Virus Win32:OnLineGames-FVB

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Virus Win32:OnLineGames-FVB

Message le 23 Nov 2010 20:09

Avast me détecte un virus...Pouvez-vous m'aider


Messages: 33
Inscription: 13 Oct 2010 18:02

Re: Virus Win32:OnLineGames-FVB

Message le 23 Nov 2010 20:12


Indique le nom du fichier et son emplacement stp...


* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"

%systemroot%\system32\drivers\*.sys /lockedfiles
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( réduit dans la barre des taches).
* Copie et colle les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau
Avatar de l'utilisateur
Messages: 2986
Inscription: 29 Nov 2009 12:05

Re: Virus Win32:OnLineGames-FVB

Message le 23 Nov 2010 20:21


Avast me dit:
Objet: C:\et3types.exe
Infection: Win32:OnLineGames-FVB[Cryp]
Action: Supprimé
Processus: C:\WINDOWS\Explorer.exe

Je lance OTL
Messages: 33
Inscription: 13 Oct 2010 18:02

Re: Virus Win32:OnLineGames-FVB

Message le 23 Nov 2010 20:50

Cela me parait très long...est-ce normal?
Messages: 33
Inscription: 13 Oct 2010 18:02

Re: Virus Win32:OnLineGames-FVB

Message le 23 Nov 2010 20:58

Le fichier OTL.txt
[2010/11/17 14:45:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/11/17 14:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010/11/17 14:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/11/17 14:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/11/17 14:38:12 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/11/17 14:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/06 10:50:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Marlène\Recent
[2010/11/06 10:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/03 11:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlène\Local Settings\Application Data\PCHealth
[2010/10/28 10:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlène\Application Data\MI-HATIER-LETO.3CF329FC7EF006D94C1AC4C34744208D3C373211.1
[2010/10/28 10:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\Hatier
[2010/10/28 10:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Adobe AIR
[2010/10/27 13:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlène\Bureau\Partitions_sopranes
[2006/04/16 15:22:52 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2006/04/16 15:22:52 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2006/04/16 15:22:52 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2006/04/16 15:22:52 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2006/04/16 15:22:52 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[2006/04/16 15:22:50 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[2006/04/16 15:22:50 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2006/04/16 15:22:50 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2006/04/16 15:22:50 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[2 C:\Documents and Settings\Marlène\Mes documents\*.tmp files -> C:\Documents and Settings\Marlène\Mes documents\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2010/11/23 20:33:07 | 000,000,061 | RHS- | M] () -- C:\autorun.inf
[2010/11/23 20:18:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marlène\Bureau\OTL.exe
[2010/11/23 19:55:01 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/23 19:34:19 | 000,516,836 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/11/23 19:34:19 | 000,447,046 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/23 19:34:19 | 000,087,582 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/11/23 19:34:19 | 000,073,582 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/23 19:30:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/23 19:29:14 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/23 19:29:14 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2035062039-3169207473-3815781202-1006.job
[2010/11/23 19:28:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/23 19:28:39 | 526,843,904 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/21 20:30:36 | 000,949,039 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\remboursement allianz0002.jpg
[2010/11/21 20:30:35 | 001,129,128 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\remboursement allianz0001.jpg
[2010/11/21 20:23:50 | 000,664,084 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0005.jpg
[2010/11/21 20:23:49 | 001,063,789 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0004.jpg
[2010/11/21 20:23:48 | 000,840,269 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0003.jpg
[2010/11/21 20:23:47 | 000,602,559 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0002.jpg
[2010/11/21 20:23:46 | 001,085,149 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0001.jpg
[2010/11/18 19:03:48 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/11/17 19:30:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2035062039-3169207473-3815781202-1006.job
[2010/11/17 17:14:06 | 000,000,083 | ---- | M] () -- C:\WINDOWS\DeliveryReader.INI
[2010/11/17 16:55:22 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Delivery Reader.lnk
[2010/11/17 16:54:20 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\Delivery Reader.lnk
[2010/11/17 14:44:41 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk
[2010/11/17 14:39:15 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\avast! Free Antivirus.lnk
[2010/11/17 14:39:04 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/14 22:09:28 | 000,022,003 | ---- | M] () -- C:\Documents and Settings\Marlène\Mes documents\Répertoire.xlsx
[2010/11/11 19:54:26 | 000,202,752 | ---- | M] () -- C:\Documents and Settings\Marlène\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/10 13:28:51 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Marlène\Mes documents\Répertoir...xls
[2010/11/06 10:58:39 | 000,768,824 | ---- | M] () -- C:\Documents and Settings\Marlène\Mes documents\cc_20101106_105738.reg
[2010/11/06 10:49:45 | 000,299,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/06 10:36:12 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2010/10/28 10:31:18 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\MI_HATIER_LETO.lnk
[2 C:\Documents and Settings\Marlène\Mes documents\*.tmp files -> C:\Documents and Settings\Marlène\Mes documents\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2010/11/21 20:30:35 | 001,129,128 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\remboursement allianz0001.jpg
[2010/11/21 20:30:35 | 000,949,039 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\remboursement allianz0002.jpg
[2010/11/21 20:23:49 | 000,664,084 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0005.jpg
[2010/11/21 20:23:48 | 001,063,789 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0004.jpg
[2010/11/21 20:23:47 | 000,840,269 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0003.jpg
[2010/11/21 20:23:46 | 000,602,559 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0002.jpg
[2010/11/21 20:23:43 | 001,085,149 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0001.jpg
[2010/11/18 19:03:47 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/11/17 20:00:14 | 000,000,061 | RHS- | C] () -- C:\autorun.inf
[2010/11/17 17:14:06 | 000,000,083 | ---- | C] () -- C:\WINDOWS\DeliveryReader.INI
[2010/11/17 16:55:22 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Delivery Reader.lnk
[2010/11/17 16:54:20 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\Delivery Reader.lnk
[2010/11/17 14:44:41 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk
[2010/11/17 14:40:35 | 000,001,056 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/17 14:40:34 | 000,001,052 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/17 14:39:15 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\avast! Free Antivirus.lnk
[2010/11/10 13:59:00 | 000,022,003 | ---- | C] () -- C:\Documents and Settings\Marlène\Mes documents\Répertoire.xlsx
[2010/11/10 13:28:47 | 000,110,592 | ---- | C] () -- C:\Documents and Settings\Marlène\Mes documents\Répertoir...xls
[2010/11/06 10:57:44 | 000,768,824 | ---- | C] () -- C:\Documents and Settings\Marlène\Mes documents\cc_20101106_105738.reg
[2010/11/06 10:36:12 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2010/10/28 10:31:17 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\MI_HATIER_LETO.lnk
[2009/11/12 15:56:07 | 001,826,816 | ---- | C] () -- C:\WINDOWS\System32\geoplan.dll
[2008/04/07 11:57:18 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2008/02/17 17:29:52 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/09/03 13:23:30 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/11/30 22:01:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TEXTware.ini
[2006/11/30 22:01:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\Twavbx32.dll
[2006/11/30 22:01:33 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\idiom010227.dll
[2006/11/30 22:01:32 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\UnzDll.dll
[2006/11/30 22:01:32 | 000,113,288 | ---- | C] () -- C:\WINDOWS\System32\bass.dll
[2006/11/30 22:01:28 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ILXTBS.DLL
[2006/10/06 19:34:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/07/27 23:15:08 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/13 23:08:05 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\9EBD1C6461.sys
[2006/05/01 20:18:58 | 000,002,409 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2006/05/01 14:55:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/05/01 09:59:07 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/30 22:07:41 | 000,007,570 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/30 22:07:41 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\61641CBD9E.sys
[2006/04/30 22:03:35 | 000,202,752 | ---- | C] () -- C:\Documents and Settings\Marlène\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/30 21:36:27 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Marlène\Local Settings\Application Data\fusioncache.dat
[2006/04/16 16:00:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/16 15:53:50 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/16 15:46:30 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/04/16 15:22:52 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2006/04/16 15:22:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2006/04/16 15:22:52 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2006/04/16 15:22:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2006/04/16 15:22:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2006/04/16 15:22:50 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2006/04/16 15:22:50 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2006/04/16 15:22:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2006/04/16 15:22:50 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2006/04/16 15:22:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2006/04/16 15:22:06 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/04/16 15:22:02 | 000,000,536 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/02 14:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2005/04/09 17:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/10/15 17:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2004/08/20 10:45:35 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/20 10:30:35 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/01/01 14:31:07 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\mapcar.dll
[color=#E56717]========== LOP Check ==========[/color]
[2010/11/17 14:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/26 16:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\
[2008/05/29 18:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\BitTorrent
[2010/04/25 20:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Canon
[2010/11/17 16:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Delivery
[2006/05/02 16:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Leadertech
[2010/10/28 10:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\MI-HATIER-LETO.3CF329FC7EF006D94C1AC4C34744208D3C373211.1
[2006/12/04 10:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Oxford
[2007/07/31 23:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\uTorrent
[2010/11/17 16:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\_dlytmp
[2006/05/01 22:30:02 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
[2010/10/28 10:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/11/17 14:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/07/27 23:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2010/11/03 11:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2007/09/03 13:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2006/04/16 15:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2006/04/16 15:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2010/08/26 16:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\
[2010/10/13 21:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2006/04/16 15:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2006/07/07 15:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\
[2006/06/16 22:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ Personal Firewall
[2009/09/16 18:16:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/11/10 14:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/08/24 08:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/03/31 18:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2006/06/27 05:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2010/04/26 07:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real
[2004/08/20 10:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2010/09/27 19:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/03/30 18:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2006/07/06 02:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2006/06/28 00:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/10/12 08:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2007/04/13 21:58:07 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data\yahoo!
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2010/10/28 10:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Adobe
[2008/06/04 18:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\AdobeUM
[2007/07/21 10:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Apple Computer
[2008/05/29 18:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\BitTorrent
[2010/04/25 20:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Canon
[2006/04/16 15:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Corel
[2006/04/30 22:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Corel Photo Album
[2006/05/15 03:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\CyberLink
[2010/11/17 16:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Delivery
[2010/01/21 20:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\dvdcss
[2006/05/01 10:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Help
[2004/08/20 10:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Identities
[2010/06/22 17:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\InstallShield
[2006/04/16 15:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Intel
[2009/05/08 19:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Lavasoft
[2006/05/02 16:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Leadertech
[2006/05/01 10:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Macromedia
[2010/10/13 21:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Malwarebytes
[2006/06/09 22:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\ Personal Firewall
[2010/10/28 10:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\MI-HATIER-LETO.3CF329FC7EF006D94C1AC4C34744208D3C373211.1
[2010/02/26 14:35:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Marlène\Application Data\Microsoft
[2008/09/06 09:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Mozilla
[2006/12/04 10:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Oxford
[2010/11/03 10:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Real
[2010/10/04 20:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Skype
[2010/10/04 19:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\skypePM
[2006/08/04 16:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Sonic
[2006/04/16 15:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Sun
[2006/05/01 10:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Symantec
[2007/07/31 23:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\uTorrent
[2008/09/06 14:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\vlc
[2007/07/30 13:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\WinRAR
[2006/11/14 22:34:28 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Marlène\Application Data\yahoo!
[2006/04/16 15:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\You've Got Pictures Screensaver
[2008/04/27 08:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\ZoomBrowser EX
[2010/11/17 16:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\_dlytmp
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2010/11/17 16:53:26 | 000,659,592 | ---- | M] (Immanens) -- C:\Documents and Settings\Marlène\Application Data\_dlytmp\1290009194\_launcher_DeliveryAutoInstall.exe
[2007/01/20 15:02:50 | 023,489,040 | ---- | M] (                            ) -- C:\Documents and Settings\Marlène\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
[2008/06/04 18:05:46 | 022,023,120 | ---- | M] (                                   ) -- C:\Documents and Settings\Marlène\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_fr_FR.exe
[2010/11/17 16:53:37 | 001,015,944 | ---- | M] (Immanens) -- C:\Documents and Settings\Marlène\Application Data\Delivery\DeliveryManager.EXE
[2010/11/17 16:53:40 | 002,113,672 | ---- | M] (Immanens) -- C:\Documents and Settings\Marlène\Application Data\Delivery\DeliveryReader.exe
[2010/11/17 16:55:20 | 000,118,912 | ---- | M] (Immanens) -- C:\Documents and Settings\Marlène\Application Data\Delivery\DeliveryRegisterExtension.exe
[2010/11/17 16:55:21 | 000,061,568 | ---- | M] ( ) -- C:\Documents and Settings\Marlène\Application Data\Delivery\DeliveryStart.exe
[2010/11/17 16:55:22 | 000,114,816 | ---- | M] (Immanens) -- C:\Documents and Settings\Marlène\Application Data\Delivery\DeliverySwitcher.exe
[2010/11/17 16:53:43 | 000,104,320 | ---- | M] (Immanens) -- C:\Documents and Settings\Marlène\Application Data\Delivery\DeliveryWebAccess.exe
[2010/11/17 16:53:37 | 001,015,944 | ---- | M] (Immanens) -- C:\Documents and Settings\Marlène\Application Data\Delivery\NewDeliveryManager.exe
[2010/11/17 16:54:13 | 000,085,864 | ---- | M] (Immanens) -- C:\Documents and Settings\Marlène\Application Data\Delivery\uninst.exe
[2010/10/28 10:27:21 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Marlène\Application Data\Macromedia\Flash Player\\bin\airappinstaller\airappinstaller.exe
[2007/09/03 13:35:32 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Marlène\Application Data\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\
[2008/04/13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008/04/13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004/08/05 12:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\i386\cdrom.sys
[2004/08/05 12:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
[color=#A23BEC]< MD5 for: CHANGER.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\
[2008/04/13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[color=#A23BEC]< MD5 for: CTFMON.EXE  >[/color]
[2004/08/05 12:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5584247B568C2E53934873F4B655FE6A -- C:\i386\ctfmon.exe
[2004/08/05 12:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5584247B568C2E53934873F4B655FE6A -- C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
[2008/04/14 03:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[2008/04/14 03:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\
[2004/08/05 12:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys
[2004/08/05 12:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys
[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2004/08/05 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\i386\eventlog.dll
[2004/08/05 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2008/04/13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/05 12:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\i386\ndis.sys
[2004/08/05 12:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/05 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\i386\netlogon.dll
[2004/08/05 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2004/08/05 12:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\i386\rasacd.sys
[2004/08/05 12:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2005/06/10 05:06:01 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=047BEA21274C8A4A233674A76C958C2C -- C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys
[2008/04/14 03:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys
[2008/04/14 03:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2005/06/10 05:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\i386\rdpwd.sys
[2005/06/10 05:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2004/08/05 12:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\i386\scecli.dll
[2004/08/05 12:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\
[2004/08/05 12:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\i386\sfloppy.sys
[2004/08/05 12:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys
[2008/04/13 19:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys
[2008/04/13 19:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys
[color=#A23BEC]< MD5 for: SPLITTER.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\
[2006/06/14 09:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\$NtServicePackUninstall$\splitter.sys
[2004/08/03 23:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=8E186B8F23295D1E42C573B82B80D548 -- C:\i386\splitter.sys
[2004/08/03 23:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=8E186B8F23295D1E42C573B82B80D548 -- C:\WINDOWS\$NtUninstallKB920872$\splitter.sys
[2006/06/14 09:50:19 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=9BB1DD670CB7505A90FC4E61D4AA8227 -- C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys
[2008/04/13 19:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\ServicePackFiles\i386\splitter.sys
[2008/04/13 19:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys
[color=#A23BEC]< MD5 for: SWMIDI.SYS  >[/color]
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\
[2008/04/13 19:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\ServicePackFiles\i386\swmidi.sys
[2008/04/13 19:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys
[2001/08/17 22:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\i386\swmidi.sys
[2001/08/17 22:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\$NtServicePackUninstall$\swmidi.sys
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2006/04/20 12:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008/06/20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2006/01/13 18:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[2006/01/13 03:28:14 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=583E063FDC888CA30D05C2724B0D7EF4 -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2007/10/30 17:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008/06/20 11:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007/10/30 18:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004/08/05 12:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\i386\tcpip.sys
[2004/08/05 12:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
[2008/06/20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006/04/20 13:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2004/08/05 12:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\i386\tdpipe.sys
[2004/08/05 12:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys
[2008/04/14 03:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys
[2008/04/14 03:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2008/04/14 03:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys
[2008/04/14 03:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2004/08/05 12:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\i386\tdtcp.sys
[2004/08/05 12:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\
[2004/08/04 00:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\WINDOWS\$NtServicePackUninstall$\usbprint.sys
[2008/04/13 19:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\ServicePackFiles\i386\usbprint.sys
[2008/04/13 19:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\
[2008/04/13 19:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\ServicePackFiles\i386\usbscan.sys
[2008/04/13 19:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys
[2004/08/03 21:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\$NtServicePackUninstall$\usbscan.sys
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2004/08/05 12:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\i386\userinit.exe
[2004/08/05 12:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2004/08/05 12:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\i386\winlogon.exe
[2004/08/05 12:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]

< End of report >
Re: Virus Win32:OnLineGames-FVB

Message le 23 Nov 2010 21:16


tu m'as poster deux fois OTL.txt mais pas Extrat.txt, tu peux me le poster stp... :wink:
Re: Virus Win32:OnLineGames-FVB

Message le 23 Nov 2010 21:18


Code: Tout sélectionner
OTL Extras logfile created on: 23/11/2010 20:24:38 - Run 1
OTL by OldTimer - Version     Folder = C:\Documents and Settings\Marlène\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
502,00 Mb Total Physical Memory | 184,00 Mb Available Physical Memory | 37,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51,39 Gb Total Space | 10,86 Gb Free Space | 21,14% Space Free | Partition Type: NTFS
Computer Name: MARLENE | User Name: Marlène | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[color=#E56717]========== Shell Spawning ==========[/color]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
"Start" = 0
"Start" = 2
[color=#E56717]========== Firewall Settings ==========[/color]
"EnableFirewall" = 0
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"12741:TCP" = 12741:TCP:*:Enabled:BitComet 12741 TCP
"12741:UDP" = 12741:UDP:*:Enabled:BitComet 12741 UDP
"8080:TCP" = 8080:TCP:*:Enabled:@xpsp2res.dll,-22008
[color=#E56717]========== Authorized Applications List ==========[/color]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- File not found
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Disabled:eMule -- File not found
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- File not found
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"%windir%\explorer.exe" = %windir%\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1AA0F610-7226-4C99-85D7-5E75AFD0D5CE}_is1" = Geoplan-Geospace version 1.6
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Gestion de l'alimentation de la carte réseau interne
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{2F71F2BA-B513-4113-969C-18A84D238E27}" = 1310
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{80413011-029C-4D6B-B3AD-725DDE60B81C}" = 1310Trb
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (French) 12
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_ENTERPRISE_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_ENTERPRISE_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_ENTERPRISE_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-040C-0000-0000000FF1CE}" = Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007
"{90120000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2007
"{90120000-00BA-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}" = 924PLC32
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{968D41C3-25BB-4632-A6DF-2E1C8F0143A4}" = Microsoft LifeCam
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.1 - Français
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{BF1D09D6-CC68-F911-7678-CC4BABFEE87B}" = Manuel Interactif HATIER
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E21658D0-8C83-4ADD-937B-6ED07F335ABA}" = 1310Tour
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E90BEB5B-CFA0-418E-9ABB-4C4A7B0D9483}" = 1310_Help
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"avast5" = avast! Free Antivirus
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GeoGebra" = GeoGebra
"Google Chrome" = Google Chrome
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LimeWire" = LimeWire 5.2.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MI-HATIER-LETO.3CF329FC7EF006D94C1AC4C34744208D3C373211.1" = Manuel Interactif HATIER
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Oxford Advanced Genie" = Oxford Advanced Genie
"PhotoStitch" = Canon Utilities PhotoStitch
"ProInst" = Logiciel Intel(R) PROSet/Wireless
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VideoLAN VLC media player 0.8.6b
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Antivirus Events ]
Error - 14/10/2010 02:14:50 | Computer Name = MARLENE | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 03/11/2010 05:32:32 | Computer Name = MARLENE | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6545.5000, stamp 4c653e57,
 faulting module wwlib.dll, version 12.0.6545.5000, stamp 4c653fe2, debug? 0, fault
 address 0x0002010a.
Error - 03/11/2010 05:37:56 | Computer Name = MARLENE | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6545.5000, stamp 4c653e57,
 faulting module wwlib.dll, version 12.0.6545.5000, stamp 4c653fe2, debug? 0, fault
 address 0x0002010a.
Error - 03/11/2010 05:40:34 | Computer Name = MARLENE | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6545.5000, stamp 4c653e57,
 faulting module wwlib.dll, version 12.0.6545.5000, stamp 4c653fe2, debug? 0, fault
 address 0x0002010a.
Error - 03/11/2010 05:42:06 | Computer Name = MARLENE | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6545.5000, stamp 4c653e57,
 faulting module wwlib.dll, version 12.0.6545.5000, stamp 4c653fe2, debug? 0, fault
 address 0x0002010a.
Error - 03/11/2010 05:44:34 | Computer Name = MARLENE | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6545.5000, stamp 4c653e57,
 faulting module wwlib.dll, version 12.0.6545.5000, stamp 4c653fe2, debug? 0, fault
 address 0x0002010a.
Error - 03/11/2010 06:15:38 | Computer Name = MARLENE | Source = Microsoft Office 12 | ID = 5000
Description = EventType offdiag12, P1 5331c4b5-79aa-4837-aa71-66bf50ecbbc919899d9d-34dd-4bfd-bb92-bf108f953728,
 P2 NIL, P3 NIL, P4 NIL, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 03/11/2010 06:16:37 | Computer Name = MARLENE | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6545.5000, stamp 4c653e57,
 faulting module wwlib.dll, version 12.0.6545.5000, stamp 4c653fe2, debug? 0, fault
 address 0x0002010a.
Error - 03/11/2010 06:18:06 | Computer Name = MARLENE | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6545.5000, stamp 4c653e57,
 faulting module wwlib.dll, version 12.0.6545.5000, stamp 4c653fe2, debug? 0, fault
 address 0x0002010a.
Error - 03/11/2010 06:18:24 | Computer Name = MARLENE | Source = MsiInstaller | ID = 1013
Description = Produit : Microsoft .NET Framework 2.0 Service Pack 2 -- Microsoft
 .NET Framework 2.0 Service Pack 2 cannot be uninstalled because it will affect
other applications that are installed. For more information, see
Error - 11/11/2010 14:55:12 | Computer Name = MARLENE | Source = Application Hang | ID = 1002
Description = Application bloquée wmplayer.exe, version 11.0.5721.5145, module bloqué
 hungapp, version, adresse de blocage 0x00000000.
[ OSession Events ]
Error - 17/09/2010 03:24:12 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1514
 seconds with 900 seconds of active time.  This session ended with a crash.
Error - 20/09/2010 17:41:50 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9961
 seconds with 4500 seconds of active time.  This session ended with a crash.
Error - 14/10/2010 15:57:44 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3983
 seconds with 540 seconds of active time.  This session ended with a crash.
Error - 03/11/2010 05:32:21 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2640
 seconds with 1980 seconds of active time.  This session ended with a crash.
Error - 03/11/2010 05:37:50 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 47
 seconds with 0 seconds of active time.  This session ended with a crash.
Error - 03/11/2010 05:40:33 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 138
 seconds with 120 seconds of active time.  This session ended with a crash.
Error - 03/11/2010 05:42:05 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 82
 seconds with 60 seconds of active time.  This session ended with a crash.
Error - 03/11/2010 05:44:18 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 120
 seconds with 60 seconds of active time.  This session ended with a crash.
Error - 03/11/2010 06:16:34 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1907
 seconds with 300 seconds of active time.  This session ended with a crash.
Error - 03/11/2010 06:18:05 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 33
 seconds with 0 seconds of active time.  This session ended with a crash.
[ System Events ]
Error - 03/11/2010 06:20:15 | Computer Name = MARLENE | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur :   %%126
Error - 03/11/2010 06:20:16 | Computer Name = MARLENE | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur :   %%126
Error - 17/11/2010 09:39:06 | Computer Name = MARLENE | Source = Service Control Manager | ID = 7006
Description = L'appel ScRegSetValueExW a échoué pour FailureActions avec l'erreur :
Error - 17/11/2010 09:39:08 | Computer Name = MARLENE | Source = Service Control Manager | ID = 7006
Description = L'appel ScRegSetValueExW a échoué pour FailureActions avec l'erreur :
Error - 17/11/2010 09:39:10 | Computer Name = MARLENE | Source = Service Control Manager | ID = 7006
Description = L'appel ScRegSetValueExW a échoué pour FailureActions avec l'erreur :
Error - 18/11/2010 13:55:46 | Computer Name = MARLENE | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1053" lors de la mise en route du service dlcc_device
 avec les arguments ""  pour démarrer le serveur :  {323CE21C-A448-40AA-BA74-7FCF1E441069}
Error - 18/11/2010 13:55:46 | Computer Name = MARLENE | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
Error - 18/11/2010 13:55:46 | Computer Name = MARLENE | Source = Service Control Manager | ID = 7000
Description = Le service dlcc_device n'a pas pu démarrer en raison de l'erreur :
Error - 22/11/2010 12:43:34 | Computer Name = MARLENE | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk0\D.
Error - 23/11/2010 15:07:11 | Computer Name = MARLENE | Source = Service Control Manager | ID = 7034
Description = Le service Sygate Personal Firewall s'est terminé de façon inattendue
 pour la 1ème fois.
< End of report >
Re: Virus Win32:OnLineGames-FVB

Message le 23 Nov 2010 21:45


Fais cela dans l'ordre...

* Fais un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"


O4 - HKLM..\Run: [Install5G] D:\Install.exe File not found
O4 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006..\Run: [king_mg] C:\WINDOWS\system32\mgking.exe ()
O33 - MountPoints2\{f0861e48-d3c7-11da-b64e-806d6172696f}\Shell\AutoRun\command - "" = et3ypes.exe
O33 - MountPoints2\{f0861e48-d3c7-11da-b64e-806d6172696f}\Shell\open\Command - "" = et3ypes.exe
[2 C:\Documents and Settings\Marlène\Mes documents\*.tmp files -> C:\Documents and Settings\Marlène\Mes documents\*.tmp -> ]


* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport va s'ouvrir "OTL.Txt"
* Copie et colle le rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés


Tu as une infection qui se propage par support amovible (Clef USB, DD externe, carte photo SD,etc...)
Branche tous tes périphériques de stockage USB >> clefs USB, DD externe (en position "marche), carte photos etc...
Attention, ne les ouvre pas

  • Télécharge USBFix sur ton bureau
  • Fais un double-clic dessus pour le lancer
  • Fais le choix "Suppression", laisse travailler USBFix et poste le rapport qui sera généré.

@++ :wink:
Re: Virus Win32:OnLineGames-FVB

Message le 23 Nov 2010 22:08

Voilà le rapport de l'usb MAIS je ne trouve pas le rapport OTL

Code: Tout sélectionner
############################## | UsbFix 7.035 | [Suppression]

Utilisateur: Marlène (Administrateur) # MARLENE [ ]
Mis à jour le 22/11/10 par El Desaparecido / C_XX
Lancé à 21:58:39 | 23/11/2010
Site Web:

CPU: Genuine Intel(R) CPU T2300 @ 1.66GHz
CPU 2: Genuine Intel(R) CPU T2300 @ 1.66GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Pare-feu Windows: Activé
Antivirus: avast! Antivirus 5.0.83886757 [(!) Disabled | Updated]
Firewall: Sygate Personal Firewall 4.6 [Enabled]
RAM -> 502 Mo
C:\ (%systemdrive%) -> Disque fixe # 51 Go (11 Go libre(s) - 22%) [] # NTFS
D:\ -> CD-ROM
F:\ -> Disque amovible # 488 Mo (91 Mo libre(s) - 19%) [] # FAT

################## | Éléments infectieux |

Supprimé! C:\Recycler\S-1-5-21-2035062039-3169207473-3815781202-1006
Supprimé! C:\log.txt
Supprimé! F:\i00dvoym.exe
Supprimé! F:\l10.exe
Supprimé! F:\mi9al8rs.exe

################## | Mabezat |

Supprimé! F:\zPharaoh.exe

################## | Registre |

################## | Mountpoints2 |

################## | Listing |

[15/10/2009 - 20:14:18 | D ]    C:\$AVG8.VAULT$
[30/09/2009 - 21:24:47 | D ]    C:\5f1fc7b5f9377a7f65763fa06f9a4e07
[02/05/2010 - 08:33:04 | N | 217]    C:\boot.ini
[05/08/2004 - 12:00:00 | N | 4952]    C:\Bootfont.bin
[18/11/2010 - 19:05:27 | D ]    C:\Config.Msi
[20/08/2004 - 10:37:16 | N | 0]    C:\CONFIG.SYS
[11/07/2008 - 13:44:07 | D ]    C:\dell
[16/04/2006 - 15:27:54 | N | 5343]    C:\dell.sdr
[22/11/2010 - 17:42:47 | N | 7932]    C:\dlcc.log
[23/11/2010 - 19:29:03 | N | 12206]    C:\dlccscan.log
[30/04/2006 - 21:36:25 | D ]    C:\Documents and Settings
[23/11/2006 - 22:30:17 | D ]    C:\drivers
[23/11/2010 - 21:51:22 | ASH | 526843904]    C:\hiberfil.sys
[08/05/2009 - 18:40:48 | D ]    C:\i386
[29/06/2009 - 17:37:42 | N | 230424]    C:\img2-001.raw
[01/05/2006 - 10:11:19 | N | 4128]    C:\INFCACHE.1
[23/08/2010 - 22:26:49 | D ]    C:\Install
[20/08/2004 - 10:37:16 | N | 0]    C:\IO.SYS
[16/04/2006 - 15:51:13 | N | 829]    C:\IPH.PH
[20/08/2004 - 10:37:16 | N | 0]    C:\MSDOS.SYS
[01/05/2006 - 09:59:09 | RHD ]    C:\MSOCache
[13/10/2010 - 17:23:19 | D ]    C:\Navilog1
[05/08/2004 - 12:00:00 | N | 47564]    C:\NTDETECT.COM
[16/09/2008 - 15:29:19 | N | 252240]    C:\ntldr
[23/11/2010 - 21:51:21 | ASH | 792723456]    C:\pagefile.sys
[17/11/2010 - 14:39:31 | D ]    C:\Program Files
[23/11/2010 - 22:01:21 | SHD ]    C:\RECYCLER
[01/05/2006 - 10:04:28 | D ]    C:\sql2ksp3
[14/07/2009 - 15:57:13 | N | 232]    C:\sqmdata00.sqm
[18/07/2009 - 08:48:46 | N | 232]    C:\sqmdata01.sqm
[10/08/2009 - 09:17:13 | N | 232]    C:\sqmdata02.sqm
[01/11/2007 - 23:18:05 | N | 232]    C:\sqmdata03.sqm
[02/11/2007 - 10:28:27 | N | 232]    C:\sqmdata04.sqm
[02/11/2007 - 22:54:27 | N | 232]    C:\sqmdata05.sqm
[03/11/2007 - 18:03:36 | N | 232]    C:\sqmdata06.sqm
[03/11/2007 - 22:16:09 | N | 232]    C:\sqmdata07.sqm
[04/11/2007 - 12:01:50 | N | 232]    C:\sqmdata08.sqm
[04/11/2007 - 12:46:56 | N | 232]    C:\sqmdata09.sqm
[02/01/2008 - 12:53:31 | N | 232]    C:\sqmdata10.sqm
[02/01/2008 - 18:34:31 | N | 232]    C:\sqmdata11.sqm
[18/05/2008 - 12:04:04 | N | 232]    C:\sqmdata12.sqm
[12/09/2008 - 17:59:37 | N | 232]    C:\sqmdata13.sqm
[13/09/2008 - 11:01:50 | N | 232]    C:\sqmdata14.sqm
[14/09/2008 - 12:16:36 | N | 232]    C:\sqmdata15.sqm
[14/10/2008 - 12:12:08 | N | 232]    C:\sqmdata16.sqm
[14/10/2008 - 13:29:33 | N | 232]    C:\sqmdata17.sqm
[23/02/2009 - 09:04:44 | N | 232]    C:\sqmdata18.sqm
[06/06/2009 - 15:10:52 | N | 232]    C:\sqmdata19.sqm
[14/07/2009 - 15:57:13 | N | 244]    C:\sqmnoopt00.sqm
[18/07/2009 - 08:48:46 | N | 244]    C:\sqmnoopt01.sqm
[10/08/2009 - 09:17:12 | N | 244]    C:\sqmnoopt02.sqm
[01/11/2007 - 23:18:05 | N | 244]    C:\sqmnoopt03.sqm
[02/11/2007 - 10:28:27 | N | 244]    C:\sqmnoopt04.sqm
[02/11/2007 - 22:54:27 | N | 244]    C:\sqmnoopt05.sqm
[03/11/2007 - 18:03:36 | N | 244]    C:\sqmnoopt06.sqm
[03/11/2007 - 22:16:09 | N | 244]    C:\sqmnoopt07.sqm
[04/11/2007 - 12:01:50 | N | 244]    C:\sqmnoopt08.sqm
[04/11/2007 - 12:46:56 | N | 244]    C:\sqmnoopt09.sqm
[02/01/2008 - 12:53:31 | N | 244]    C:\sqmnoopt10.sqm
[02/01/2008 - 18:34:31 | N | 244]    C:\sqmnoopt11.sqm
[18/05/2008 - 12:04:03 | N | 244]    C:\sqmnoopt12.sqm
[12/09/2008 - 17:59:37 | N | 244]    C:\sqmnoopt13.sqm
[13/09/2008 - 11:01:50 | N | 244]    C:\sqmnoopt14.sqm
[14/09/2008 - 12:16:36 | N | 244]    C:\sqmnoopt15.sqm
[14/10/2008 - 12:12:08 | N | 244]    C:\sqmnoopt16.sqm
[14/10/2008 - 13:29:33 | N | 244]    C:\sqmnoopt17.sqm
[23/02/2009 - 09:04:43 | N | 244]    C:\sqmnoopt18.sqm
[06/06/2009 - 15:10:52 | N | 244]    C:\sqmnoopt19.sqm
[06/11/2010 - 11:06:12 | SHD ]    C:\System Volume Information
[23/11/2010 - 22:04:25 | D ]    C:\UsbFix
[23/11/2010 - 22:04:31 | A | 2877]    C:\UsbFix.txt
[17/11/2010 - 17:14:06 | D ]    C:\WINDOWS
[23/11/2010 - 21:48:05 | D ]    C:\_OTL
[04/09/2007 - 10:11:20 | N | 1167]    C:\_Sid.txt
[26/08/2007 - 15:00:18 | N | 51770]    F:\Instructions.pdf
[23/12/2009 - 10:57:46 | N | 20480]    F:\Le travail autonome (2).doc
[18/11/2010 - 12:21:28 | D ]    F:\adober.exe
[18/11/2010 - 13:19:08 | N | 5985]    F:\VaccinUSB.txt
[18/11/2010 - 12:21:28 | D ]    F:\comment.htt
[22/03/2006 - 09:21:16 | N | 24064]    F:\recueillir les représentations des élèves.doc
[01/12/2008 - 09:34:40 | N | 29184]    F:\Modalité pour travailler en groupe.doc
[20/10/2009 - 15:30:54 | N | 184320]    F:\capture.exe
[17/11/2010 - 16:56:38 | D ]    F:\Delivery
[17/11/2010 - 16:55:22 | N | 61568]    F:\Delivery.exe
[06/04/2010 - 15:01:56 | N | 122880]    F:\VaccinUSB.exe
[18/11/2010 - 12:21:28 | D ]    F:\copy.exe
[18/11/2010 - 12:21:28 | D ]    F:\host.exe
[18/11/2010 - 12:21:28 | D ]    F:\ravmon.exe
[18/11/2010 - 12:21:28 | D ]    F:\msvcr71.dll
[18/11/2010 - 12:21:28 | D ]    F:\ravmon.log
[18/11/2010 - 12:21:28 | D ]    F:\temp.exe
[18/11/2010 - 12:21:28 | D ]    F:\temp1.exe
[18/11/2010 - 12:21:28 | D ]    F:\temp2.exe
[18/11/2010 - 12:21:28 | D ]    F:\winfile.exe
[18/11/2010 - 12:21:28 | D ]    F:\autorun.inf
[18/11/2010 - 12:21:28 | D ]    F:\info.exe
[18/11/2010 - 12:21:28 | D ]    F:\sqlserv.exe
[09/09/2010 - 07:00:36 | N | 3768]    F:\BOOTEX.LOG
[05/04/2010 - 21:56:40 | N | 12357]    F:\Retour sur une séance de travail en groupe.docx
[06/04/2010 - 09:01:18 | N | 52736]    F:\Expérimentation2.doc
[06/04/2010 - 18:25:18 | N | 22906]    F:\Le CREDO.docx
[08/04/2010 - 14:07:18 | N | 249856]    F:\CV Professeur.doc
[08/04/2010 - 21:09:04 | N | 40018]    F:\postes.xlsx
[04/05/2010 - 11:25:22 | N | 16176]    F:\Discours oral PRAC2.docx
[02/07/2010 - 08:49:00 | D ]    F:\B.O et IUFM
[26/08/2010 - 10:51:30 | D ]    F:\2010-2011
[09/09/2010 - 07:42:02 | D ]    F:\Seconde 3H
[14/09/2010 - 10:46:46 | RSHD ]    F:\System
[02/07/2010 - 12:20:52 | N | 47616]    F:\Manuelsenvigueur.doc

################## | Vaccin |

C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
F:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

################## | Upload |

Veuillez envoyer le fichier: C:\
Merci de votre contribution.

################## | E.O.F |
Re: Virus Win32:OnLineGames-FVB

Message le 23 Nov 2010 22:11

Dans C: j'ai trouvé un dossier OTL avec un rapport daté d'aujourd'hui.
Le voici
Code: Tout sélectionner
All processes killed
========== FILES ==========
File\Folder C:\WINDOWS\system32\mgking.exe not found.
C:\autorun.inf moved successfully.
File\Folder C:\et3types.exe not found.
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Install5G deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2035062039-3169207473-3815781202-1006\Software\Microsoft\Windows\CurrentVersion\Run\\king_mg deleted successfully.
File C:\WINDOWS\system32\mgking.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0861e48-d3c7-11da-b64e-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0861e48-d3c7-11da-b64e-806d6172696f}\ not found.
File et3ypes.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0861e48-d3c7-11da-b64e-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0861e48-d3c7-11da-b64e-806d6172696f}\ not found.
File et3ypes.exe not found.
C:\Documents and Settings\Marlène\Mes documents\~WRD0000.tmp deleted successfully.
C:\Documents and Settings\Marlène\Mes documents\~WRD0001.tmp deleted successfully.
========== COMMANDS ==========
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 71280 bytes
User: Marlène
->Temp folder emptied: 6336807 bytes
->Temporary Internet Files folder emptied: 88931958 bytes
->Java cache emptied: 18170 bytes
->FireFox cache emptied: 101051448 bytes
->Google Chrome cache emptied: 557424 bytes
->Flash cache emptied: 58903 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6341714 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 194,00 mb
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: LocalService
User: Marlène
->Flash cache emptied: 0 bytes
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version log created on 11232010_214805
Re: Virus Win32:OnLineGames-FVB

Message le 23 Nov 2010 22:35


Toujours en laissant les clefs USB, DD externes etc...Branchés

Fais cela...

  • télécharge Malwarebytes >>ici
  • Pour t'aiderun super tuto de Danakil à lire avant le scan.
  • Choisie "exécuter un examen rapide" et à la fin du scan , coche tous les éléments trouvés,et clique sur supprimer la sélection.
  • Poste moi le rapport stp.

Re: Virus Win32:OnLineGames-FVB

Message le 23 Nov 2010 23:08

Cela semble parfait!!

Code: Tout sélectionner
Malwarebytes' Anti-Malware 1.46

Version de la base de données: 5177

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23/11/2010 23:06:47
mbam-log-2010-11-23 (23-06-47).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 144849
Temps écoulé: 13 minute(s), 4 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Merci bcp

Re: Virus Win32:OnLineGames-FVB

Message le 23 Nov 2010 23:30


non, ce n'est pas clean du tout et Avast est incroyablement à la rue :-?

toujours avec les clefs usb, DD externe branchés

* Fais un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"



* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport va s'ouvrir "OTL.Txt"
* Copie et colle le rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

ensuite relance Malwarebytes' et choisie cette fois ci "exécuter un examen complet"
Coches tous les lecteurs disponible et fais le scan...

je regarde les rapports demain après le taf :wink:

bonne nuit :wink:
Re: Virus Win32:OnLineGames-FVB

Message le 24 Nov 2010 18:14


Voilà le rapport OTL
Code: Tout sélectionner
All processes killed
========== FILES ==========
F:\adober.exe folder moved successfully.
F:\comment.htt folder moved successfully.
F:\copy.exe folder moved successfully.
F:\host.exe folder moved successfully.
F:\ravmon.exe folder moved successfully.
F:\msvcr71.dll folder moved successfully.
F:\ravmon.log folder moved successfully.
F:\temp.exe folder moved successfully.
F:\temp1.exe folder moved successfully.
F:\temp2.exe folder moved successfully.
F:\winfile.exe folder moved successfully.
F:\info.exe folder moved successfully.
F:\sqlserv.exe folder moved successfully.
F:\System\Drivers folder moved successfully.
F:\System folder moved successfully.
Folder move failed. F:\Autorun.inf scheduled to be moved on reboot.
========== COMMANDS ==========
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Marlène
->Temp folder emptied: 69980 bytes
->Temporary Internet Files folder emptied: 5609395 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 65987360 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 631 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 648700 bytes
Total Files Cleaned = 69,00 mb
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: LocalService
User: Marlène
->Flash cache emptied: 0 bytes
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version log created on 11242010_160018

et le rapport Malware
Code: Tout sélectionner
Malwarebytes' Anti-Malware 1.46

Version de la base de données: 5177

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24/11/2010 18:13:50
mbam-log-2010-11-24 (18-13-50).txt

Type d'examen: Examen complet (C:\|F:\|)
Elément(s) analysé(s): 229458
Temps écoulé: 1 heure(s), 22 minute(s), 28 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Alwil Software\Avast5\chrome\ChromeInst.exe (Trojan.Startpage) -> Delete on reboot.
C:\UsbFix\Quarantine\F\l10.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\F\mi9al8rs.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Merci beaucoup
Re: Virus Win32:OnLineGames-FVB

Message le 24 Nov 2010 18:53

hello :D

Fais cela stp...
Affiche les dossiers fichiers cachés comme cela...
  • Ouvre le poste de travail,puis clic sur outil/options des dossiers/choisie l'onglet"affichage"
  • Coches "Afficher les Fichiers et dossiers cachés"
  • Décoches "Masquer les fichiers protégés du système d'exploitation (recommandé)"
  • Décoches "Masquer les extensions dont le type est connu"
  • Acceptes les avertissements de Windows
  • Cliques sur "Appliquer" et "Ok" pour valider les changements

Ensuite rend toi sur virus total et fais analyser ces deux fichiers en rouge
(clique sur "parcourir" pour sélectionner le fichier et cliques sur "Send file"

Poste moi les deux liens relatif aux résultats des scans


toujours avec les clefs usb, DD externe branchés

peux-tu refaire un scan OTL comme tu l'as fais la première fois mais en utilisant cette citation là...

C:\Documents and Settings\Marlène\Application Data\MI-HATIER-LETO.3CF329FC7EF006D94C1AC4C34744208D3C373211.1\* /s /md5

Poste le rapport OTL (tu n'auras pas extrat.txt cette fois-ci ) 8)

@++ :wink:
