[Réglé] Smart engine HELP!!!!!!!! • page 2

Ask to Old Man · le 08 Nov 2010 11:48

Bonjour,

sof42 a écrit:problème résolu

C'est très court comme description de résolution ?? Ne jamais oublier qu'une solution donnée peut (parfois)
aider d'autres visiteurs de notre site.

Merci pour eux!

marvel · le 08 Nov 2010 12:25

c'est vague!

Enfin sof42 si tu repasses ici, nous avons encore quelques manipulations à faire. Ton problème de Proxy aurait été vite réglé si à cette heure là j'étais sur le site.
Il nous reste le rapport de MBAM pour vérifier l'état de ton PC et ensuite désinstaller les logiciels de désinfection ... J'espère que tu n'as pas formaté ton DD ni lancé une restauration via Discovery !!!

sof42 · le 08 Nov 2010 21:40

Excuse moi pour le retard.
Voici le rapport

Code: Tout sélectionner: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 5072 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 08/11/2010 21:38:31 mbam-log-2010-11-08 (21-38-31).txt Type d'examen: Examen complet (C:\|D:\|) Elément(s) analysé(s): 266575 Temps écoulé: 1 heure(s), 44 minute(s), 48 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player (Malware.Trace) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=2129&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\ProgramData\2d43a4\SM2d4_2129.exe (Rogue.SmartEngine) -> Quarantined and deleted successfully. C:\ZHPDiag\Quarantine\smartengine.exe.VIR (Rogue.SmartEngine) -> Quarantined and deleted successfully.

sof42 · le 08 Nov 2010 22:21

Marvel,
Comme je te l'ai écrit dans le message ci-dessus, excuse mais j'ai été absente toute la journée. J'attends tes indications pour résoudre mes problèmes.
Encore mille excuse.

PS: comment ça se fait que je n'arrivais plus à me connecter ce matin?
Merci encore pour toutes les démarches que tu fais pour moi.

marvel · le 09 Nov 2010 06:15

J'ai l'impression que Smart Engine se réinstalle sur ton PC ...
Fais ceci maintenant :

Relance OTL et colle cette citation dans la fenêtre de Personnalisation :

netsvcs
%systemroot%\system32\drivers\*.sys /lockedfiles
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%alluserprofile%\application data\*.
%alluserprofile%\application data\*.exe /s
%appdata%\*.
%appdata%\*.exe /s
%systemdrive%\*.exe
/md5start
explorer.exe
userinit.exe
winlogon.exe
tcpip.sys
Sfloppy.sys
Changer.sys
cdrom.sys
disk.sys
ndis.sys
usbscan.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

> Clique sur le bouton Analyse
> Tu n'auras qu'un seul rapport cette fois-ci.
> Et tu me le postes.

sof42 · le 09 Nov 2010 08:34

Bonjour Marvel,
Comme convenu voici le rapport:

Code: Tout sélectionner: OTL logfile created on: 09/11/2010 08:14:53 - Run 2 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\auchan\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 219,88 Gb Total Space | 104,34 Gb Free Space | 47,45% Space Free | Partition Type: NTFS Computer Name: PC-DE-AUCHAN | User Name: auchan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010/11/07 13:40:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\auchan\Downloads\OTL.exe PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/03/31 14:16:17 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2008/06/27 04:42:24 | 006,295,552 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008/04/28 17:16:06 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010/11/07 13:40:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\auchan\Downloads\OTL.exe MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2008/12/30 19:15:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008/02/03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\auchan\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2008/07/04 07:35:40 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008/06/27 04:23:26 | 002,149,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008/06/25 23:25:58 | 000,337,920 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B) DRV - [2008/06/18 04:19:54 | 000,147,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008/05/07 11:47:36 | 000,085,136 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008/05/02 06:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008/04/28 14:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2008/03/31 10:52:10 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008/03/19 18:28:52 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2008/01/21 03:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008/01/21 03:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008/01/21 03:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008/01/21 03:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008/01/21 03:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008/01/21 03:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008/01/21 03:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008/01/21 03:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008/01/21 03:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008/01/21 03:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008/01/21 03:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008/01/21 03:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008/01/21 03:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008/01/21 03:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008/01/21 03:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008/01/21 03:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008/01/21 03:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008/01/21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008/01/21 03:32:47 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2008/01/21 03:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008/01/21 03:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008/01/21 03:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008/01/21 03:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008/01/21 03:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007/07/03 15:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2007/07/03 15:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2007/07/03 15:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2007/06/08 03:53:56 | 000,187,448 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/07/24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0309&m=easynote_sl51 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0309&m=easynote_sl51 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-464997212-2078726479-1544006780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0309&m=easynote_sl51 IE - HKU\S-1-5-21-464997212-2078726479-1544006780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-464997212-2078726479-1544006780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ IE - HKU\S-1-5-21-464997212-2078726479-1544006780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-464997212-2078726479-1544006780-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-464997212-2078726479-1544006780-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25499 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/01/26 20:59:06 | 000,000,000 | ---D | M] [2009/10/29 20:26:25 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\mozilla\Extensions O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-464997212-2078726479-1544006780-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-464997212-2078726479-1544006780-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\S-1-5-21-464997212-2078726479-1544006780-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-464997212-2078726479-1544006780-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-464997212-2078726479-1544006780-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKU\S-1-5-21-464997212-2078726479-1544006780-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\S-1-5-21-464997212-2078726479-1544006780-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-464997212-2078726479-1544006780-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O13 - gopher Prefix: missing O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.mypix.com/fr/fr/importer/newconf/aurigma5.8.1.0/ImageUploader5.cab (Image Uploader Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} http://www.pixum.fr/apps/EasyUploadX.cab (Pixum EasyUploadX Control) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldfr-fr.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\auchan\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\auchan\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{99071c14-7510-11de-ae06-00238b8643fb}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008/01/21 03:32:58 | 000,013,312 | ---- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]CLMLServer[/b] - hkey= - key= - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe (CyberLink) MsConfig - StartUpReg: [b]Google Desktop Search[/b] - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe File not found MsConfig - StartUpReg: [b]msnmsgr[/b] - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: [b]PCMAgent[/b] - hkey= - key= - C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe (CyberLink Corp.) MsConfig - StartUpReg: [b]PlayMovie[/b] - hkey= - key= - C:\Program Files\CyberLink\PlayMovie\PMVService.exe (CyberLink Corp.) MsConfig - StartUpReg: [b]SmpcSys[/b] - hkey= - key= - C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe (Packard Bell BV) MsConfig - StartUpReg: [b]swg[/b] - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3 ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/11/08 09:10:55 | 000,000,000 | ---D | C] -- C:\Users\auchan\AppData\Roaming\Malwarebytes [2010/11/08 09:10:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/11/08 09:10:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/11/08 09:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/11/08 09:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/11/07 18:32:35 | 000,000,000 | ---D | C] -- C:\ZHPDiag [2010/11/05 11:25:08 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010/11/05 11:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials [2010/11/03 11:18:35 | 000,000,000 | ---D | C] -- C:\Users\auchan\AppData\Local\Windows Live [2010/11/03 11:15:08 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll [2010/11/03 10:58:47 | 000,000,000 | -HSD | C] -- C:\Users\auchan\AppData\Roaming\Smart Engine [2010/11/03 10:57:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\SMEPTE [2010/11/03 10:57:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\2d43a4 [2010/11/01 13:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010/11/01 13:15:51 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2010/11/01 13:15:17 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll [2010/10/27 12:43:56 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2010/10/27 12:43:55 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010/10/27 12:43:55 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2010/10/26 16:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\Winamax Poker [2010/10/15 09:20:24 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010/10/15 09:20:07 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010/10/15 09:19:55 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010/10/15 09:19:49 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010/10/15 09:19:48 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010/10/15 09:19:48 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010/10/15 09:19:47 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010/10/15 09:19:47 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010/10/15 09:19:47 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010/10/15 09:19:46 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010/10/15 09:19:46 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010/10/15 09:19:46 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010/10/15 09:19:46 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010/10/15 09:19:46 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010/10/15 09:19:46 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010/10/15 09:19:46 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010/10/15 09:19:46 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010/10/15 09:19:46 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010/10/15 09:19:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010/10/15 09:19:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010/10/15 09:19:44 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010/10/15 09:19:43 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010/10/15 09:19:40 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010/10/15 09:19:37 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010/10/15 09:19:35 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/11/09 07:59:56 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/11/09 07:59:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/11/09 07:59:46 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/11/09 07:59:46 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/11/09 00:09:30 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\iqarobr.sys [2010/11/09 00:09:07 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\WebReg HP Photosmart C4500 series.job [2010/11/08 09:32:00 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/11/08 09:10:48 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/11/08 08:38:52 | 000,681,798 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2010/11/08 08:38:52 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/11/08 08:38:52 | 000,127,504 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2010/11/08 08:38:52 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/11/08 08:32:09 | 3186,016,256 | -HS- | M] () -- C:\hiberfil.sys [2010/11/07 19:26:07 | 000,000,551 | ---- | M] () -- C:\Users\Public\Desktop\MBRCheck.lnk [2010/11/07 19:26:07 | 000,000,539 | ---- | M] () -- C:\Users\Public\Desktop\ZHPFix.lnk [2010/11/07 19:26:05 | 000,000,544 | ---- | M] () -- C:\Users\Public\Desktop\ZHPDiag.lnk [2010/11/07 13:00:41 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010/11/07 11:46:12 | 000,001,661 | ---- | M] () -- C:\Users\auchan\Desktop\Computer.lnk [2010/11/05 15:20:22 | 000,000,954 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010/11/05 11:15:51 | 000,033,280 | ---- | M] () -- C:\Users\auchan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/11/03 10:19:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2010/11/01 13:52:28 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010/11/01 13:22:22 | 000,002,222 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk [2010/10/29 09:19:58 | 000,358,400 | ---- | M] () -- C:\Users\auchan\Documents\vincent DEVIS.doc [2010/10/29 09:19:06 | 000,359,424 | ---- | M] () -- C:\Users\auchan\Documents\vincent.doc [2010/10/29 09:14:31 | 000,362,496 | ---- | M] () -- C:\Users\auchan\Documents\VINCENT DEVIS.xls [2010/10/29 09:13:47 | 000,362,496 | ---- | M] () -- C:\Users\auchan\Documents\vincent.xls [2010/10/26 16:15:39 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\Winamax Poker.lnk [2010/10/22 19:38:58 | 000,000,162 | -H-- | M] () -- C:\Users\auchan\Documents\~$incent.doc [2010/10/22 16:53:38 | 000,002,687 | ---- | M] () -- C:\Users\auchan\Desktop\Microsoft Office Word 2007.lnk [2010/10/19 21:51:33 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010/10/17 14:48:16 | 000,029,696 | ---- | M] () -- C:\Users\auchan\Documents\lettre avec en tête ASAM.doc [2010/10/16 09:12:12 | 000,464,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/11/09 00:09:29 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\iqarobr.sys [2010/11/09 00:09:07 | 000,000,316 | ---- | C] () -- C:\Windows\tasks\WebReg HP Photosmart C4500 series.job [2010/11/08 09:10:48 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/11/07 18:32:47 | 000,000,551 | ---- | C] () -- C:\Users\Public\Desktop\MBRCheck.lnk [2010/11/07 18:32:47 | 000,000,539 | ---- | C] () -- C:\Users\Public\Desktop\ZHPFix.lnk [2010/11/07 18:32:45 | 000,000,544 | ---- | C] () -- C:\Users\Public\Desktop\ZHPDiag.lnk [2010/11/05 11:23:16 | 000,000,954 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010/11/03 10:58:54 | 000,001,661 | ---- | C] () -- C:\Users\auchan\Desktop\Computer.lnk [2010/11/01 13:52:28 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010/11/01 13:22:22 | 000,002,222 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk [2010/10/29 09:19:56 | 000,358,400 | ---- | C] () -- C:\Users\auchan\Documents\vincent DEVIS.doc [2010/10/29 09:14:30 | 000,362,496 | ---- | C] () -- C:\Users\auchan\Documents\VINCENT DEVIS.xls [2010/10/22 19:38:58 | 000,000,162 | -H-- | C] () -- C:\Users\auchan\Documents\~$incent.doc [2010/10/21 18:06:03 | 000,359,424 | ---- | C] () -- C:\Users\auchan\Documents\vincent.doc [2010/10/21 17:15:50 | 000,362,496 | ---- | C] () -- C:\Users\auchan\Documents\vincent.xls [2009/12/13 14:33:55 | 000,003,343 | ---- | C] () -- C:\Users\auchan\AppData\Local\fjugqj.dat [2009/11/10 19:10:16 | 000,000,090 | ---- | C] () -- C:\Users\auchan\AppData\Local\hbvwjk.bat [2009/10/20 15:11:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/09/29 07:03:07 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009/09/22 21:13:10 | 000,021,757 | ---- | C] () -- C:\Users\auchan\AppData\Roaming\UserTile.png [2009/09/21 21:09:02 | 000,020,842 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2009/08/25 13:37:59 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2009/08/25 13:30:28 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009/07/29 17:39:00 | 000,000,090 | ---- | C] () -- C:\Users\auchan\AppData\Local\dafcrv.bat [2009/06/30 23:56:39 | 000,000,658 | ---- | C] () -- C:\Windows\wininit.ini [2009/06/23 22:16:55 | 000,000,022 | ---- | C] () -- C:\Windows\kodakpcd.ini [2009/06/20 10:37:05 | 000,000,680 | ---- | C] () -- C:\Users\auchan\AppData\Local\d3d9caps.dat [2009/06/14 23:04:48 | 000,033,280 | ---- | C] () -- C:\Users\auchan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/06/14 23:00:21 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008/12/31 02:39:53 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008/12/31 02:39:40 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008/12/30 19:12:39 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2008/12/30 18:54:46 | 000,000,144 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2007/10/10 14:37:54 | 000,278,528 | ---- | C] () -- C:\Windows\ImgUploaderLang_3.dll [2007/10/10 14:37:54 | 000,278,528 | ---- | C] () -- C:\Windows\ImgUploaderLang_2.dll [2007/10/10 14:37:54 | 000,278,528 | ---- | C] () -- C:\Windows\ImgUploaderLang_1.dll [2007/06/27 12:22:54 | 000,692,224 | ---- | C] () -- C:\Windows\libcurl.dll [2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [color=#E56717]========== LOP Check ==========[/color] [2009/12/23 18:43:04 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Babylon [2010/07/15 23:08:22 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Icones [2009/10/29 20:26:40 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\igraal [2009/12/17 13:26:40 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\ImgBurn [2009/08/09 02:05:56 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Packard Bell [2009/08/25 13:38:10 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\SAMSUNG [2010/11/05 11:12:33 | 000,000,000 | -HSD | M] -- C:\Users\auchan\AppData\Roaming\Smart Engine [2009/10/19 19:07:54 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\TeamViewer [2010/03/14 21:36:36 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\uTorrent [2010/10/04 21:47:55 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1 [2010/11/08 08:30:34 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] Invalid Environment Variable: alluserprofile Invalid Environment Variable: alluserprofile [color=#A23BEC]< %appdata%\*. >[/color] [2010/10/04 21:47:51 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Adobe [2009/04/01 07:21:58 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\ATI [2009/12/23 18:43:04 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Babylon [2009/06/14 23:03:05 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\CyberLink [2010/10/16 16:05:12 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\dvdcss [2009/06/11 11:54:49 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Google [2010/01/23 16:54:07 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\HP [2010/07/15 23:08:22 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Icones [2009/04/01 07:21:06 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Identities [2009/10/29 20:26:40 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\igraal [2009/12/17 13:26:40 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\ImgBurn [2009/06/12 13:36:08 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Macromedia [2010/11/08 09:10:55 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Malwarebytes [2010/11/05 15:35:02 | 000,000,000 | --SD | M] -- C:\Users\auchan\AppData\Roaming\Microsoft [2009/10/29 20:26:25 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Mozilla [2010/11/01 13:23:50 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Nero [2009/08/09 02:05:56 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Packard Bell [2009/08/25 13:38:10 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\SAMSUNG [2010/11/05 11:12:33 | 000,000,000 | -HSD | M] -- C:\Users\auchan\AppData\Roaming\Smart Engine [2009/10/19 19:07:54 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\TeamViewer [2010/03/14 21:36:36 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\uTorrent [2009/06/20 11:49:23 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\vlc [2010/10/04 21:47:55 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1 [2009/12/18 16:40:06 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\WinRAR [2009/09/21 21:39:02 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Yahoo! [color=#A23BEC]< %appdata%\*.exe /s >[/color] [2010/10/28 19:22:29 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\auchan\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010/11/05 13:12:09 | 000,000,025 | ---- | M] () -- C:\Users\auchan\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.exe [2010/11/07 22:05:03 | 000,000,033 | ---- | M] () -- C:\Users\auchan\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe [2010/11/07 16:25:05 | 000,000,017 | ---- | M] () -- C:\Users\auchan\AppData\Roaming\Microsoft\Windows\Recent\snl2w.exe [2010/11/03 10:59:11 | 000,000,046 | ---- | M] () -- C:\Users\auchan\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe [10 C:\Users\auchan\AppData\Roaming\Microsoft\Windows\Recent\*.tmp files -> C:\Users\auchan\AppData\Roaming\Microsoft\Windows\Recent\*.tmp -> ] [color=#A23BEC]< %systemdrive%\*.exe >[/color] [2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008/01/21 03:32:23 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys [2008/01/21 03:32:23 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys [2009/04/11 05:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys [2009/04/11 05:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys [2009/04/11 05:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys [2006/11/02 09:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys [color=#A23BEC]< MD5 for: DISK.SYS >[/color] [2009/04/11 07:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys [2009/04/11 07:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys [2009/04/11 07:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys [2008/01/21 03:32:45 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys [2008/01/21 03:32:45 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys [2006/11/02 10:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008/01/21 03:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009/04/11 07:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys [2009/04/11 07:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys [2008/01/21 03:33:22 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys [color=#A23BEC]< MD5 for: SFLOPPY.SYS >[/color] [2006/11/02 09:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=46ED8E91793B2E6F848015445A0AC188 -- C:\Windows\System32\drivers\sfloppy.sys [2006/11/02 09:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=46ED8E91793B2E6F848015445A0AC188 -- C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_7a4ca8e4\sfloppy.sys [2008/01/21 03:32:45 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=C33BFBD6E9E41FCD9FFEF9729E9FAED6 -- C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_36da1340\sfloppy.sys [2008/01/21 03:32:45 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=C33BFBD6E9E41FCD9FFEF9729E9FAED6 -- C:\Windows\winsxs\x86_flpydisk.inf_31bf3856ad364e35_6.0.6001.18000_none_e70a102d7a7bbf43\sfloppy.sys [color=#A23BEC]< MD5 for: TCPIP.SYS >[/color] [2008/04/26 09:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys [2009/04/11 07:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys [2009/12/08 21:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys [2009/08/15 22:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys [2009/08/14 18:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys [2010/02/18 12:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys [2010/02/18 15:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys [2009/08/14 15:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys [2009/12/08 21:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys [2010/02/18 15:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys [2010/02/18 13:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys [2009/12/08 21:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys [2010/06/16 16:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys [2009/08/14 17:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys [2010/06/16 17:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys [2010/06/16 16:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys [2008/04/26 09:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys [2009/12/08 18:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys [2009/08/14 18:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys [2010/02/18 18:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys [2010/06/16 17:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\System32\drivers\tcpip.sys [2010/06/16 17:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys [2009/12/08 18:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys [2010/02/18 15:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys [2009/12/08 21:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys [2008/01/21 03:34:55 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys [2009/08/14 17:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys [color=#A23BEC]< MD5 for: USBSCAN.SYS >[/color] [2008/01/21 03:32:53 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\System32\drivers\usbscan.sys [2008/01/21 03:32:53 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_0bb72b9f\usbscan.sys [2008/01/21 03:32:53 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_67b3f94c\usbscan.sys [2008/01/21 03:32:53 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\winsxs\x86_sti.inf_31bf3856ad364e35_6.0.6001.18000_none_59ded168e0c6a0d3\usbscan.sys [2008/01/21 03:32:53 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\winsxs\x86_sti.inf_31bf3856ad364e35_6.0.6002.18005_none_5bca4a74dde86c1f\usbscan.sys [2006/11/02 10:14:17 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=B1F95285C08DDFE00C0B955462637EC7 -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_727905e0\usbscan.sys [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2008/01/21 03:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008/01/21 03:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008/01/21 03:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [2008/07/04 04:37:48 | 000,421,888 | ---- | M] (Advanced Micro Devices, Inc.)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\ATIDEMGX.dll [2009/03/08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\dxtmsft.dll [2009/03/08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\dxtrans.dll [2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\rsaenh.dll [2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\SLC.dll [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< >[/color] < End of report >

marvel · le 09 Nov 2010 12:44

Salut!

Effectivement il est réactivé ...

Avant de donner une solution de nettoyage, je voudrais que tu ailles faire vérifier en ligne un fichier présent sur ton PC et qui je pense être l'origine de ton infection.

Procèdes comme ceci :

Connecte toi ici --> VirusTotal
> Clique sur la fenêtre Parcourir et recherche dans la fenêtre de ton Windows ce dossier en gras :

C:\install.exe

(il se situe sur ta partition C:\ et tu le trouveras dans la fenêtre de droite)
> Sélectionne-le et clique ensuite sur Ouvrir dans la même fenêtre.
(Automatiquement cette ligne apparaîtra dans la fenêtre Parcourir)
> Clique enfin sur le bouton Send file et laisse le scan en ligne s'effectuer.
> En fin de scan (qui peut prendre plusieurs minutes) tu obtiendras un rapport.
> Copie ce rapport sur ton Bureau > connecte toi ici et poste le moi :wink:

sof42 · le 09 Nov 2010 13:29

Je ne sais pas si c'est bien un rapport (ci-dessous) mais c'est la seule chose qui est apparu après avoir cliqué sur send file.

Code: Tout sélectionner: File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis: MD5: 520a6d1cbcc9cf642c625fe814c93c58 Date first seen: 2009-02-15 07:32:55 (UTC) Date last seen: 2010-11-08 04:47:02 (UTC) Detection ratio: 0/42 What do you wish to do?

marvel · le 09 Nov 2010 18:08

Le fichier est légitime!
Donc pas de souci de ce côté.

Fais ceci maintenant :
• Relance OTL
• Sous l'onglet Personnalisation copie-colle le texte suivant :

instructions:
:OTL
[2010/11/03 10:58:47 | 000,000,000 | -HSD | C] -- C:\Users\auchan\AppData\Roaming\Smart Engine
[2010/11/03 10:57:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\SMEPTE
[2010/11/03 10:57:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\2d43a4
[2010/11/05 11:12:33 | 000,000,000 | -HSD | M] -- C:\Users\auchan\AppData\Roaming\Smart Engine

:Commands
[emptyflash]
[emptytemp]

• Puis clique sur le bouton Correction en haut de la fenêtre.
• Laisse le programme travailler, le PC va redémarrer.
Tu verras un rapport s'ouvrir après le fix (c'est le rapport qui montre si la suppression a réussi).
Sauvegarde-le sur ton Bureau et poste-le.

Note : Si tu ne le trouves pas, c'est un fichier log dans C:\_OTL\MovedFiles
Regarde suivant la date : 11072010_xxxxxxxx.log

--------------------------------------------------

Une fois sous ta session,

Relance OTL en choisissant uniquement Analyse rapide et en mettant cette citation dans la fenêtre Personnalisation :

netsvcs
Drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%appdata%\*.exe /s
%APPDATA%\*.
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

Poste le rapport.

sof42 · le 09 Nov 2010 18:51

Première relance de OTL

Code: Tout sélectionner: All processes killed Error: Unable to interpret <instructions:> in the current context! ========== OTL ========== C:\Users\auchan\AppData\Roaming\Smart Engine folder moved successfully. C:\ProgramData\SMEPTE folder moved successfully. C:\ProgramData\2d43a4\SMESys folder moved successfully. C:\ProgramData\2d43a4\Quarantine Items folder moved successfully. C:\ProgramData\2d43a4\BackUp folder moved successfully. C:\ProgramData\2d43a4 folder moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: auchan ->Flash cache emptied: 62566 bytes User: Default ->Flash cache emptied: 56502 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: auchan ->Temp folder emptied: 1229233 bytes ->Temporary Internet Files folder emptied: 32193388 bytes ->Google Chrome cache emptied: 6138516 bytes ->Flash cache emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 68182 bytes RecycleBin emptied: 161 bytes Total Files Cleaned = 38,00 mb OTL by OldTimer - Version 3.2.17.3 log created on 11092010_184003 Files\Folders moved on Reboot... C:\Users\auchan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LW849MXD\viewtopic-54080-0-asc-15[1].html moved successfully. C:\Users\auchan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H7S671G4\iframescript[5].htm moved successfully. C:\Users\auchan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CRQ9OS33\adsCA9BZO57.htm moved successfully. C:\Users\auchan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\26JJJLTZ\adsCAH7U9KF.htm moved successfully. C:\Users\auchan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\26JJJLTZ\iframescript[5].htm moved successfully. C:\Users\auchan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\26JJJLTZ\iframes_api_loader[1].html moved successfully. C:\Users\auchan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. Registry entries deleted on Reboot...

sof42 · le 09 Nov 2010 19:06

Seconde relance de OTL

Code: Tout sélectionner: OTL logfile created on: 09/11/2010 18:53:33 - Run 3 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\auchan\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 219,88 Gb Total Space | 103,51 Gb Free Space | 47,07% Space Free | Partition Type: NTFS Computer Name: PC-DE-AUCHAN | User Name: auchan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010/11/07 13:40:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\auchan\Downloads\OTL.exe PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/03/31 14:16:17 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2008/06/27 04:42:24 | 006,295,552 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010/11/07 13:40:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\auchan\Downloads\OTL.exe MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2008/12/30 19:15:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008/02/03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\auchan\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2008/07/04 07:35:40 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008/06/27 04:23:26 | 002,149,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008/06/25 23:25:58 | 000,337,920 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B) DRV - [2008/06/18 04:19:54 | 000,147,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008/05/07 11:47:36 | 000,085,136 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008/05/02 06:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008/04/28 14:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2008/03/31 10:52:10 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008/03/19 18:28:52 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2008/01/21 03:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008/01/21 03:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008/01/21 03:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008/01/21 03:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008/01/21 03:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008/01/21 03:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008/01/21 03:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008/01/21 03:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008/01/21 03:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008/01/21 03:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008/01/21 03:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008/01/21 03:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008/01/21 03:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008/01/21 03:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008/01/21 03:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008/01/21 03:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008/01/21 03:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008/01/21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008/01/21 03:32:47 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2008/01/21 03:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008/01/21 03:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008/01/21 03:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008/01/21 03:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008/01/21 03:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007/07/03 15:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2007/07/03 15:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2007/07/03 15:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2007/06/08 03:53:56 | 000,187,448 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/07/24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0309&m=easynote_sl51 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0309&m=easynote_sl51 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-464997212-2078726479-1544006780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0309&m=easynote_sl51 IE - HKU\S-1-5-21-464997212-2078726479-1544006780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-464997212-2078726479-1544006780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ IE - HKU\S-1-5-21-464997212-2078726479-1544006780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-464997212-2078726479-1544006780-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-464997212-2078726479-1544006780-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25499 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/01/26 20:59:06 | 000,000,000 | ---D | M] [2009/10/29 20:26:25 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\mozilla\Extensions O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-464997212-2078726479-1544006780-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-464997212-2078726479-1544006780-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\S-1-5-21-464997212-2078726479-1544006780-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-464997212-2078726479-1544006780-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-464997212-2078726479-1544006780-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKU\S-1-5-21-464997212-2078726479-1544006780-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\S-1-5-21-464997212-2078726479-1544006780-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-464997212-2078726479-1544006780-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O13 - gopher Prefix: missing O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.mypix.com/fr/fr/importer/newconf/aurigma5.8.1.0/ImageUploader5.cab (Image Uploader Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} http://www.pixum.fr/apps/EasyUploadX.cab (Pixum EasyUploadX Control) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldfr-fr.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\auchan\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\auchan\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{99071c14-7510-11de-ae06-00238b8643fb}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008/01/21 03:32:58 | 000,013,312 | ---- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/11/09 18:40:03 | 000,000,000 | ---D | C] -- C:\_OTL [2010/11/08 09:10:55 | 000,000,000 | ---D | C] -- C:\Users\auchan\AppData\Roaming\Malwarebytes [2010/11/08 09:10:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/11/08 09:10:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/11/08 09:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/11/08 09:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/11/07 18:32:35 | 000,000,000 | ---D | C] -- C:\ZHPDiag [2010/11/05 11:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials [2010/11/03 11:18:35 | 000,000,000 | ---D | C] -- C:\Users\auchan\AppData\Local\Windows Live [2010/11/01 13:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010/10/26 16:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\Winamax Poker [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/11/09 18:47:42 | 000,681,798 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2010/11/09 18:47:42 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/11/09 18:47:42 | 000,127,504 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2010/11/09 18:47:42 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/11/09 18:43:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/11/09 18:43:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/11/09 18:43:27 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/11/09 18:43:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/11/09 18:43:08 | 3186,016,256 | -HS- | M] () -- C:\hiberfil.sys [2010/11/09 18:32:03 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/11/09 00:09:07 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\WebReg HP Photosmart C4500 series.job [2010/11/08 09:10:48 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/11/07 19:26:07 | 000,000,551 | ---- | M] () -- C:\Users\Public\Desktop\MBRCheck.lnk [2010/11/07 19:26:07 | 000,000,539 | ---- | M] () -- C:\Users\Public\Desktop\ZHPFix.lnk [2010/11/07 19:26:05 | 000,000,544 | ---- | M] () -- C:\Users\Public\Desktop\ZHPDiag.lnk [2010/11/07 13:00:41 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010/11/07 11:46:12 | 000,001,661 | ---- | M] () -- C:\Users\auchan\Desktop\Computer.lnk [2010/11/05 15:20:22 | 000,000,954 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010/11/05 11:15:51 | 000,033,280 | ---- | M] () -- C:\Users\auchan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/11/03 10:19:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2010/11/01 13:52:28 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010/11/01 13:22:22 | 000,002,222 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk [2010/10/29 09:19:58 | 000,358,400 | ---- | M] () -- C:\Users\auchan\Documents\vincent DEVIS.doc [2010/10/29 09:19:06 | 000,359,424 | ---- | M] () -- C:\Users\auchan\Documents\vincent.doc [2010/10/29 09:14:31 | 000,362,496 | ---- | M] () -- C:\Users\auchan\Documents\VINCENT DEVIS.xls [2010/10/29 09:13:47 | 000,362,496 | ---- | M] () -- C:\Users\auchan\Documents\vincent.xls [2010/10/26 16:15:39 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\Winamax Poker.lnk [2010/10/22 19:38:58 | 000,000,162 | -H-- | M] () -- C:\Users\auchan\Documents\~$incent.doc [2010/10/22 16:53:38 | 000,002,687 | ---- | M] () -- C:\Users\auchan\Desktop\Microsoft Office Word 2007.lnk [2010/10/17 14:48:16 | 000,029,696 | ---- | M] () -- C:\Users\auchan\Documents\lettre avec en tête ASAM.doc [2010/10/16 09:12:12 | 000,464,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/11/09 00:09:07 | 000,000,316 | ---- | C] () -- C:\Windows\tasks\WebReg HP Photosmart C4500 series.job [2010/11/08 09:10:48 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/11/07 18:32:47 | 000,000,551 | ---- | C] () -- C:\Users\Public\Desktop\MBRCheck.lnk [2010/11/07 18:32:47 | 000,000,539 | ---- | C] () -- C:\Users\Public\Desktop\ZHPFix.lnk [2010/11/07 18:32:45 | 000,000,544 | ---- | C] () -- C:\Users\Public\Desktop\ZHPDiag.lnk [2010/11/05 11:23:16 | 000,000,954 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010/11/03 10:58:54 | 000,001,661 | ---- | C] () -- C:\Users\auchan\Desktop\Computer.lnk [2010/11/01 13:52:28 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010/11/01 13:22:22 | 000,002,222 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk [2010/10/29 09:19:56 | 000,358,400 | ---- | C] () -- C:\Users\auchan\Documents\vincent DEVIS.doc [2010/10/29 09:14:30 | 000,362,496 | ---- | C] () -- C:\Users\auchan\Documents\VINCENT DEVIS.xls [2010/10/22 19:38:58 | 000,000,162 | -H-- | C] () -- C:\Users\auchan\Documents\~$incent.doc [2010/10/21 18:06:03 | 000,359,424 | ---- | C] () -- C:\Users\auchan\Documents\vincent.doc [2010/10/21 17:15:50 | 000,362,496 | ---- | C] () -- C:\Users\auchan\Documents\vincent.xls [2009/12/13 14:33:55 | 000,003,343 | ---- | C] () -- C:\Users\auchan\AppData\Local\fjugqj.dat [2009/11/10 19:10:16 | 000,000,090 | ---- | C] () -- C:\Users\auchan\AppData\Local\hbvwjk.bat [2009/10/20 15:11:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/09/29 07:03:07 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009/09/22 21:13:10 | 000,021,757 | ---- | C] () -- C:\Users\auchan\AppData\Roaming\UserTile.png [2009/09/21 21:09:02 | 000,020,842 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2009/08/25 13:37:59 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2009/08/25 13:30:28 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009/07/29 17:39:00 | 000,000,090 | ---- | C] () -- C:\Users\auchan\AppData\Local\dafcrv.bat [2009/06/30 23:56:39 | 000,000,658 | ---- | C] () -- C:\Windows\wininit.ini [2009/06/23 22:16:55 | 000,000,022 | ---- | C] () -- C:\Windows\kodakpcd.ini [2009/06/20 10:37:05 | 000,000,680 | ---- | C] () -- C:\Users\auchan\AppData\Local\d3d9caps.dat [2009/06/14 23:04:48 | 000,033,280 | ---- | C] () -- C:\Users\auchan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/06/14 23:00:21 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008/12/31 02:39:53 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008/12/31 02:39:40 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008/12/30 19:12:39 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2008/12/30 18:54:46 | 000,000,144 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2007/10/10 14:37:54 | 000,278,528 | ---- | C] () -- C:\Windows\ImgUploaderLang_3.dll [2007/10/10 14:37:54 | 000,278,528 | ---- | C] () -- C:\Windows\ImgUploaderLang_2.dll [2007/10/10 14:37:54 | 000,278,528 | ---- | C] () -- C:\Windows\ImgUploaderLang_1.dll [2007/06/27 12:22:54 | 000,692,224 | ---- | C] () -- C:\Windows\libcurl.dll [2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [color=#E56717]========== LOP Check ==========[/color] [2009/12/23 18:43:04 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Babylon [2010/07/15 23:08:22 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Icones [2009/10/29 20:26:40 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\igraal [2009/12/17 13:26:40 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\ImgBurn [2009/08/09 02:05:56 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Packard Bell [2009/08/25 13:38:10 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\SAMSUNG [2009/10/19 19:07:54 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\TeamViewer [2010/03/14 21:36:36 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\uTorrent [2010/10/04 21:47:55 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1 [2010/11/09 18:41:30 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color] [color=#A23BEC]< %appdata%\*.exe /s >[/color] [2010/11/05 13:12:09 | 000,000,025 | ---- | M] () -- C:\Users\auchan\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.exe [2010/11/07 22:05:03 | 000,000,033 | ---- | M] () -- C:\Users\auchan\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe [2010/11/07 16:25:05 | 000,000,017 | ---- | M] () -- C:\Users\auchan\AppData\Roaming\Microsoft\Windows\Recent\snl2w.exe [2010/11/03 10:59:11 | 000,000,046 | ---- | M] () -- C:\Users\auchan\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe [10 C:\Users\auchan\AppData\Roaming\Microsoft\Windows\Recent\*.tmp files -> C:\Users\auchan\AppData\Roaming\Microsoft\Windows\Recent\*.tmp -> ] [color=#A23BEC]< %APPDATA%\*. >[/color] [2010/10/04 21:47:51 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Adobe [2009/04/01 07:21:58 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\ATI [2009/12/23 18:43:04 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Babylon [2009/06/14 23:03:05 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\CyberLink [2010/10/16 16:05:12 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\dvdcss [2009/06/11 11:54:49 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Google [2010/01/23 16:54:07 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\HP [2010/07/15 23:08:22 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Icones [2009/04/01 07:21:06 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Identities [2009/10/29 20:26:40 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\igraal [2009/12/17 13:26:40 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\ImgBurn [2009/06/12 13:36:08 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Macromedia [2010/11/08 09:10:55 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Malwarebytes [2010/11/05 15:35:02 | 000,000,000 | --SD | M] -- C:\Users\auchan\AppData\Roaming\Microsoft [2009/10/29 20:26:25 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Mozilla [2010/11/01 13:23:50 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Nero [2009/08/09 02:05:56 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Packard Bell [2009/08/25 13:38:10 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\SAMSUNG [2009/10/19 19:07:54 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\TeamViewer [2010/03/14 21:36:36 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\uTorrent [2009/06/20 11:49:23 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\vlc [2010/10/04 21:47:55 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1 [2009/12/18 16:40:06 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\WinRAR [2009/09/21 21:39:02 | 000,000,000 | ---D | M] -- C:\Users\auchan\AppData\Roaming\Yahoo! [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [2008/07/04 04:37:48 | 000,421,888 | ---- | M] (Advanced Micro Devices, Inc.)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\ATIDEMGX.dll [2009/03/08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\dxtmsft.dll [2009/03/08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\dxtrans.dll [2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\rsaenh.dll [2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\SLC.dll [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< >[/color] < End of report >

marvel · le 09 Nov 2010 21:45

Salut!
Cette fois-ci "Smart Engine" ne devrait plus se manifester sur ton PC.

Pourrais-tu relancer MalwareByte's, effectuer une "Mise à jour de logiciel" et lancer un "Exécuter un examen rapide".
> Poste ici le rapport.

> Confirme également que cette infection ne se manisteste plus sur ton PC.

> Ensuite nous passerons à la désinstallation des tools de nettoyage pour clôturer ce topic.

sof42 · le 09 Nov 2010 22:05

Salut,
Voici le rapport

Code: Tout sélectionner: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 5084 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 09/11/2010 22:02:16 mbam-log-2010-11-09 (22-02-16).txt Type d'examen: Examen rapide Elément(s) analysé(s): 139528 Temps écoulé: 7 minute(s), 4 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

sof42 · le 09 Nov 2010 22:11

Comme tu me l'as demandé, je retrouve smart engine à ces endroits (2 fois) C:\Users\auchan\AppData\Roaming\Microsoft\Windows\Start Menu

marvel · le 09 Nov 2010 22:29

Oups! J'avais oublié les fichiers de "démarrage".

Relance OTL et mets ceci dans Personnalisation :

instructions:
:OTL
C:\Users\auchan\AppData\Roaming\Microsoft\Windows\Start Menu\Smart Engine

:Commands
[emptyflash]
[emptytemp]
[reboot]

Clique sur correction > Attends le redémarrage et poste ton rapport :wink:

Sinon ... Smart Engine se manisfeste toujours?

[Réglé] Smart engine HELP!!!!!!!! • page 2

Re: Smart engine HELP!!!!!!!!

Re: Smart engine HELP!!!!!!!!

Re: Smart engine HELP!!!!!!!!

Re: Smart engine HELP!!!!!!!!

Re: Smart engine HELP!!!!!!!!

Re: Smart engine HELP!!!!!!!!

Re: Smart engine HELP!!!!!!!!

Re: Smart engine HELP!!!!!!!!

Re: Smart engine HELP!!!!!!!!

Re: Smart engine HELP!!!!!!!!

Re: Smart engine HELP!!!!!!!!

Re: Smart engine HELP!!!!!!!!

Re: Smart engine HELP!!!!!!!!

Re: Smart engine HELP!!!!!!!!

Re: Smart engine HELP!!!!!!!!

Sujets similaires

Qui est en ligne