDOWS\system32\ubguuut.dll" file. 18/08/2010 04:06:04 SYSTEM 1588 Sign of "Win32:Trojan-gen" has been found in "C:\WINDOWS\system32\ubguuut.dll" file. 18/08/2010 04:01:22 Dubot 2500 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\Temp\fyxu.tmp\setup.exe\[UPX]" file. 18/08/2010 04:01:08 Dubot 2500 Sign of "Win32:Trojan-gen" has been found in "C:\WINDOWS\system32\ubguuut.dll" file. 18/08/2010 04:01:08 Dubot 2500 Sign of "Win32:Trojan-gen" has been found in "C:\WINDOWS\system32\trzD4.tmp" file. 18/08/2010 04:00:17 Dubot 2500 Sign of "NSIS:Downloader-BU [Drp]" has been found in "C:\WINDOWS\system32\eitap.exe\nsis.hdr" file. 18/08/2010 03:52:24 SYSTEM 1588 Sign of "Win32:Trojan-gen" has been found in "C:\windows\system32\ubguuut.dll" file. 18/08/2010 03:50:27 SYSTEM 1588 Sign of "Win32:Trojan-gen" has been found in "C:\WINDOWS\system32\ubguuut.dll" file. 18/08/2010 03:50:23 SYSTEM 1588 Sign of "Win32:Trojan-gen" has been found in "C:\WINDOWS\system32\ubguuut.dll" file. 18/08/2010 03:49:34 SYSTEM 1588 Sign of "Win32:Trojan-gen" has been found in "C:\RECYCLER\S-1-5-21-1060284298-2000478354-682003330-1003\Dc2.dll" file. 18/08/2010 03:49:26 SYSTEM 1588 Sign of "Win32:Trojan-gen" has been found in "C:\WINDOWS\system32\ubguuut.dll" file. 18/08/2010 03:48:34 SYSTEM 1588 Sign of "Win32:Trojan-gen" has been found in "C:\WINDOWS\system32\ubguuut.dll" file. 18/08/2010 03:48:19 SYSTEM 1588 Sign of "Win32:Trojan-gen" has been found in "C:\WINDOWS\system32\ubguuut.dll" file. 18/08/2010 03:48:04 SYSTEM 1588 Sign of "Win32:Trojan-gen" has been found in "C:\WINDOWS\system32\ubguuut.dll" file. 18/08/2010 03:47:41 SYSTEM 1588 Sign of "Win32:Trojan-gen" has been found in "C:\WINDOWS\system32\ubguuut.dll" file. 18/08/2010 03:46:19 Dubot 2500 Sign of "Win32:Trojan-gen" has been found in "C:\Documents and Settings\Dubot\Local Settings\Temp\ofo42E.tmp" file. 18/08/2010 03:45:57 SYSTEM 1588 Sign of "Win32:Trojan-gen" has been found in "C:\windows\system32\ubguuut.dll" file. 18/08/2010 03:45:18 SYSTEM 1588 Sign of "Win32:Trojan-gen" has been found in "C:\windows\system32\ubguuut.dll" file. 18/08/2010 03:44:24 Dubot 2500 Sign of "Win32:BadCab-T [Drp]" has been found in "C:\Documents and Settings\Dubot\Local Settings\Temp\1102.exe" file. 18/08/2010 03:38:37 SYSTEM 1588 Sign of "Win32:Trojan-gen" has been found in "C:\windows\system32\ubguuut.dll" file. 18/08/2010 03:38:19 SYSTEM 1588 Sign of "Win32:Trojan-gen" has been found in "C:\windows\system32\ubguuut.dll" file. 18/08/2010 03:31:34 SYSTEM 1588 Sign of "Win32:Trojan-gen" has been found in "C:\windows\system32\ubguuut.dll" file. 18/08/2010 03:31:19 SYSTEM 1588 Sign of "Win32:Trojan-gen" has been found in "C:\windows\system32\ubguuut.dll" file. 18/08/2010 03:30:10 SYSTEM 1588 Sign of "Win32:Trojan-gen" has been found in "C:\windows\system32\ubguuut.dll" file. 18/08/2010 03:30:04 SYSTEM 1588 Sign of "Win32:Trojan-gen" has been found in "C:\windows\system32\ubguuut.dll" file. 18/08/2010 03:29:57 SYSTEM 1588 Sign of "Win32:Malware-gen" has been found in "C:\WINDOWS\SYSTEM32\NITAP.DLL" file. 18/08/2010 03:29:23 SYSTEM 1588 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\SYSTEM32\RITAP.DLL" file. 18/08/2010 03:25:55 Dubot 2500 Sign of "" has been found in "C:\WINDOWS\System32\Drivers\dykmukw.sys||AntiRootkit [SVC]||Wi|40|0|2|COO1||COO2||" file. 18/08/2010 03:25:42 Dubot 2500 Sign of "Win32:Bubak [Rtk]" has been found in "C:\WINDOWS\System32\Drivers\dykmukw.sys" file. 18/08/2010 03:23:38 Dubot 2500 Sign of "" has been found in "C:\WINDOWS\System32\Drivers\dykmukw.sys||AntiRootkit [SVC]||Wi???;|40|0|2|COO1||COO2||" file. 18/08/2010 03:23:26 Dubot 2500 Sign of "Win32:Bubak [Rtk]" has been found in "C:\WINDOWS\System32\Drivers\dykmukw.sys" file.

bernard53 · le 20 Aoû 2010 12:22

OK pas de soucis pour les détections elles sont dans le backup d'OTL.

Relance OTL et valide purge outil, cela va supprimer OTL et tout ce qui le concerne.

nankech7 · le 21 Aoû 2010 17:42

C'est fait, j'ai toujours des alertes avast concernant Bubak :(

Mais, c'est pas grave, j'ai sauvegardé mes données sur un HDD externe. Il est en cours d'analyse avast sur un autre PC. Je vais formater et réinstaller mon SE.

Merci pour ton aide

bernard53 · le 21 Aoû 2010 19:32

OK mais bizarre pour la détection.

Ok pour le formatage.
:wink:

tibou · le 26 Aoû 2010 19:44

Bonjour,

J'ai la même infection...

J'ai procédé au lancement d'OTL en mode sans échec puisqu'en mode normal tout ce bloque systématiquement.

Le OTL.txt est le suivant:

Code: Tout sélectionner: OTL logfile created on: 26/08/2010 20:20:41 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Chouchou\Bureau Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1 014,00 Mb Total Physical Memory | 806,00 Mb Available Physical Memory | 79,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 96,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 35,06 Gb Total Space | 28,33 Gb Free Space | 80,79% Space Free | Partition Type: FAT32 Drive D: | 35,55 Gb Total Space | 2,27 Gb Free Space | 6,37% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AMANDA Current User Name: Chouchou Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Documents and Settings\Chouchou\Bureau\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - C:\Documents and Settings\Chouchou\Bureau\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe File not found SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (s24trans) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys File not found DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software) DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA) DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (UBHelper) -- C:\WINDOWS\System32\drivers\UBHelper.sys () DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2004/08/05 05:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) O2 - BHO: (TBSB05488 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - D:\Program Files\ShoppingBarreEbuyClub\tbcore3.dll () O3 - HKLM\..\Toolbar: (eBuyClub) - {B00A2A69-AEB9-4466-A3D3-D965CCF868B6} - D:\Program Files\ShoppingBarreEbuyClub\tbcore3.dll () O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (eBuyClub) - {B00A2A69-AEB9-4466-A3D3-D965CCF868B6} - D:\Program Files\ShoppingBarreEbuyClub\tbcore3.dll () O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software) O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Chouchou\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Documents and Settings\Chouchou\Menu Démarrer\Programmes\Démarrage\updqnc32.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: eBuyClub - {B00A2A69-AEB9-4466-A3D3-D965CCF868B6} - D:\Program Files\ShoppingBarreEbuyClub\tbcore3.dll () O9 - Extra 'Tools' menuitem : eBuyClub - {B00A2A69-AEB9-4466-A3D3-D965CCF868B6} - D:\Program Files\ShoppingBarreEbuyClub\tbcore3.dll () O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100113105928 (PhotoboxPhotowaysUploader5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Chouchou\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chouchou\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/01/06 06:58:40 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{b572c021-189e-11df-9413-0016365c93b5}\Shell\AutoRun\command - "" = start.exe O33 - MountPoints2\{b572c021-189e-11df-9413-0016365c93b5}\Shell\iledefrance\command - "" = start.exe O33 - MountPoints2\{eed6ea3e-0e9a-11df-9405-0016365c93b5}\Shell - "" = AutoRun O33 - MountPoints2\{eed6ea3e-0e9a-11df-9405-0016365c93b5}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/08/26 20:15:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chouchou\Bureau\OTL.exe [2010/08/25 20:32:51 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys [2010/08/25 20:32:51 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys [2010/08/25 20:32:46 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Changer.sys [2010/08/25 20:32:46 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/08/26 20:16:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chouchou\Bureau\OTL.exe [2010/08/26 14:51:54 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Chouchou\Bureau\spectre, dispersion, etoile.doc [2010/08/26 14:09:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/08/26 13:45:46 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini [2010/08/26 13:45:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/08/26 13:44:06 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Chouchou\NTUSER.DAT [2010/08/26 13:44:06 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Chouchou\ntuser.ini [2010/08/26 13:44:04 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Chouchou\Local Settings\Application Data\IconCache.db [2010/08/26 06:58:52 | 000,231,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/08/25 20:32:26 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\Chouchou\Application Data\jglzyr.dat [2010/08/25 20:32:20 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Chouchou\Application Data\avdrn.dat [2010/08/24 15:16:14 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Chouchou\Bureau\chap1 présentation de l'univers.doc [2010/08/24 10:39:30 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Chouchou\Mes documents\TP univers.xls [2010/08/23 11:04:48 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Chouchou\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/08/23 09:20:02 | 000,463,592 | ---- | M] () -- C:\Documents and Settings\Chouchou\Bureau\programme.mht [2010/08/22 21:14:20 | 000,058,712 | ---- | M] () -- C:\Documents and Settings\Chouchou\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/08/22 11:16:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/08/03 19:43:00 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Chouchou\Bureau\prog 1ereL.xls [2010/07/28 16:16:38 | 000,217,088 | ---- | M] () -- C:\Documents and Settings\Chouchou\Mes documents\Doc1.doc [2010/07/28 15:50:42 | 000,008,105 | ---- | M] () -- C:\Documents and Settings\Chouchou\Bureau\Attestation.pdf [2010/07/28 15:43:40 | 000,020,160 | ---- | M] () -- C:\Documents and Settings\Chouchou\Bureau\ServletAffich.pdf [2010/07/28 14:50:22 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Chouchou\Mes documents\Nous te souhaitons un Joyeux Anniversaire.doc [2010/07/28 10:52:58 | 000,274,944 | ---- | M] () -- C:\Documents and Settings\Chouchou\Bureau\menu...doc [2010/07/28 10:51:36 | 000,390,144 | ---- | M] () -- C:\Documents and Settings\Chouchou\Bureau\menu.doc [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/08/26 14:50:34 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Chouchou\Bureau\spectre, dispersion, etoile.doc [2010/08/25 20:32:25 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Chouchou\Application Data\jglzyr.dat [2010/08/25 20:32:18 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Chouchou\Application Data\avdrn.dat [2010/08/24 10:39:29 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Chouchou\Mes documents\TP univers.xls [2010/08/23 14:50:58 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Chouchou\Bureau\chap1 présentation de l'univers.doc [2010/08/23 09:20:01 | 000,463,592 | ---- | C] () -- C:\Documents and Settings\Chouchou\Bureau\programme.mht [2010/08/03 19:42:59 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Chouchou\Bureau\prog 1ereL.xls [2010/07/28 16:16:36 | 000,217,088 | ---- | C] () -- C:\Documents and Settings\Chouchou\Mes documents\Doc1.doc [2010/07/28 15:49:45 | 000,008,105 | ---- | C] () -- C:\Documents and Settings\Chouchou\Bureau\Attestation.pdf [2010/07/28 15:43:38 | 000,020,160 | ---- | C] () -- C:\Documents and Settings\Chouchou\Bureau\ServletAffich.pdf [2010/07/28 14:50:20 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Chouchou\Mes documents\Nous te souhaitons un Joyeux Anniversaire.doc [2010/07/28 10:52:56 | 000,274,944 | ---- | C] () -- C:\Documents and Settings\Chouchou\Bureau\menu...doc [2010/07/28 10:50:33 | 000,390,144 | ---- | C] () -- C:\Documents and Settings\Chouchou\Bureau\menu.doc [2010/04/14 20:35:49 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010/01/14 20:31:43 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Chouchou\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/01/11 21:18:00 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010/01/11 21:18:00 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini [2010/01/10 22:37:23 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini [2010/01/10 22:30:50 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2010/01/10 22:29:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI [2010/01/10 22:26:48 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Chouchou\Local Settings\Application Data\fusioncache.dat [2010/01/10 22:16:31 | 000,002,772 | ---- | C] () -- C:\WINDOWS\AntiV.INI [2007/03/27 09:55:48 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2006/12/12 18:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2006/01/06 17:21:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/01/06 06:59:02 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll [2006/01/06 06:58:18 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2006/01/06 06:58:18 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll [2006/01/06 06:58:18 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll [2006/01/06 06:58:18 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll [2005/12/01 00:24:56 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/10/31 03:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2005/05/02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys [2005/03/28 00:45:26 | 000,000,093 | ---- | C] () -- C:\WINDOWS\ALaunch.ini [2004/12/17 01:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys [2004/08/05 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2004/08/05 05:00:00 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys [2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys [2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys [2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2004/08/05 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys [2004/08/05 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004/08/05 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2004/08/05 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2004/08/05 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\system32\dllcache\netlogon.dll [2004/08/05 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\system32\netlogon.dll [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2004/08/05 06:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\system32\dllcache\scecli.dll [2004/08/05 05:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\system32\scecli.dll [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] < End of report >

et le extras.txt est le suivant:

Code: Tout sélectionner: OTL Extras logfile created on: 26/08/2010 20:20:41 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Chouchou\Bureau Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1 014,00 Mb Total Physical Memory | 806,00 Mb Available Physical Memory | 79,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 96,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 35,06 Gb Total Space | 28,33 Gb Free Space | 80,79% Space Free | Partition Type: FAT32 Drive D: | 35,55 Gb Total Space | 2,27 Gb Free Space | 6,37% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AMANDA Current User Name: Chouchou Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" = C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- File not found "C:\WINDOWS\System32\mmc.exe" = C:\WINDOWS\System32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{0003040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business "{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}" = OpenOffice.org 3.1 "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16 "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4 "{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2 "{5EFDFC8B-D438-4792-A298-E87AA9ADA816}" = Acer eDataSecurity Management "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack "{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.3 - Français "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox 4.1 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "avast5" = avast! Free Antivirus "CNXT_MODEM_HDAUDIO_AcrS009E" = HDAUDIO Soft Data Fax Modem with SmartCP "FileZilla Client" = FileZilla Client 3.3.2.1 "ie8" = Windows Internet Explorer 8 "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4 "LManager" = Launch Manager "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TBSB05488.TBSB05488Toolbar" = eBuyClub "WinStars 2.0_is1" = WinStars 2.0 [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ System Events ] Error - 26/08/2010 07:45:10 | Computer Name = AMANDA | Source = Service Control Manager | ID = 7000 Description = Le service Cyberlink RichVideo Service(CRVS) n'a pas pu démarrer en raison de l'erreur : %%2 Error - 26/08/2010 08:10:41 | Computer Name = AMANDA | Source = DCOM | ID = 10005 Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 26/08/2010 08:10:42 | Computer Name = AMANDA | Source = Service Control Manager | ID = 7026 Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : Aavmker4 aswSP aswTdi Fips intelppm Error - 26/08/2010 08:50:12 | Computer Name = AMANDA | Source = DCOM | ID = 10005 Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 26/08/2010 13:26:49 | Computer Name = AMANDA | Source = DCOM | ID = 10005 Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service BITS avec les arguments "" pour démarrer le serveur : {4991D34B-80A1-4291-83B6-3328366B9097} Error - 26/08/2010 13:26:50 | Computer Name = AMANDA | Source = DCOM | ID = 10005 Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service BITS avec les arguments "" pour démarrer le serveur : {4991D34B-80A1-4291-83B6-3328366B9097} Error - 26/08/2010 14:15:56 | Computer Name = AMANDA | Source = DCOM | ID = 10005 Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 26/08/2010 14:16:02 | Computer Name = AMANDA | Source = DCOM | ID = 10005 Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 26/08/2010 14:16:02 | Computer Name = AMANDA | Source = DCOM | ID = 10005 Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 26/08/2010 14:16:59 | Computer Name = AMANDA | Source = DCOM | ID = 10005 Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811} < End of report >

Je n'ai pas enchainé sur le reste du processus de purge pensant que le codage que tu donnes doit être spécifique en fonction des résultats d'OTL.

Peux tu me donner un coup de main?

Merci d'avance

Del-crosseur · le 26 Aoû 2010 20:04

Bonsoir Tibou , peut tu crée ton Propre sujet stp...

Merci

infection Win32:Bubak[Rtk] • page 2

Re: infection Win32:Bubak[Rtk]

Re: infection Win32:Bubak[Rtk]

Re: infection Win32:Bubak[Rtk]

Re: infection Win32:Bubak[Rtk]

Re: infection Win32:Bubak[Rtk]

Re: infection Win32:Bubak[Rtk]

Re: infection Win32:Bubak[Rtk]

Re: infection Win32:Bubak[Rtk]

Re: infection Win32:Bubak[Rtk]

Re: infection Win32:Bubak[Rtk]

Re: infection Win32:Bubak[Rtk]

Re: infection Win32:Bubak[Rtk]

Re: infection Win32:Bubak[Rtk]

Re: infection Win32:Bubak[Rtk]

Re: infection Win32:Bubak[Rtk]

Sujets similaires

Qui est en ligne