Problème de lenteur • page 3

Pac428 · le 23 Aoû 2011 11:14

Allez va, courage Romain

Romain12 · le 23 Aoû 2011 16:16

Alors voilà j'ai lancé la première opération (OTL) mais je ne comprends pas, je l'ai mis vers 11h30 ce matin et là je viens de l'arrêter parce qu'il est quand même 17h ! ça a l'air d'avoir planté, il n'y a rien qui bougeait, pas de barre d'avancement, juste le curseur qui devenait sablier en le passant devant OTL. ça peut arriver que ça dure plus de cinq heures ? Si vous me dites oui alors je le relancerai, mais cette nuit...

jeanmimigab · le 23 Aoû 2011 16:57

hello,

OTL c'est tout au plus 10/15 minutes si ça tourne sur une brouette

pas grave, fais la suite dans cet ordre, AD-Remover >> Malwarebytes , et TDSSKiller stp...

Romain12 · le 24 Aoû 2011 15:34

Voilà pour AD-Remover :

Code: Tout sélectionner: ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 10:57:36 le 24/08/2011, Mode normal Microsoft Windows XP Professionnel Service Pack 3 (X86) Renaud@RENAUD-PC ( ) ============== RECHERCHE ============== Fichier trouvé: C:\WINDOWS\system32\ConduitEngine.tmp Fichier trouvé: C:\WINDOWS\dbplugin.exe Fichier trouvé: C:\WINDOWS\pack.epk Fichier trouvé: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job Dossier trouvé: C:\Program Files\Ask.com Dossier trouvé: C:\Documents and Settings\Renaud\Local Settings\Application Data\AskToolbar Dossier trouvé: C:\Documents and Settings\Renaud\Local Settings\Application Data\Conduit Dossier trouvé: C:\Program Files\Application Updater Dossier trouvé: C:\Documents and Settings\Renaud\Application Data\DesktopIcon Dossier trouvé: C:\Documents and Settings\Renaud\Application Data\MessengerSkinner Dossier trouvé: C:\Documents and Settings\Renaud\Menu Démarrer\Programmes\MessengerSkinner Dossier trouvé: C:\Documents and Settings\Renaud\Application Data\OpenCandy Dossier trouvé: C:\Documents and Settings\Renaud\Local Settings\Application Data\OpenCandy Dossier trouvé: C:\Documents and Settings\Renaud\Application Data\pdfforge Dossier trouvé: C:\Program Files\pdfforge Toolbar Dossier trouvé: C:\Documents and Settings\Renaud\Application Data\Search Settings Dossier trouvé: C:\Program Files\Fichiers communs\Spigot Dossier trouvé: C:\Documents and Settings\All Users\Application Data\Viewpoint Dossier trouvé: C:\Program Files\Viewpoint Fichier trouvé: C:\WINDOWS\system32\ephisw_navtmp.dat Clé trouvée: HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Clé trouvée: HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Clé trouvée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Clé trouvée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Clé trouvée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Clé trouvée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Clé trouvée: HKLM\Software\Classes\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0} Clé trouvée: HKLM\Software\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E} Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1 Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary Clé trouvée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Clé trouvée: HKLM\Software\Classes\Conduit.Engine Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 Clé trouvée: HKLM\Software\Classes\Toolbar.CT2653012 Clé trouvée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL Clé trouvée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Clé trouvée: HKLM\Software\Application Updater Clé trouvée: HKLM\Software\AskToolbar Clé trouvée: HKLM\Software\Conduit Clé trouvée: HKLM\Software\MetaStream Clé trouvée: HKLM\Software\pdfforge Clé trouvée: HKLM\Software\Search Settings Clé trouvée: HKLM\Software\Viewpoint Clé trouvée: HKCU\Software\Ask.com Clé trouvée: HKCU\Software\AskToolbar Clé trouvée: HKCU\Software\Lanconfig Clé trouvée: HKCU\Software\AppDataLow\AskToolbarInfo Clé trouvée: HKCU\Software\AppDataLow\Software\Search Settings Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\MessengerSkinner Clé trouvée: HKLM\Software\Classes\Installer\Products\B6FDFB1B30C3ef645B7DABBB00368D0E Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\B6FDFB1B30C3ef645B7DABBB00368D0E Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B1BFDF6B-3C03-46fe-B5D7-BABB0063D8E0} Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer Clé trouvée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A Clé trouvée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F Clé trouvée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Clé trouvée: HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Clé trouvée: HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Valeur trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo jimddp Valeur trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo hpfanicgkffmccehnpkikogcffaepkfp Valeur trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo dgnckdmmolaijpbbakmplfhlfpdhglgc Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== SCAN ADDITIONNEL ============== **** Internet Explorer Version [8.0.6001.18702] **** HKCU_Main|Search Page - hxxp://www.google.com HKCU_Main|Start Page - hxxp://www.google.fr/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKCU_SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} - "Veoh Web Player Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...) HKCU_SearchScopes\{C7576B9D-B442-46bc-AF74-080A9E723E01} - "Search-Results Search" (hxxp://websearch.search-results.com/redirect?client=ie&tb=GET-SRS&o=16705&src=cr...) HKCU_SearchScopes\{D403802F-4D0E-4D79-8809-B16FFA2A0B9F} - "Mappy" (hxxp://fr.mappy.com/carte/#d={searchTerms}&p=map&src=IEM) HKCU_Toolbar|{1E796980-9CC5-11D1-A83F-00C04FC99D61} (x) HKCU_Toolbar\ShellBrowser|{4982D40A-C53B-4615-B15B-B5B5E98D167C} (x) HKCU_Toolbar\WebBrowser|{4982D40A-C53B-4615-B15B-B5B5E98D167C} (x) HKCU_Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (x) HKLM_Toolbar|{327C2873-E90D-4c37-AA9D-10AC9BABA46C} (C:\Program Files\Canon\Easy-WebPrint\Toolband.dll) HKCU_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Program Files\Ask.com\SaUpdate.exe (?) HKLM_ElevationPolicy\{44270ABA-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (x) HKLM_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Program Files\Ask.com\SaUpdate.exe (?) HKLM_ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} - C:\Program Files\Iminent\MMServer\Iminent.MMServer.exe (x) HKLM_Extensions\{11F19C45-9675-488A-A8E0-8E8234DC245D} - "Download Video" (C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll,201) HKLM_Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - "?" (?) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - "AcroIEHlprObj Class" (C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll) BHO\{53707962-6F74-2D53-2644-206D7942484F} - "?" (C:\Program Files\Spybot - Search & Destroy\SDHelper.dll) BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s) C:\Program Files\Ad-Remover\Backup: 0 Fichier(s) C:\Ad-Report-SCAN[1].txt - 24/08/2011 10:57:47 (6229 Octet(s)) Fin à: 10:58:50, 24/08/2011 ============== E.O.F ==============

Romain12 · le 24 Aoû 2011 15:37

Malwarebytes - en fait je le connais celui-là je l'ai utilisé quelques fois :

Code: Tout sélectionner: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Version de la base de données: 7551 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2011-08-24 15:55:30 mbam-log-2011-08-24 (15-55-30).txt Type d'examen: Examen complet (C:\|D:\|E:\|) Elément(s) analysé(s): 341560 Temps écoulé: 3 heure(s), 47 minute(s), 8 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): c:\system volume information\_restore{e5fc691c-dca7-44bc-8aee-8a08d727fe98}\RP1623\A0410997.dll (Adware.FreezeFrog) -> Quarantined and deleted successfully. c:\system volume information\_restore{e5fc691c-dca7-44bc-8aee-8a08d727fe98}\RP1618\A0406779.dll (Adware.FreezeFrog) -> Quarantined and deleted successfully.

Romain12 · le 24 Aoû 2011 15:38

Et TDSSKiller ; voilà j'espère que j'ai bien fait les choses !

Code: Tout sélectionner: 2011/08/24 16:23:45.0265 2960 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57 2011/08/24 16:23:45.0468 2960 ================================================================================ 2011/08/24 16:23:45.0468 2960 SystemInfo: 2011/08/24 16:23:45.0468 2960 2011/08/24 16:23:45.0468 2960 OS Version: 5.1.2600 ServicePack: 3.0 2011/08/24 16:23:45.0468 2960 Product type: Workstation 2011/08/24 16:23:45.0468 2960 ComputerName: RENAUD-PC 2011/08/24 16:23:45.0468 2960 UserName: Renaud 2011/08/24 16:23:45.0468 2960 Windows directory: C:\WINDOWS 2011/08/24 16:23:45.0468 2960 System windows directory: C:\WINDOWS 2011/08/24 16:23:45.0468 2960 Processor architecture: Intel x86 2011/08/24 16:23:45.0468 2960 Number of processors: 2 2011/08/24 16:23:45.0468 2960 Page size: 0x1000 2011/08/24 16:23:45.0468 2960 Boot type: Normal boot 2011/08/24 16:23:45.0468 2960 ================================================================================ 2011/08/24 16:23:47.0781 2960 Initialize success 2011/08/24 16:23:59.0078 3876 ================================================================================ 2011/08/24 16:23:59.0078 3876 Scan started 2011/08/24 16:23:59.0078 3876 Mode: Manual; 2011/08/24 16:23:59.0078 3876 ================================================================================ 2011/08/24 16:24:00.0203 3876 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys 2011/08/24 16:24:01.0671 3876 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/08/24 16:24:02.0234 3876 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/08/24 16:24:03.0234 3876 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/08/24 16:24:03.0703 3876 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys 2011/08/24 16:24:04.0281 3876 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/08/24 16:24:05.0953 3876 alcan5ln (e8a3f72f644c0b57f8ab894d04b289d7) C:\WINDOWS\system32\DRIVERS\alcan5ln.sys 2011/08/24 16:24:06.0453 3876 alcaudsl (4c9577888c53243e2991456f510488a1) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys 2011/08/24 16:24:07.0109 3876 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS 2011/08/24 16:24:08.0046 3876 ALCXWDM (5ff6f7e58c798f1474c0bbffc23cb78d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2011/08/24 16:24:09.0265 3876 AmdK8 (d7e6de8f676cf3a387f75e9ab404f7a4) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 2011/08/24 16:24:10.0203 3876 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/08/24 16:24:12.0078 3876 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys 2011/08/24 16:24:12.0609 3876 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys 2011/08/24 16:24:13.0140 3876 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys 2011/08/24 16:24:13.0796 3876 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys 2011/08/24 16:24:14.0437 3876 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys 2011/08/24 16:24:14.0968 3876 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys 2011/08/24 16:24:15.0484 3876 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/08/24 16:24:16.0031 3876 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/08/24 16:24:17.0125 3876 atksgt (e46d344412d1abc60c58e95c73bcdc70) C:\WINDOWS\system32\DRIVERS\atksgt.sys 2011/08/24 16:24:17.0671 3876 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/08/24 16:24:18.0156 3876 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/08/24 16:24:18.0703 3876 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/08/24 16:24:19.0234 3876 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys 2011/08/24 16:24:19.0312 3876 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys 2011/08/24 16:24:19.0796 3876 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/08/24 16:24:20.0343 3876 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/08/24 16:24:21.0187 3876 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/08/24 16:24:21.0671 3876 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/08/24 16:24:22.0187 3876 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/08/24 16:24:23.0640 3876 cmigameport (649716a7d7f1e847e8841297cb0ec435) C:\WINDOWS\system32\drivers\cmigameport.sys 2011/08/24 16:24:24.0328 3876 cmpci (b2b58bb03dc67c92dc1d81cb52d50cc2) C:\WINDOWS\system32\drivers\cmaudio.sys 2011/08/24 16:24:25.0187 3876 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\Program Files\pc_wizard\pcwiz_x32.sys 2011/08/24 16:24:25.0781 3876 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys 2011/08/24 16:24:26.0593 3876 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys 2011/08/24 16:24:28.0000 3876 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/08/24 16:24:28.0812 3876 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys 2011/08/24 16:24:29.0781 3876 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys 2011/08/24 16:24:30.0250 3876 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/08/24 16:24:30.0765 3876 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/08/24 16:24:31.0562 3876 driverhardwarev2 (538d18e402cb77077b1e99e7038ebcbe) C:\Program Files\HardwareDetection\driverhardwarev2.sys 2011/08/24 16:24:32.0078 3876 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/08/24 16:24:32.0796 3876 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/08/24 16:24:33.0312 3876 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/08/24 16:24:33.0859 3876 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys 2011/08/24 16:24:34.0343 3876 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/08/24 16:24:34.0906 3876 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/08/24 16:24:35.0421 3876 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/08/24 16:24:35.0968 3876 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/08/24 16:24:36.0546 3876 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\drivers\gameenum.sys 2011/08/24 16:24:37.0000 3876 GcKernel (72fe2bea6863d4eb93442a1c4fb5ca48) C:\WINDOWS\system32\DRIVERS\GcKernel.sys 2011/08/24 16:24:37.0546 3876 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/08/24 16:24:38.0156 3876 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/08/24 16:24:38.0625 3876 HIDSwvd (bd205320308fb41c88a4049a2d1764b4) C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys 2011/08/24 16:24:39.0140 3876 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/08/24 16:24:40.0109 3876 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/08/24 16:24:40.0578 3876 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/08/24 16:24:41.0046 3876 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/08/24 16:24:41.0656 3876 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/08/24 16:24:43.0156 3876 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/08/24 16:24:43.0671 3876 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/08/24 16:24:44.0187 3876 imhidusb (650d5219ffb925d8273e555275e931c6) C:\WINDOWS\system32\DRIVERS\imhidusb.sys 2011/08/24 16:24:47.0281 3876 IntcAzAudAddService (4aaa8312732655f93a254d1fa695eb79) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/08/24 16:24:48.0343 3876 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/08/24 16:24:48.0828 3876 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/08/24 16:24:49.0328 3876 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/08/24 16:24:49.0937 3876 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/08/24 16:24:50.0562 3876 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/08/24 16:24:51.0109 3876 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/08/24 16:24:51.0640 3876 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/08/24 16:24:52.0125 3876 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/08/24 16:24:52.0656 3876 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/08/24 16:24:53.0218 3876 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/08/24 16:24:53.0765 3876 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/08/24 16:24:54.0843 3876 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys 2011/08/24 16:24:55.0375 3876 litsgt (454b6c19c69ea71e83be967ab5444c55) C:\WINDOWS\system32\DRIVERS\litsgt.sys 2011/08/24 16:24:56.0343 3876 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2011/08/24 16:24:56.0812 3876 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/08/24 16:24:57.0312 3876 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys 2011/08/24 16:24:57.0796 3876 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/08/24 16:24:58.0343 3876 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/08/24 16:24:58.0828 3876 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/08/24 16:24:59.0890 3876 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/08/24 16:25:00.0609 3876 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/08/24 16:25:01.0343 3876 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/08/24 16:25:01.0875 3876 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/08/24 16:25:02.0312 3876 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/08/24 16:25:02.0734 3876 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/08/24 16:25:03.0125 3876 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/08/24 16:25:03.0546 3876 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/08/24 16:25:04.0218 3876 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/08/24 16:25:04.0734 3876 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/08/24 16:25:05.0375 3876 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/08/24 16:25:05.0921 3876 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/08/24 16:25:06.0375 3876 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/08/24 16:25:06.0875 3876 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/08/24 16:25:07.0390 3876 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/08/24 16:25:07.0828 3876 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/08/24 16:25:08.0281 3876 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/08/24 16:25:08.0812 3876 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/08/24 16:25:09.0406 3876 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/08/24 16:25:09.0859 3876 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/08/24 16:25:10.0453 3876 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/08/24 16:25:11.0203 3876 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/08/24 16:25:17.0687 3876 nv (f1de35c89d98a883d1b4030dc9896855) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/08/24 16:25:24.0031 3876 NVENETFD (70217a23470f4bb4c8fb4abe06813081) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 2011/08/24 16:25:24.0578 3876 nvgts (a117466b0acb13288deee4f2e936e67f) C:\WINDOWS\system32\DRIVERS\nvgts.sys 2011/08/24 16:25:25.0109 3876 nvnetbus (be8513730653384939a4d2d977c81027) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 2011/08/24 16:25:25.0640 3876 nv_agp (c0fcd544a1c4eea6d11a0ae6a07dac9d) C:\WINDOWS\system32\DRIVERS\nv_agp.sys 2011/08/24 16:25:26.0093 3876 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/08/24 16:25:26.0593 3876 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/08/24 16:25:27.0125 3876 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 2011/08/24 16:25:27.0656 3876 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 2011/08/24 16:25:28.0156 3876 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 2011/08/24 16:25:28.0656 3876 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/08/24 16:25:29.0625 3876 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/08/24 16:25:30.0125 3876 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/08/24 16:25:30.0578 3876 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/08/24 16:25:31.0046 3876 PCAMPR5 (b670c5d89f0726b7a2a7dfb4e968cdf8) C:\WINDOWS\system32\PCAMPR5.SYS 2011/08/24 16:25:31.0750 3876 PCANDIS5 (ecd2f9d67b06606064daf6961a6d5efe) C:\WINDOWS\system32\PCANDIS5.SYS 2011/08/24 16:25:32.0328 3876 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/08/24 16:25:33.0281 3876 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/08/24 16:25:33.0750 3876 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/08/24 16:25:37.0437 3876 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/08/24 16:25:37.0937 3876 Processor (e19c9632ac828f6f214391e2bdda11cb) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/08/24 16:25:38.0484 3876 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/08/24 16:25:38.0890 3876 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/08/24 16:25:41.0828 3876 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/08/24 16:25:42.0234 3876 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/08/24 16:25:42.0625 3876 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/08/24 16:25:43.0093 3876 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/08/24 16:25:43.0531 3876 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/08/24 16:25:44.0000 3876 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/08/24 16:25:44.0484 3876 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/08/24 16:25:45.0000 3876 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/08/24 16:25:45.0468 3876 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/08/24 16:25:45.0921 3876 SaiHFFB5 (2f29391718d226bb69ec4bb497ff32de) C:\WINDOWS\system32\DRIVERS\SaiHFFB5.sys 2011/08/24 16:25:46.0593 3876 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/08/24 16:25:47.0093 3876 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/08/24 16:25:47.0531 3876 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/08/24 16:25:47.0984 3876 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 2011/08/24 16:25:48.0890 3876 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/08/24 16:25:49.0734 3876 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/08/24 16:25:50.0296 3876 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/08/24 16:25:51.0000 3876 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/08/24 16:25:51.0718 3876 ssm_bus (df5c19f053eff7f8ba25d73aea899656) C:\WINDOWS\system32\DRIVERS\ssm_bus.sys 2011/08/24 16:25:52.0203 3876 ssm_mdfl (5347169fa449eabc4d0728ae39fab926) C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys 2011/08/24 16:25:52.0703 3876 ssm_mdm (7aae23dd105eed15c4f45fc269fa42a9) C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys 2011/08/24 16:25:53.0265 3876 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys 2011/08/24 16:25:53.0781 3876 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/08/24 16:25:54.0265 3876 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/08/24 16:25:54.0750 3876 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/08/24 16:25:55.0296 3876 SWUSBFLT (5212178c49079e40831d95ec7596fcc7) C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys 2011/08/24 16:25:57.0609 3876 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/08/24 16:25:58.0140 3876 tansgt (65e9377beddba680da9034da3ed44725) C:\WINDOWS\system32\DRIVERS\tansgt.sys 2011/08/24 16:25:58.0796 3876 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/08/24 16:25:59.0484 3876 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/08/24 16:25:59.0984 3876 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/08/24 16:26:00.0468 3876 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/08/24 16:26:01.0500 3876 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/08/24 16:26:02.0093 3876 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys 2011/08/24 16:26:02.0859 3876 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/08/24 16:26:03.0562 3876 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/08/24 16:26:04.0062 3876 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/08/24 16:26:04.0515 3876 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/08/24 16:26:05.0078 3876 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/08/24 16:26:05.0562 3876 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/08/24 16:26:06.0171 3876 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/08/24 16:26:06.0671 3876 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/08/24 16:26:07.0171 3876 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/08/24 16:26:07.0625 3876 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys 2011/08/24 16:26:08.0125 3876 usb_rndisx (ae4df3b7d1db9373b08db4ed224e26b6) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 2011/08/24 16:26:08.0625 3876 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/08/24 16:26:09.0609 3876 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/08/24 16:26:10.0265 3876 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/08/24 16:26:10.0765 3876 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 2011/08/24 16:26:11.0375 3876 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys 2011/08/24 16:26:12.0375 3876 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/08/24 16:26:12.0984 3876 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/08/24 16:26:13.0484 3876 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/08/24 16:26:13.0953 3876 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/08/24 16:26:14.0546 3876 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/08/24 16:26:14.0656 3876 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0 2011/08/24 16:26:14.0921 3876 Boot (0x1200) (27b93fcf3c4c2ec6eb1990739d4b738d) \Device\Harddisk0\DR0\Partition0 2011/08/24 16:26:14.0937 3876 ================================================================================ 2011/08/24 16:26:14.0937 3876 Scan finished 2011/08/24 16:26:14.0937 3876 ================================================================================ 2011/08/24 16:26:14.0984 3796 Detected object count: 0 2011/08/24 16:26:14.0984 3796 Actual detected object count: 0 2011/08/24 16:27:13.0375 2912 Deinitialize success

jeanmimigab · le 24 Aoû 2011 20:07

hello,

c'est pas mal tout ça, mais tu t'es trompé pour Adremover, tu n'as pas fais le choix suppression...

Relances ADRemover et fais bien le choix suppression cette fois-ci

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"

%systemdrive%\SaiHFFB5.sys /s /md5
C:\Documents and Settings\All Users\Application Data\aewc\* /s
C:\Documents and Settings\All Users\Application Data\aewc\*.* /s /md5

* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scanne un rapport va s'ouvrir "OTL.Txt"
* Poste le rapport dans ta réponse stp...
* Au cas où, tu peux le retrouver dans le dossier C:\OTL

Romain12 · le 25 Aoû 2011 15:23

Sorry...

Voici le bon rapport pour adremover :

Code: Tout sélectionner: ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 15:38:00 le 25/08/2011, Mode normal Microsoft Windows XP Professionnel Service Pack 3 (X86) Renaud@RENAUD-PC ( ) ============== ACTION(S) ============== Fichier supprimé: C:\WINDOWS\system32\ConduitEngine.tmp Fichier supprimé: C:\WINDOWS\dbplugin.exe Fichier supprimé: C:\WINDOWS\pack.epk Fichier supprimé: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job Dossier supprimé: C:\Program Files\Ask.com Dossier supprimé: C:\Documents and Settings\Renaud\Local Settings\Application Data\AskToolbar Dossier supprimé: C:\Documents and Settings\Renaud\Local Settings\Application Data\Conduit Dossier supprimé: C:\Program Files\Application Updater Dossier supprimé: C:\Documents and Settings\Renaud\Application Data\DesktopIcon Dossier supprimé: C:\Documents and Settings\Renaud\Application Data\MessengerSkinner Dossier supprimé: C:\Documents and Settings\Renaud\Menu Démarrer\Programmes\MessengerSkinner Dossier supprimé: C:\Documents and Settings\Renaud\Application Data\OpenCandy Dossier supprimé: C:\Documents and Settings\Renaud\Local Settings\Application Data\OpenCandy Dossier supprimé: C:\Documents and Settings\Renaud\Application Data\pdfforge Dossier supprimé: C:\Program Files\pdfforge Toolbar Dossier supprimé: C:\Documents and Settings\Renaud\Application Data\Search Settings Dossier supprimé: C:\Program Files\Fichiers communs\Spigot Dossier supprimé: C:\Documents and Settings\All Users\Application Data\Viewpoint Fichier supprimé: C:\WINDOWS\system32\ephisw_navtmp.dat (!) -- Fichiers temporaires supprimés. Clé supprimée: HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Clé supprimée: HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Clé supprimée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Clé supprimée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Clé supprimée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Clé supprimée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Clé supprimée: HKLM\Software\Classes\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0} Clé supprimée: HKLM\Software\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E} Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1 Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Clé supprimée: HKLM\Software\Classes\Conduit.Engine Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 Clé supprimée: HKLM\Software\Classes\Toolbar.CT2653012 Clé supprimée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL Clé supprimée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Clé supprimée: HKLM\Software\Application Updater Clé supprimée: HKLM\Software\AskToolbar Clé supprimée: HKLM\Software\Conduit Clé supprimée: HKLM\Software\pdfforge Clé supprimée: HKLM\Software\Search Settings Clé supprimée: HKLM\Software\Viewpoint Clé supprimée: HKCU\Software\Ask.com Clé supprimée: HKCU\Software\AskToolbar Clé supprimée: HKCU\Software\Lanconfig Clé supprimée: HKCU\Software\AppDataLow\AskToolbarInfo Clé supprimée: HKCU\Software\AppDataLow\Software\Search Settings Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\MessengerSkinner Clé supprimée: HKLM\Software\Classes\Installer\Products\B6FDFB1B30C3ef645B7DABBB00368D0E Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\B6FDFB1B30C3ef645B7DABBB00368D0E Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B1BFDF6B-3C03-46fe-B5D7-BABB0063D8E0} Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Clé supprimée: HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Clé supprimée: HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo jimddp Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo hpfanicgkffmccehnpkikogcffaepkfp Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo dgnckdmmolaijpbbakmplfhlfpdhglgc Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== SCAN ADDITIONNEL ============== **** Internet Explorer Version [8.0.6001.18702] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_SearchScopes\{C7576B9D-B442-46bc-AF74-080A9E723E01} - "Search-Results Search" (hxxp://websearch.search-results.com/redirect?client=ie&tb=GET-SRS&o=16705&src=cr...) HKCU_SearchScopes\{D403802F-4D0E-4D79-8809-B16FFA2A0B9F} - "Mappy" (hxxp://fr.mappy.com/carte/#d={searchTerms}&p=map&src=IEM) HKCU_Toolbar|{1E796980-9CC5-11D1-A83F-00C04FC99D61} (x) HKCU_Toolbar\ShellBrowser|{4982D40A-C53B-4615-B15B-B5B5E98D167C} (x) HKCU_Toolbar\WebBrowser|{4982D40A-C53B-4615-B15B-B5B5E98D167C} (x) HKLM_Toolbar|{327C2873-E90D-4c37-AA9D-10AC9BABA46C} (C:\Program Files\Canon\Easy-WebPrint\Toolband.dll) HKLM_ElevationPolicy\{44270ABA-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (x) HKLM_ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} - C:\Program Files\Iminent\MMServer\Iminent.MMServer.exe (x) HKLM_Extensions\{11F19C45-9675-488A-A8E0-8E8234DC245D} - "Download Video" (C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll,201) HKLM_Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - "?" (?) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - "AcroIEHlprObj Class" (C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll) BHO\{53707962-6F74-2D53-2644-206D7942484F} - "?" (C:\Program Files\Spybot - Search & Destroy\SDHelper.dll) BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?) ======================================== C:\Program Files\Ad-Remover\Quarantine: 174 Fichier(s) C:\Program Files\Ad-Remover\Backup: 14 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 25/08/2011 15:38:05 (1823 Octet(s)) C:\Ad-Report-SCAN[1].txt - 24/08/2011 10:57:47 (8766 Octet(s)) C:\Ad-Report-SCAN[2].txt - 25/08/2011 15:33:41 (8656 Octet(s)) Fin à: 15:40:04, 25/08/2011 ============== E.O.F ==============

Romain12 · le 25 Aoû 2011 15:24

Et OTL :

Code: Tout sélectionner: OTL logfile created on: 2011-08-25 16:01:25 - Run 2 OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Renaud\Mes documents\Renaud\Fichiers d'installation Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 79,13% Memory free 5,85 Gb Paging File | 5,60 Gb Available in Paging File | 95,88% Paging File free Paging file location(s): C:\pagefile.sys 4092 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 189,91 Gb Total Space | 93,42 Gb Free Space | 49,19% Space Free | Partition Type: NTFS Drive D: | 1,43 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: RENAUD-PC | User Name: Renaud | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-08-22 13:30:55 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Renaud\Mes documents\Renaud\Fichiers d'installation\OTL.exe PRC - [2011-05-10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2011-04-08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2008-12-02 22:13:14 | 000,542,136 | ---- | M] (Druide informatique inc.) -- C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe PRC - [2008-10-20 23:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2008-04-14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-09-25 19:27:50 | 000,065,536 | ---- | M] (France Telecom SA) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe PRC - [2007-04-30 11:10:00 | 000,394,856 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE PRC - [2003-08-27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-08-25 13:14:13 | 001,289,728 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11082500\algo.dll MOD - [2011-08-25 01:27:07 | 000,208,544 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11082500\aswRep.dll MOD - [2011-07-25 19:30:36 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\custmon32.dll MOD - [2011-03-02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2008-10-20 23:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe MOD - [2008-05-02 06:15:37 | 000,010,240 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll MOD - [2005-06-28 14:59:48 | 000,053,248 | ---- | M] () -- C:\Program Files\Hercules\WebCam Station\PhotoImpression\Share\PIHook.dll MOD - [2004-09-08 13:45:58 | 000,368,128 | ---- | M] () -- C:\Program Files\Filzip\fzshext.dll MOD - [2001-10-28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (Giraffic) SRV - [2011-05-10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2011-04-08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2008-10-20 23:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2007-09-25 19:27:50 | 000,065,536 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC) SRV - [2007-01-07 22:08:42 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2006-10-23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe -- (AOL ACS) SRV - [2005-04-04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004-09-29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2003-08-27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-07-06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011-05-10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011-05-10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011-05-10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011-05-10 14:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2011-05-10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011-05-10 13:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2011-05-10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011-02-27 18:59:49 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2011-02-27 18:59:48 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010-07-09 13:18:56 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files\pc_wizard\pcwiz_x32.sys -- (cpuz134) DRV - [2008-07-24 12:02:44 | 004,749,824 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008-04-13 20:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2008-04-13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008-04-13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008-03-25 05:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2008-03-25 05:48:06 | 000,054,400 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2008-02-27 16:16:58 | 000,137,344 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\litsgt.sys -- (litsgt) DRV - [2008-02-27 16:16:57 | 000,012,032 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tansgt.sys -- (tansgt) DRV - [2008-01-25 14:01:06 | 000,132,096 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts) DRV - [2006-07-24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2006-07-20 10:43:16 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\HardwareDetection\driverhardwarev2.sys -- (driverhardwarev2) DRV - [2006-03-01 19:53:54 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5) DRV - [2005-08-30 02:49:38 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm) DRV - [2005-08-30 02:49:34 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl) DRV - [2005-08-30 02:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) DRV - [2005-02-23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2004-10-01 15:06:12 | 000,373,952 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM) DRV - [2004-08-22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt) DRV - [2004-08-22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\d347bus.sys -- (d347bus) DRV - [2004-08-16 15:36:34 | 000,056,576 | R--- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiHFFB5.sys -- (SaiHFFB5) DRV - [2004-08-16 15:36:32 | 000,030,984 | R--- | M] (Immersion Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\imhidusb.sys -- (imhidusb) DRV - [2004-06-21 10:53:20 | 000,626,204 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004-02-24 05:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS) DRV - [2003-12-08 11:53:50 | 000,036,256 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5ln.sys -- (alcan5ln) SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS) DRV - [2003-12-08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl) DRV - [2003-11-07 06:00:00 | 000,035,328 | R--- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2003-10-29 07:02:00 | 000,021,120 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp) DRV - [2003-09-23 11:38:34 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5) DRV - [2003-04-23 18:43:48 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - [2002-02-07 17:54:34 | 000,003,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmigameport.sys -- (cmigameport) DRV - [2001-08-28 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2001-08-28 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2001-08-17 22:02:56 | 000,003,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWUSBFLT.SYS -- (SWUSBFLT) DRV - [2001-08-17 22:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes) FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Renaud\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) O1 HOSTS File: ([2007-07-29 23:15:06 | 000,000,904 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 66.98.148.65 auto.search.msn.com O1 - Hosts: 66.98.148.65 auto.search.msn.es O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKCU..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe (Druide informatique inc.) O4 - HKCU..\Run: [PCSpeedUp] File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.) O4 - Startup: C:\Documents and Settings\Renaud\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Download Video on This Page - C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato) O8 - Extra context menu item: Download Video This Links To - C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato) O9 - Extra Button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato) O9 - Extra 'Tools' menuitem : Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O15 - HKCU\..Trusted Domains: ([]msn in Poste de travail) O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKCU\..Trusted Domains: localhost ([]http in Sites de confiance) O15 - HKCU\..Trusted Domains: orange.fr ([www] http in Sites de confiance) O16 - DPF: {0878F049-D33E-45E0-A157-C36A6683CF25} http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1063_XP.cab (Reg Error: Key error.) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Amazing%20Adventures%20Around%20the%20World/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1CD4E2DC-2DA0-4154-8723-38CB04FB6A58} http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1062_XP.cab (Reg Error: Key error.) O16 - DPF: {1D0A339E-315D-4DFE-B4EE-DDD494BB31EA} http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1068_XP.cab (Reg Error: Key error.) O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab (Reg Error: Key error.) O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} http://www.cult3d.com/download/cult.cab (Cult3D ActiveX Player) O16 - DPF: {321F38B6-7E5F-470E-B58C-927523B7AF92} http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1069_em_XP.cab (Reg Error: Key error.) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1068_em_XP.cab (Reg Error: Key error.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185743918968 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185743906921 (MUWebControl Class) O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} http://esupport.epson-europe.com/selftest/fr/Prg/ESTPTest.cab (EPSON Web Printer-SelfTest Control Class) O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://drivers1.free.fr/telecharger.php?id=2&version= (HardwareDetection Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1070_em_XP.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CB5D474E-A510-40A4-B5A4-838933BCBA64} http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1065_XP.cab (Reg Error: Key error.) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Amazing%20Adventures%20Around%20the%20World/Images/armhelper.ocx (ArmHelper Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {F607AD2B-B04E-40F9-AF0C-0B8F048CCA3F} http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1074_em_XP.cab (Reg Error: Key error.) O16 - DPF: {FA1D6D8F-C6ED-4752-8512-A33283240130} http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1066_XP.cab (Reg Error: Key error.) O16 - DPF: {FBF65A16-C9AB-465E-AECE-D2D9D5AB5E60} http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1067_XP.cab (Reg Error: Key error.) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Renaud/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg O24 - Desktop Components:1 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Renaud\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Renaud\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005-07-10 21:19:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005-05-03 15:41:38 | 001,895,957 | R--- | M] () - D:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2005-03-16 15:20:18 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2006-07-27 14:19:24 | 000,006,191 | R--- | M] () - D:\AUTORUN.ini -- [ CDFS ] O33 - MountPoints2\{0ba20d6e-fecb-11dd-aceb-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{0ba20d6e-fecb-11dd-aceb-806d6172696f}\Shell\AutoRun\command - "" = D:\EAutorun.exe -- [2006-04-13 09:52:26 | 000,241,664 | R--- | M] (Mindscape) O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Bin\assetup.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-08-24 16:28:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Renaud\Recent [2011-08-24 16:23:11 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Renaud\Bureau\TDSSKiller.exe [2011-08-24 11:11:12 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Renaud\Bureau\mbam-setup-1.51.1.1800.exe [2011-08-24 10:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Renaud\Menu Démarrer\Programmes\Ad-Remover [2011-08-24 10:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover [2011-08-23 11:56:06 | 000,000,000 | ---D | C] -- C:\_OTL [2011-08-23 08:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Renaud\Bureau\Vareuses sans dagger hanger slash [2011-08-11 18:00:05 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS [2011-08-11 17:58:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MyPDFConverter [2011-08-11 17:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\MyPDFConverter [2011-08-10 05:25:44 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys [2011-08-10 05:24:54 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys [2011-08-06 18:16:51 | 000,000,000 | ---D | C] -- C:\Sharing Downloads [2011-08-06 18:16:34 | 000,131,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSADODC.ocx [2011-08-06 18:16:34 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX [2011-08-06 18:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\Tomato [2011-08-06 18:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Renaud\Application Data\PCF-VLC [2011-08-06 18:06:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Renaud\Application Data\gtk-2.0 [2011-08-06 18:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Renaud\Application Data\Participatory Culture Foundation [2011-08-06 17:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\Participatory Culture Foundation [2011-08-06 16:04:16 | 001,557,616 | ---- | C] (LULU Software) -- C:\Documents and Settings\Renaud\Bureau\FIXIO_PC_Cleaner_2011_Installer.exe [2011-08-04 20:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games [2011-08-04 20:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games [2011-08-04 20:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\BoontyGames [2005-07-10 21:29:19 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys [2005-07-10 21:29:19 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-08-25 16:00:37 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\Renaud\Bureau\Raccourci vers OTL.exe.lnk [2011-08-25 16:00:33 | 000,000,041 | ---- | M] () -- C:\WINDOWS\Filzip.ini [2011-08-25 15:59:01 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011-08-25 15:55:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-08-25 15:54:32 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011-08-25 15:53:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-08-24 20:48:46 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011-08-24 16:21:36 | 001,390,139 | ---- | M] () -- C:\Documents and Settings\Renaud\Bureau\tdsskiller.zip [2011-08-24 11:11:12 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Renaud\Bureau\mbam-setup-1.51.1.1800.exe [2011-08-24 10:57:07 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Renaud\Bureau\Ad-Remover.lnk [2011-08-24 09:39:52 | 000,029,441 | ---- | M] () -- C:\Documents and Settings\Renaud\Bureau\Pièce puzzle chat0001.JPG [2011-08-24 09:30:31 | 000,767,366 | ---- | M] () -- C:\Documents and Settings\Renaud\Bureau\Pièce puzzle chat0003.JPG [2011-08-24 09:27:10 | 000,513,803 | ---- | M] () -- C:\Documents and Settings\Renaud\Bureau\Pièce puzzle chat.JPG [2011-08-23 08:47:20 | 000,000,438 | ---- | M] () -- C:\Documents and Settings\Renaud\Bureau\Documents partagés.lnk [2011-08-22 15:48:36 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Renaud\Bureau\TDSSKiller.exe [2011-08-20 11:10:09 | 000,000,147 | ---- | M] () -- C:\WINDOWS\Antidote.ini [2011-08-20 11:00:50 | 000,002,559 | ---- | M] () -- C:\Documents and Settings\Renaud\Bureau\Microsoft Word.lnk [2011-08-19 12:46:41 | 000,156,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-08-16 21:51:11 | 000,580,334 | ---- | M] () -- C:\Documents and Settings\Renaud\Bureau\Photographies récentes 021.jpg [2011-08-16 21:50:12 | 000,537,872 | ---- | M] () -- C:\Documents and Settings\Renaud\Bureau\Photographies récentes 020.jpg [2011-08-11 21:15:01 | 001,326,683 | ---- | M] () -- C:\Documents and Settings\Renaud\Bureau\jessy.jpg [2011-08-10 17:19:30 | 000,500,958 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2011-08-10 17:19:30 | 000,432,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011-08-10 17:19:30 | 000,080,984 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2011-08-10 17:19:30 | 000,067,788 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011-08-06 18:10:01 | 000,000,865 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Batch Download.lnk [2011-08-06 18:10:01 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\YouTube Video Downloader.lnk [2011-08-06 18:10:01 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\FLV Player.lnk [2011-08-06 18:09:20 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Renaud\.recently-used.xbel [2011-08-06 16:04:17 | 001,557,616 | ---- | M] (LULU Software) -- C:\Documents and Settings\Renaud\Bureau\FIXIO_PC_Cleaner_2011_Installer.exe [2011-08-04 20:20:35 | 000,001,724 | ---- | M] () -- C:\Documents and Settings\Renaud\Bureau\ Jeux à télécharger.lnk [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-08-25 16:00:37 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\Renaud\Bureau\Raccourci vers OTL.exe.lnk [2011-08-24 16:21:26 | 001,390,139 | ---- | C] () -- C:\Documents and Settings\Renaud\Bureau\tdsskiller.zip [2011-08-24 10:57:07 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Renaud\Bureau\Ad-Remover.lnk [2011-08-24 09:29:51 | 000,767,366 | ---- | C] () -- C:\Documents and Settings\Renaud\Bureau\Pièce puzzle chat0003.JPG [2011-08-24 09:27:47 | 000,029,441 | ---- | C] () -- C:\Documents and Settings\Renaud\Bureau\Pièce puzzle chat0001.JPG [2011-08-24 09:26:24 | 000,513,803 | ---- | C] () -- C:\Documents and Settings\Renaud\Bureau\Pièce puzzle chat.JPG [2011-08-19 18:55:35 | 000,135,192 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Ensemble.jpg [2011-08-19 18:54:29 | 000,069,276 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Sans titre-3 copie.jpg [2011-08-19 18:54:29 | 000,065,773 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Sans titre-2 copie.jpg [2011-08-19 18:54:26 | 002,067,846 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Photographies récentes 137.jpg [2011-08-19 18:54:25 | 000,751,832 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Photographies récentes 134.jpg [2011-08-19 18:54:25 | 000,751,642 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Photographies récentes 135.jpg [2011-08-19 14:31:33 | 000,000,438 | ---- | C] () -- C:\Documents and Settings\Renaud\Bureau\Documents partagés.lnk [2011-08-14 19:59:58 | 000,580,334 | ---- | C] () -- C:\Documents and Settings\Renaud\Bureau\Photographies récentes 021.jpg [2011-08-14 19:59:20 | 000,537,872 | ---- | C] () -- C:\Documents and Settings\Renaud\Bureau\Photographies récentes 020.jpg [2011-08-11 21:14:53 | 001,326,683 | ---- | C] () -- C:\Documents and Settings\Renaud\Bureau\jessy.jpg [2011-08-11 18:00:24 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll [2011-08-08 19:22:12 | 005,136,314 | ---- | C] () -- C:\Documents and Settings\Renaud\Bureau\Laisse Tomber Les Filles - France Gall.mp3 [2011-08-08 19:22:10 | 002,436,328 | ---- | C] () -- C:\Documents and Settings\Renaud\Bureau\France Gall - Poupée de cire, poupée de son.mp3 [2011-08-06 18:10:01 | 000,000,865 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Batch Download.lnk [2011-08-06 18:10:01 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\YouTube Video Downloader.lnk [2011-08-06 18:10:01 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\FLV Player.lnk [2011-08-06 18:09:20 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Renaud\.recently-used.xbel [2011-08-04 20:20:35 | 000,001,724 | ---- | C] () -- C:\Documents and Settings\Renaud\Bureau\ Jeux à télécharger.lnk [2011-07-10 10:47:09 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2011-07-09 10:21:20 | 000,000,147 | ---- | C] () -- C:\WINDOWS\Antidote.ini [2011-05-16 21:08:19 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2011-05-14 05:34:43 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2011-05-14 05:32:30 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2011-05-14 05:32:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2011-03-03 14:32:04 | 000,099,224 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2011-02-27 18:59:49 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2011-02-27 18:59:48 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2011-02-23 02:57:00 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2010-12-29 12:33:51 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010-12-09 18:26:05 | 000,113,588 | ---- | C] () -- C:\WINDOWS\hpoins07.dat [2010-12-09 18:26:05 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat [2010-11-28 18:15:19 | 000,068,984 | ---- | C] () -- C:\WINDOWS\hpoins05.dat [2010-11-28 18:15:19 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat [2010-11-28 17:21:14 | 000,006,390 | ---- | C] () -- C:\WINDOWS\System32\EPSTP32U.DAT [2010-01-10 20:55:00 | 000,003,231 | ---- | C] () -- C:\WINDOWS\System32\feqibskd.dat [2009-08-30 16:43:18 | 000,185,344 | ---- | C] () -- C:\WINDOWS\patchw32.dll [2009-02-20 00:44:16 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2009-02-19 23:34:27 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2009-02-19 23:23:18 | 000,005,263 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2009-02-19 23:23:16 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2008-09-18 00:55:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008-08-01 18:15:41 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL [2008-04-21 15:22:47 | 000,211,835 | ---- | C] () -- C:\Program Files\fb_maps09p.SFS [2008-04-21 15:22:46 | 017,555,104 | ---- | C] () -- C:\Program Files\fb_3do10p.SFS [2008-04-01 17:41:32 | 000,001,136 | ---- | C] () -- C:\Documents and Settings\Renaud\Application Data\filterclsid.dat [2008-02-27 16:16:58 | 000,137,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\litsgt.sys [2008-02-27 16:16:57 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\tansgt.sys [2007-12-29 21:25:10 | 000,001,028 | ---- | C] () -- C:\Documents and Settings\Renaud\Application Data\AVIEncoder.wff [2007-12-28 04:54:34 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll [2007-12-28 04:54:05 | 000,000,107 | ---- | C] () -- C:\WINDOWS\System32\buyurl_rm.dat [2007-12-28 04:47:08 | 000,004,892 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dyaniilw.kxq [2007-11-28 03:19:14 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007-11-16 01:50:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt [2007-11-16 01:30:20 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007-10-28 22:16:14 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe [2007-10-28 21:22:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tmlpwin.exe [2007-09-27 20:48:18 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini [2007-09-25 21:49:51 | 000,039,319 | ---- | C] () -- C:\WINDOWS\cmijack.dat [2007-09-25 21:49:49 | 000,023,041 | ---- | C] () -- C:\WINDOWS\cmaudio.dat [2007-09-25 21:49:49 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\cmigameport.sys [2007-08-02 20:33:47 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Renaud\Application Data\$_hpcst$.hpc [2007-07-30 14:35:39 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat [2007-02-02 01:26:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat [2007-01-01 01:53:31 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2006-11-17 14:29:09 | 000,003,476 | ---- | C] () -- C:\WINDOWS\mozver.dat [2006-09-23 14:10:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL [2006-09-23 14:09:11 | 000,000,040 | ---- | C] () -- C:\WINDOWS\Navigma.INI [2006-09-02 22:23:14 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2006-05-22 14:09:30 | 000,001,719 | ---- | C] () -- C:\WINDOWS\MPW.INI [2006-05-06 15:25:42 | 000,025,601 | ---- | C] () -- C:\WINDOWS\CSTBox.INI [2006-04-09 18:06:16 | 000,000,008 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2006-02-19 16:05:02 | 000,000,046 | ---- | C] () -- C:\WINDOWS\versaill.ini [2005-12-08 12:46:09 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\Filzip.ini [2005-11-06 15:26:12 | 000,005,004 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat [2005-10-30 19:07:58 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2005-10-30 19:07:57 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2005-10-30 19:07:57 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2005-10-26 11:13:31 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll [2005-09-23 15:25:54 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Filzip.ini [2005-08-13 19:32:57 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT [2005-08-12 23:57:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2005-08-11 23:41:17 | 000,002,151 | ---- | C] () -- C:\WINDOWS\eReg.dat [2005-08-05 17:34:06 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll [2005-08-05 17:34:06 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll [2005-07-24 18:36:00 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\Renaud\Application Data\QuickZip45.ini [2005-07-14 00:42:10 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2005-07-12 20:06:27 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005-07-11 12:13:32 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll [2005-07-11 12:13:29 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2005-07-11 11:41:39 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005-07-11 09:49:26 | 000,000,735 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk [2005-07-11 09:48:18 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2005-07-11 09:32:13 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER300Euro.ini [2005-07-11 09:29:15 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2005-07-11 04:17:05 | 000,004,557 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005-07-11 04:15:52 | 000,156,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2005-07-10 23:36:58 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Renaud\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005-07-10 21:21:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2005-07-10 21:17:46 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004-08-22 17:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll [2004-08-02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2003-04-18 12:16:11 | 000,282,112 | ---- | C] () -- C:\WINDOWS\System32\CNCS232.DLL [2003-03-27 16:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini [2002-08-29 12:18:54 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2001-08-28 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001-08-28 14:00:00 | 000,500,958 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat [2001-08-28 14:00:00 | 000,432,832 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001-08-28 14:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat [2001-08-28 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001-08-28 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001-08-28 14:00:00 | 000,080,984 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat [2001-08-28 14:00:00 | 000,067,788 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001-08-28 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001-08-28 14:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat [2001-08-28 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001-08-28 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2001-08-23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001-08-23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001-07-06 16:30:00 | 000,003,279 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI [2000-11-29 09:50:40 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\QTExporter.dll [1999-01-27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll [1997-06-14 09:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\SaiHFFB5.sys /s /md5 >[/color] [2004-08-16 15:36:34 | 000,056,576 | R--- | M] (Saitek) MD5=2F29391718D226BB69EC4BB497FF32DE -- C:\WINDOWS\system32\drivers\SaiHFFB5.sys [2004-08-16 15:36:34 | 000,056,576 | R--- | M] (Saitek) MD5=2F29391718D226BB69EC4BB497FF32DE -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\SaiHFFB5.sys [color=#A23BEC]< C:\Documents and Settings\All Users\Application Data\aewc\* /s >[/color] [2011-08-11 18:05:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\aewc\BOD103.tmp.30014.print [2011-08-12 15:16:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\aewc\BOD3B.tmp.30014.print [2 C:\Documents and Settings\All Users\Application Data\aewc\*.tmp files -> C:\Documents and Settings\All Users\Application Data\aewc\*.tmp -> ] [color=#A23BEC]< C:\Documents and Settings\All Users\Application Data\aewc\*.* /s /md5 >[/color] [2011-08-11 18:05:37 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Documents and Settings\All Users\Application Data\aewc\BOD103.tmp.30014.print [2011-08-12 15:16:47 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Documents and Settings\All Users\Application Data\aewc\BOD3B.tmp.30014.print [2 C:\Documents and Settings\All Users\Application Data\aewc\*.tmp files -> C:\Documents and Settings\All Users\Application Data\aewc\*.tmp -> ] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8E82994 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FFFCB9A9 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0A7AFFA < End of report >

jeanmimigab · le 25 Aoû 2011 18:41

hello, c'est mieux, mais comme OTL avait planter durant le fix il en reste une dose a virer...

Fais cela stp...

Télécharge sur ton bureau MyHosts (Par jeanmimigab) et exécutes-le.
Postes le rapport qui sera généré.

ensuite...

désactive ton Anti-virus le temps de faire ces manipulations.

>>Télécharge Winsockxpfix sur ton bureau et passe à la suite.

========================================================================================================

ensuite...

Télécharge Combofix sur ton Bureau (et pas ailleurs)
pour cela fais un clic droit sur [b]Combofix.exe ,choisis "enregistrer la cible du lien sous..." et pour l'emplacement choisis ton bureau et cliques sur "enregistrer"

Double clique ComboFix.exe pour démarrer le scan et suis les instructions indiquées par combofix.
Si Combofix te demande te demande l'autorisation de télécharger et installer la console de récupération Windows, acceptes et suis les instructions.
Lorsque le scan sera complet, un rapport apparaîtra, enregistre le sur ton bureau.
Même si combofix a fait redémarrer ton PC, redémarre impérativement ton pc une deuxième fois !!
Copie/colle le rapport combofix dans ta prochaine réponse

NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NOTE : Ne pas cliquer dans la fenêtre de Combofix durant l'analyse ; ceci provoquerait le gel du programme.

========================================================================================================

si a tout hasard ta connexion internet n'est plus active après le redémarrage du pc fait cela pour la réparer...

Fait un double clic sur l'icône

de WinsockXPFix.

>>clique sur "Fix" > et si ton pc ne redémarre pas,redémarre le manuellement.

@++ :wink:

Romain12 · le 26 Aoû 2011 11:54

Code: Tout sélectionner: ** Rapport MyHosts.txt ** MyHosts V.1.0.0.2 de jeanmimigab Merci à la team MH, W-T ,C_XX, Laddy et à Batch_man pour leurs aides Résultat de l'opération:restauration du fichier hosts réussi... ** Fin du rapport **

Code: Tout sélectionner: ComboFix 11-08-25.05 - Renaud 2011-08-26 11:35:38.1.2 - x86 Lancé depuis: c:\documents and settings\Renaud\Bureau\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\messenger\msmsgsin.exe c:\windows\daemon.dll c:\windows\ehome\medctrro.exe c:\windows\ST6UNST.000 . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-07-26 au 2011-08-26 )))))))))))))))))))))))))))))))))))) . . 2071-07-25 08:13 . 2006-11-21 19:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe 2011-08-26 08:31 . 2011-08-26 08:31 -------- d-----w- C:\MyHosts 2011-08-24 08:57 . 2011-08-24 08:57 -------- d-----w- c:\program files\Ad-Remover 2011-08-23 09:56 . 2011-08-23 09:56 -------- d-----w- C:\_OTL 2011-08-11 16:00 . 2011-07-25 17:30 86016 ----a-w- c:\windows\system32\custmon32.dll 2011-08-11 16:00 . 2011-08-11 16:00 -------- d-----w- c:\program files\GPLGS 2011-08-11 15:58 . 2011-08-11 15:59 -------- d-----w- c:\program files\MyPDFConverter 2011-08-10 03:25 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-10 03:24 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2011-08-06 16:16 . 2011-08-06 16:16 -------- d-----w- C:\Sharing Downloads 2011-08-06 16:16 . 2004-03-08 22:00 131856 ----a-w- c:\windows\system32\MSADODC.ocx 2011-08-06 16:16 . 2000-12-05 22:00 109248 ----a-w- c:\windows\system32\MSWINSCK.OCX 2011-08-06 16:09 . 2011-08-06 16:09 -------- d-----w- c:\program files\Tomato 2011-08-06 16:09 . 2011-08-06 16:09 -------- d-----w- c:\documents and settings\Renaud\Application Data\PCF-VLC 2011-08-06 16:06 . 2011-08-06 16:06 -------- d-----w- c:\documents and settings\Renaud\Application Data\gtk-2.0 2011-08-06 16:02 . 2011-08-06 16:02 -------- d-----w- c:\documents and settings\Renaud\Application Data\Participatory Culture Foundation 2011-08-06 15:59 . 2011-08-06 15:59 -------- d-----w- c:\program files\Participatory Culture Foundation 2011-08-04 18:40 . 2011-08-04 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Big Fish Games 2011-08-04 18:21 . 2011-08-04 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-15 13:29 . 2002-08-28 23:59 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-09 08:21 . 2011-07-09 08:21 97280 ----a-r- c:\documents and settings\Renaud\Application Data\Microsoft\Installer\{A474EA56-5DBD-4181-8230-806A4762EA7F}\IconA474EA561.exe 2011-07-08 14:02 . 2001-08-28 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-06 17:52 . 2011-02-10 04:37 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 17:52 . 2011-02-10 04:37 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-24 14:10 . 2005-07-10 19:17 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:31 . 2002-08-29 09:45 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:31 . 2002-08-29 09:45 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-06-23 18:31 . 2002-08-29 09:44 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 12:05 . 2007-07-29 22:02 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2002-08-29 09:45 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-06-06 11:35 . 2002-08-29 09:32 1859072 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-28 68856] "EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE" [2003-09-11 99840] "Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2008-12-02 542136] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . c:\documents and settings\Renaud\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2011-2-11 110592] . c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2011-2-11 110592] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-4-30 394856] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] 2007-06-21 10:01 70952 ----a-r- c:\program files\Fichiers communs\AOL\ACS\AOLDial.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] 2006-11-17 13:16 50736 ----a-w- c:\program files\Fichiers communs\AOL\1164577703\ee\aolsoftware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ATI Smart"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "AOL ACS"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Fichiers communs\\AOL\\1164577703\\ee\\aolsoftware.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"= . R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2005-07-10 155136] R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2005-07-10 5248] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-05-18 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-02-07 307928] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-02-07 19544] R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [2008-02-27 137344] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-15 2218600] R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [2008-02-27 12032] S2 Giraffic;Giraffic Video Accelerator;c:\program files\Giraffic\GirafficWatchdog.exe --service --> c:\program files\Giraffic\GirafficWatchdog.exe --service [?] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664] S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [2005-07-11 36256] S3 cpuz134;cpuz134;c:\program files\pc_wizard\pcwiz_x32.sys [2011-02-10 20328] S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664] S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2008-06-11 30984] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-02-10 41272] S3 ovt530;Webcam Classic;c:\windows\system32\Drivers\ov530vid.sys --> c:\windows\system32\Drivers\ov530vid.sys [?] S3 SaiHFFB5;SaiHFFB5;c:\windows\system32\drivers\SaiHFFB5.sys [2008-06-11 56576] S3 SWUSBFLT;Pilote de filtre Microsoft SideWinder VIA;c:\windows\system32\drivers\SWUSBFLT.SYS [2010-05-03 3968] . Contenu du dossier 'Tâches planifiées' . 2011-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 12:22] . 2011-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 12:22] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ IE: Download Video on This Page - c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/211 IE: Download Video This Links To - c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/212 IE: {{11F19C45-9675-488A-A8E0-8E8234DC245D} - res://c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/211 Trusted Zone: localhost Trusted Zone: orange.fr\www TCP: DhcpNameServer = 192.168.1.1 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {F607AD2B-B04E-40F9-AF0C-0B8F048CCA3F} - hxxp://scripts.dlv4.com/binaries/egaccess4/egaccess4_1074_em_XP.cab . - - - - ORPHELINS SUPPRIMES - - - - . Toolbar-Locked - (no file) HKCU-Run-PCSpeedUp - c:\program files\Accelerer PC\PCSpeedUp.exe Notify-AtiExtEvent - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-26 12:09 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run EPSON Stylus Photo R300 Series = c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"?????m????????????Y:~????????????????p????????????????????Y:~????p???????????8???????????X?;~????p???????j?;~p??????????????|??????? . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . Heure de fin: 2011-08-26 12:23:42 ComboFix-quarantined-files.txt 2011-08-26 10:23 . Avant-CF: 99 993 837 568 octets libres Après-CF: 102 724 378 624 octets libres . WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn . - - End Of File - - DD36740573C5FC21794748CB07CA2FBF

Et voilà

Romain12 · le 26 Aoû 2011 13:18

Je vais être éloigné d'Internet jusqu'à dimanche soir ou lundi après-midi ! Je reviendrai pour vous dire...que je suis revenu

Encore merci pour toute l'aide que tout le monde m'apporte sur ce sympathique forum

jeanmimigab · le 26 Aoû 2011 17:01

Hello,

pas de soucis, prends ton temps :wink:

> crées un nouveau document texte sur ton bureau
> pour cela clic-droit sur le bureau > Nouveau > document texte > copies et colles le contenu de la citation ci-dessous à l'intérieur

KillAll::
ClearJavaCache::
File::
D:\Autorun.exe
D:\AUTORUN.INF
D:\AUTORUN.ini
D:\Bin\assetup.exe

Folder::
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\BoontyGames

Registry::
[-HEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F607AD2B-B04E-40F9-AF0C-0B8F048CCA3F}]
[-HEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0878F049-D33E-45E0-A157-C36A6683CF25}]
[-HEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1CD4E2DC-2DA0-4154-8723-38CB04FB6A58}]
[-HEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D0A339E-315D-4DFE-B4EE-DDD494BB31EA}]
[-HEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{201B9B37-848F-40BD-90EA-7B8F0AA89D6A}]
[-HEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{321F38B6-7E5F-470E-B58C-927523B7AF92}]
[-HEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5F4D3335-3194-4167-85AE-E7325F2695EF}]
[-HEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AA59202C-5E41-48FC-AF7D-324F5FD6A9F1}]
[-HEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CB5D474E-A510-40A4-B5A4-838933BCBA64}]
[-HEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FA1D6D8F-C6ED-4752-8512-A33283240130}]
[-HEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FBF65A16-C9AB-465E-AECE-D2D9D5AB5E60}]

ADS::
C:\Documents and Settings\All Users\Application Data\TEMP

Respectes à la lettre la procédure d'enregistrement suivante,c'est très important

> ensuite cliques sur "fichier" > "enregistrer sous..."
> dans la fenêtre d'enregistrement choisis le bureau comme destination > dans type choisis "tous les fichiers" > et dans nom du fichier tape CFScript.txt > ensuite cliques sur enregistrer et fermes le document texte.

> fais un glisser/déposer(clic-gauche enfoncé sur CFScrit.txt et tu fais glisser) de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur cette capture.

> une fenêtre bleue va apparaître >>suis les instructions
> patientes le temps du scan. Le bureau va disparaître à plusieurs reprises,c'est normal!
> ne touches à rien tant que le scan n'est pas terminé
> une fois le scan achevé, un rapport va s'afficher,postes son contenu dans ta prochaine réponse.
> si le rapport ne s'ouvre pas, il se trouve à cet emplacement C:\ComboFix.txt

@++

Romain12 · le 29 Aoû 2011 17:24

Bonjour me revoilà...

Voici le rapport :

Code: Tout sélectionner: ComboFix 11-08-25.05 - Renaud 2011-08-29 17:32:48.2.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1552 [GMT 2:00] Lancé depuis: c:\documents and settings\Renaud\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Renaud\Bureau\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . FILE :: "D:\Autorun.exe" "D:\AUTORUN.INF" "D:\AUTORUN.ini" "d:\bin\assetup.exe" . [i] ADS - TEMP: deleted 418 bytes in 3 streams. [/i] . ((((((((((((((((((((((((((((( Fichiers créés du 2011-07-28 au 2011-08-29 )))))))))))))))))))))))))))))))))))) . . 2071-07-25 08:13 . 2006-11-21 19:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe 2011-08-26 08:31 . 2011-08-26 08:31 -------- d-----w- C:\MyHosts 2011-08-24 08:57 . 2011-08-24 08:57 -------- d-----w- c:\program files\Ad-Remover 2011-08-23 09:56 . 2011-08-23 09:56 -------- d-----w- C:\_OTL 2011-08-11 16:00 . 2011-07-25 17:30 86016 ----a-w- c:\windows\system32\custmon32.dll 2011-08-11 16:00 . 2011-08-11 16:00 -------- d-----w- c:\program files\GPLGS 2011-08-11 15:58 . 2011-08-11 15:59 -------- d-----w- c:\program files\MyPDFConverter 2011-08-10 03:25 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-10 03:24 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2011-08-06 16:16 . 2011-08-06 16:16 -------- d-----w- C:\Sharing Downloads 2011-08-06 16:16 . 2004-03-08 22:00 131856 ----a-w- c:\windows\system32\MSADODC.ocx 2011-08-06 16:16 . 2000-12-05 22:00 109248 ----a-w- c:\windows\system32\MSWINSCK.OCX 2011-08-06 16:09 . 2011-08-06 16:09 -------- d-----w- c:\program files\Tomato 2011-08-06 16:09 . 2011-08-06 16:09 -------- d-----w- c:\documents and settings\Renaud\Application Data\PCF-VLC 2011-08-06 16:06 . 2011-08-06 16:06 -------- d-----w- c:\documents and settings\Renaud\Application Data\gtk-2.0 2011-08-06 16:02 . 2011-08-06 16:02 -------- d-----w- c:\documents and settings\Renaud\Application Data\Participatory Culture Foundation 2011-08-06 15:59 . 2011-08-06 15:59 -------- d-----w- c:\program files\Participatory Culture Foundation 2011-08-04 18:40 . 2011-08-04 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Big Fish Games 2011-08-04 18:21 . 2011-08-04 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-15 13:29 . 2002-08-28 23:59 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-09 08:21 . 2011-07-09 08:21 97280 ----a-r- c:\documents and settings\Renaud\Application Data\Microsoft\Installer\{A474EA56-5DBD-4181-8230-806A4762EA7F}\IconA474EA561.exe 2011-07-08 14:02 . 2001-08-28 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-06 17:52 . 2011-02-10 04:37 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 17:52 . 2011-02-10 04:37 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-24 14:10 . 2005-07-10 19:17 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:31 . 2002-08-29 09:45 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:31 . 2002-08-29 09:45 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-06-23 18:31 . 2002-08-29 09:44 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 12:05 . 2007-07-29 22:02 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2002-08-29 09:45 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-06-06 11:35 . 2002-08-29 09:32 1859072 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-28 68856] "EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE" [2003-09-11 99840] "Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2008-12-02 542136] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . c:\documents and settings\Renaud\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2011-2-11 110592] . c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2011-2-11 110592] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-4-30 394856] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] 2007-06-21 10:01 70952 ----a-r- c:\program files\Fichiers communs\AOL\ACS\AOLDial.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] 2006-11-17 13:16 50736 ----a-w- c:\program files\Fichiers communs\AOL\1164577703\ee\aolsoftware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ATI Smart"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "AOL ACS"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Fichiers communs\\AOL\\1164577703\\ee\\aolsoftware.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"= . R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2005-07-10 155136] R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2005-07-10 5248] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-05-18 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-02-07 307928] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-02-07 19544] R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [2008-02-27 137344] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-15 2218600] R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [2008-02-27 12032] S2 Giraffic;Giraffic Video Accelerator;c:\program files\Giraffic\GirafficWatchdog.exe --service --> c:\program files\Giraffic\GirafficWatchdog.exe --service [?] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664] S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [2005-07-11 36256] S3 cpuz134;cpuz134;c:\program files\pc_wizard\pcwiz_x32.sys [2011-02-10 20328] S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664] S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2008-06-11 30984] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-02-10 41272] S3 ovt530;Webcam Classic;c:\windows\system32\Drivers\ov530vid.sys --> c:\windows\system32\Drivers\ov530vid.sys [?] S3 SaiHFFB5;SaiHFFB5;c:\windows\system32\drivers\SaiHFFB5.sys [2008-06-11 56576] S3 SWUSBFLT;Pilote de filtre Microsoft SideWinder VIA;c:\windows\system32\drivers\SWUSBFLT.SYS [2010-05-03 3968] . Contenu du dossier 'Tâches planifiées' . 2011-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 12:22] . 2011-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 12:22] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ IE: Download Video on This Page - c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/211 IE: Download Video This Links To - c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/212 IE: {{11F19C45-9675-488A-A8E0-8E8234DC245D} - res://c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/211 Trusted Zone: localhost Trusted Zone: orange.fr\www TCP: DhcpNameServer = 192.168.1.1 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {F607AD2B-B04E-40F9-AF0C-0B8F048CCA3F} - hxxp://scripts.dlv4.com/binaries/egaccess4/egaccess4_1074_em_XP.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-29 18:07 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run EPSON Stylus Photo R300 Series = c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"?????m????????????Y:~????????????????p????????????????????Y:~????p???????????8???????????X?;~????p???????j?;~p??????????????|??????? . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'explorer.exe'(2884) c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Hercules\WebCam Station\PhotoImpression\share\pihook.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\wanmpsvc.exe c:\windows\system32\WgaTray.exe c:\windows\system32\wscntfy.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe . ************************************************************************** . Heure de fin: 2011-08-29 18:21:33 - La machine a redémarré ComboFix-quarantined-files.txt 2011-08-29 16:21 ComboFix2.txt 2011-08-26 10:23 . Avant-CF: 103 203 028 992 octets libres Après-CF: 103 239 766 016 octets libres . - - End Of File - - 7BF3109A195B8D89926CAFB4422C4E80

jeanmimigab · le 29 Aoû 2011 19:16

hello,

C'est beaucoup mieux, un dernier fix et ensuite dis moi comment se comporte le PC

Télécharges navilog1 de "Il-Mafioso" sur ton bureau .
Fais un double-clic navilog1 pour l'installer,dans la fenêtre qui s'ouvre choisie " 1 " pour la langue et appuis sur la touche "entrée" , suis les indications et fais le choixN°1(recherche/suppression automatique) et valides par "Entrée".
Une fois le scan terminé , appuies sur une touche, le rapport apparait,ensuite sauvegarde le sur ton bureau.
Copie et colle le rapport navilog1 ta prochaine réponse.
au cas ou, (si tu ne l'a pas enregistrer) Le rapport navilog1 est sauvegardé sur la racine du disque dans le dossier " navilog1" sous le nom Fixnavi.txt .

Problème de lenteur • page 3

Re: Problème de lenteur

Re: Problème de lenteur

Re: Problème de lenteur

Re: Problème de lenteur

Re: Problème de lenteur

Re: Problème de lenteur

Re: Problème de lenteur

Re: Problème de lenteur

Re: Problème de lenteur

Re: Problème de lenteur

Re: Problème de lenteur

Re: Problème de lenteur

Re: Problème de lenteur

Re: Problème de lenteur

Re: Problème de lenteur

Sujets similaires

Qui est en ligne