Il y a actuellement 689 visiteurs
Vendredi 22 Novembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

Virus dans c:\windows\explorer.exe

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

Virus dans c:\windows\explorer.exe

Message le 07 Sep 2010 10:24

Bonjour, depuis quelques jour mon antivirus Kaspersky Internet Security 11.0.1.400 m'affiche une infection dans mon ordinateur : c:\windows\explorer.exe
J
'ai beau essayer de "tout neutraliser " ou de mettre en quarantaine mais le problème subsiste toujours, j'ai essayer via Malwarebytes' anti-malware celui ma trouver ceci : C:\Users\flo\binternet.exe Objets Supprimés Application.StartPage!IK

Je ne pense pas qu'il s'agisse du virus dans windows explorer.
j'ai aussi essayer avec a-squared, il na rien trouver .

Bref je peux vous faire un scan de ma machine ou se genre de chose , tenez moi au courant

merci d'avance :)
Avatar de l'utilisateur
Firzen
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 100
Inscription: 13 Mar 2010 10:40
 


Re: Virus dans c:\windows\explorer.exe

Message le 07 Sep 2010 11:36

Bonjour

fait ceci pour commencer s.t.p

1-Désactive ton antivirus puis.


Télécharge ComboFix <ICI>>

Pour les Utilisateurs de VISTA: Clic-droit et choisis "Exécuter en tant qu'administrateur".
Pour VISTA : pas d'installation de la console de récupération.

>> Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée.

Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir préinstallée sur votre PC avant toute suppression de nuisibles.
Elle permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.

Suis les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela est demandé, accepte le Contrat de Licence Utilisateur Final pour l'installer.
>> Une fois sur ton bureau double clique dessus pour le lancer.
Note importante : Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.

Lorsque le scan sera complet, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt

>>Ne pas cliquer dans la fenêtre de Combofix durant l’analyse, ceci provoquerait le gel du programme
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: Virus dans c:\windows\explorer.exe

Message le 07 Sep 2010 21:18

Voici les résultats avec ComboFix :

Code: Tout sélectionner
 ComboFix 10-09-07.01 - Cricri 07/09/2010  21:32:38.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6002.2.1252.33.1036.18.2972.1425 [GMT 2:00]
Lancé depuis: c:\users\Cricri\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\hpe4B3.dll
c:\programdata\hpe63E2.dll
c:\windows\system32\Install.cmd

.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


(((((((((((((((((((((((((((((   Fichiers créés du 2010-08-07 au 2010-09-07  ))))))))))))))))))))))))))))))))))))
.

2010-09-07 19:44 . 2010-09-07 19:49   --------   d-----w-   c:\users\Cricri\AppData\Local\temp
2010-09-07 19:44 . 2010-09-07 19:44   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-09-07 07:04 . 2010-09-07 07:04   --------   d-----w-   c:\programdata\TomTom
2010-09-02 07:56 . 2010-09-02 07:56   --------   d-----w-   c:\program files\Gravity
2010-09-01 06:51 . 2010-09-01 06:51   --------   d-----w-   c:\users\Cricri\AppData\Local\EPS-FileDownloader
2010-09-01 06:51 . 2010-09-01 06:51   --------   d-----w-   c:\users\Cricri\AppData\Local\Apps
2010-09-01 06:51 . 2010-09-01 09:31   --------   d-----w-   c:\users\Cricri\AppData\Local\Deployment
2010-08-30 08:08 . 2010-08-30 08:08   --------   d-----w-   c:\users\Cricri\AppData\Roaming\Reallusion
2010-08-30 08:08 . 2010-08-30 08:08   --------   d-----w-   c:\users\Cricri\AppData\Roaming\tmp
2010-08-28 08:24 . 2010-08-27 13:10   21312   ----a-w-   c:\windows\system32\authuitu.dll
2010-08-28 08:24 . 2010-08-27 13:10   30016   ----a-w-   c:\windows\system32\uxtuneup.dll
2010-08-23 14:32 . 2006-07-12 12:39   208896   ----a-w-   c:\windows\system32\FFRafShellEx.dll
2010-08-23 14:32 . 2003-09-03 14:45   274432   ----a-w-   c:\windows\system32\FFTIFF16.dll
2010-08-23 14:32 . 2010-08-23 14:34   --------   d-----w-   c:\program files\FinePixViewer
2010-08-23 14:32 . 2004-07-24 19:28   155648   ----a-w-   c:\windows\system32\FFRAFLIB.DLL
2010-08-22 13:47 . 2010-08-22 13:47   --------   d-----w-   c:\users\Cricri\AppData\Roaming\Creative
2010-08-22 13:47 . 2010-08-22 13:47   --------   d-----w-   c:\programdata\Creative
2010-08-22 13:03 . 2010-08-22 13:03   --------   d-----w-   c:\users\Cricri\AppData\Roaming\TomTom
2010-08-22 13:03 . 2010-08-22 13:03   --------   d-----w-   c:\users\Cricri\AppData\Local\TomTom
2010-08-22 13:03 . 2010-08-22 13:03   --------   d-----w-   c:\program files\TomTom International B.V
2010-08-22 13:01 . 2010-08-22 13:01   --------   d-----w-   c:\program files\TomTom HOME 2
2010-08-22 12:48 . 2006-10-06 06:17   53248   ------w-   c:\windows\Ctregrun.exe
2010-08-22 12:44 . 2007-06-11 10:41   150528   ----a-w-   c:\windows\system32\VNIAPO32.dll
2010-08-22 12:44 . 2007-06-07 01:48   73728   ----a-w-   c:\windows\system32\V0410Aps.exe
2010-08-22 12:44 . 2007-06-05 05:38   130048   ----a-w-   c:\windows\system32\V0410Apv.dll
2010-08-22 12:44 . 2007-05-22 01:20   114688   ----a-w-   c:\windows\system32\V0410Afx.dll
2010-08-22 12:44 . 2006-12-27 03:15   64512   ----a-w-   c:\windows\system32\DaisyWrp.dll
2010-08-22 12:43 . 2007-06-14 01:52   90112   ----a-w-   c:\windows\CtDrvIns.exe
2010-08-22 12:43 . 2007-06-07 01:00   36864   ----a-w-   c:\windows\system32\V0410Pin.dll
2010-08-22 12:43 . 2007-06-07 01:00   32768   ----a-w-   c:\windows\V0410Mon.exe
2010-08-22 12:43 . 2007-06-07 01:00   307200   ----a-w-   c:\windows\system32\V0410Cvw.dll
2010-08-22 12:43 . 2007-06-07 01:00   24576   ----a-w-   c:\windows\V0410Cfg.exe
2010-08-22 12:43 . 2007-06-07 01:00   126976   ----a-w-   c:\windows\system32\V0410Vfw.dll
2010-08-22 12:43 . 2005-07-07 01:07   36864   ----a-w-   c:\windows\system32\CtCamMgr.dll
2010-08-22 12:43 . 2007-07-04 01:00   244672   ----a-w-   c:\windows\system32\drivers\V0410Dev.sys
2010-08-22 12:43 . 2007-06-07 01:00   32768   ----a-w-   c:\windows\system32\V0410Hwx.dll
2010-08-22 12:43 . 2007-06-07 01:00   24576   ----a-w-   c:\windows\system32\V0410Srv.exe
2010-08-22 12:43 . 2006-12-05 05:37   7168   ----a-w-   c:\windows\system32\drivers\V0410Vfx.sys
2010-08-22 12:43 . 2010-08-22 12:43   --------   d-----w-   c:\windows\CtDrvInstall
2010-08-22 12:39 . 2010-08-22 12:39   75   --sh--r-   c:\windows\CT4CET.bin
2010-08-22 12:38 . 2010-08-22 12:38   --------   d-----w-   c:\program files\Common Files\Reallusion
2010-08-22 12:36 . 2007-01-15 15:57   31616   ----a-w-   c:\windows\system32\drivers\livecamv.sys
2010-08-22 12:36 . 2010-08-22 12:36   --------   d-----w-   c:\program files\Common Files\Creative
2010-08-22 12:26 . 2006-08-29 08:11   1047552   ------w-   c:\windows\system32\MFC71u.dll
2010-08-22 12:26 . 2003-03-19 05:19   1060864   ------w-   c:\windows\system32\MFC71.DLL
2010-08-22 12:22 . 2010-08-22 12:48   --------   d-----w-   c:\program files\Creative
2010-08-22 12:06 . 2009-01-13 17:25   42000   ----a-w-   c:\windows\system32\drivers\aztech_npf32.sys
2010-08-22 12:05 . 2010-08-22 12:05   --------   d-----w-   c:\program files\Bewan Powerline E200
2010-08-22 11:41 . 2010-08-22 11:43   --------   d-----w-   c:\program files\FinePixViewerS
2010-08-22 11:40 . 2010-08-22 11:40   --------   d-----w-   c:\users\Cricri\AppData\Roaming\InstallShield
2010-08-22 11:39 . 2010-08-23 14:34   --------   d-----w-   c:\users\Cricri\AppData\Roaming\FUJIFILM
2010-08-22 11:31 . 2008-01-09 10:28   27632   ----a-w-   c:\windows\system32\drivers\seehcri.sys
2010-08-22 11:29 . 2010-08-22 11:29   --------   d-----w-   c:\program files\Avanquest update
2010-08-22 11:28 . 2010-08-22 11:28   --------   d-----w-   c:\programdata\BVRP Software
2010-08-22 11:28 . 2010-08-22 11:28   --------   d-----w-   c:\users\Cricri\AppData\Local\Sony Ericsson
2010-08-22 11:00 . 2010-08-22 11:30   --------   d-----w-   c:\program files\Sony Ericsson
2010-08-22 11:00 . 2010-08-22 11:00   --------   d-----w-   c:\programdata\Sony Ericsson
2010-08-22 08:50 . 2010-09-07 06:13   --------   d-----w-   c:\program files\Emsisoft Anti-Malware
2010-08-22 08:23 . 2010-08-22 08:23   --------   d-----w-   c:\program files\CamStudio
2010-08-22 08:23 . 2010-08-22 08:23   --------   d-----w-   c:\program files\Fake Webcam
2010-08-22 08:23 . 2010-08-22 08:23   --------   d-----w-   c:\program files\Common Files\fwc
2010-08-22 08:22 . 2010-08-22 09:30   --------   d-----w-   c:\program files\SMPlayer
2010-08-15 11:51 . 2010-08-15 11:51   95024   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
2010-08-15 11:48 . 2010-08-15 11:48   --------   d-----w-   c:\users\Cricri\AppData\Local\Sunbelt Software
2010-08-13 18:10 . 2010-06-16 16:04   905088   ----a-w-   c:\windows\system32\drivers\tcpip.sys

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 19:49 . 2010-02-14 14:05   --------   d-----w-   c:\programdata\Kaspersky Lab
2010-09-07 10:58 . 2010-02-14 14:50   --------   d-----w-   c:\users\Cricri\AppData\Roaming\uTorrent
2010-09-07 07:18 . 2010-01-23 20:33   --------   d-----w-   c:\users\Cricri\AppData\Roaming\Media Player Classic
2010-09-07 07:10 . 2008-01-21 08:40   679042   ----a-w-   c:\windows\system32\perfh00C.dat
2010-09-07 07:10 . 2008-01-21 08:40   126626   ----a-w-   c:\windows\system32\perfc00C.dat
2010-09-03 10:12 . 2010-09-03 10:12   0   ---ha-w-   c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-09-02 19:30 . 2010-06-28 17:47   288080   ----a-w-   c:\programdata\Kaspersky Lab\AVP11\Bases\avengine.dll
2010-09-02 19:29 . 2010-08-22 09:16   288080   ----a-w-   c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\av\kdb\i386\win\avengine.dll
2010-09-02 10:00 . 2010-02-14 18:32   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-08-31 10:48 . 2009-01-08 12:12   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-08-28 08:24 . 2010-02-14 13:18   --------   d-----w-   c:\program files\TuneUp Utilities 2010
2010-08-28 08:18 . 2009-10-19 17:14   --------   d-----w-   c:\program files\CCleaner
2010-08-27 13:16 . 2010-02-14 13:18   30528   ----a-w-   c:\windows\system32\TURegOpt.exe
2010-08-22 12:42 . 2009-01-08 12:11   --------   d-----w-   c:\program files\Common Files\InstallShield
2010-08-22 09:20 . 2010-08-22 09:20   125624   ----a-w-   c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\shellex.dll
2010-08-22 09:20 . 2010-08-22 09:20   113336   ----a-w-   c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\sbstart.exe
2010-08-22 09:20 . 2010-08-22 09:20   404152   ----a-w-   c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\mcouas.dll
2010-08-22 09:20 . 2010-08-22 09:20   166584   ----a-w-   c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\klwtblc.dll
2010-08-22 09:20 . 2010-02-14 14:06   97549   ----a-w-   c:\windows\system32\drivers\klick.dat
2010-08-22 09:20 . 2010-02-14 14:06   113933   ----a-w-   c:\windows\system32\drivers\klin.dat
2010-08-22 09:20 . 2010-08-22 09:20   129720   ----a-w-   c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\shellex.dll
2010-08-22 09:20 . 2010-08-22 09:20   113336   ----a-w-   c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\sbstart.exe
2010-08-22 09:20 . 2010-08-22 09:20   404152   ----a-w-   c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\mcouas.dll
2010-08-22 09:20 . 2010-08-22 09:20   170680   ----a-w-   c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\klwtblc.dll
2010-08-22 09:07 . 2010-02-14 14:04   --------   d-----w-   c:\programdata\Kaspersky Lab Setup Files
2010-08-22 09:06 . 2010-02-14 14:05   --------   d-----w-   c:\program files\Kaspersky Lab
2010-08-22 08:43 . 2010-02-14 15:01   --------   d-----w-   c:\programdata\Lavasoft
2010-08-15 11:26 . 2009-10-19 17:14   --------   d-----w-   c:\program files\Glary Utilities
2010-08-13 18:20 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2010-08-05 21:14 . 2010-02-14 14:25   --------   d-----w-   c:\program files\Microsoft.NET
2010-08-05 20:46 . 2009-10-20 15:04   --------   d-----w-   c:\program files\Java
2010-07-17 03:00 . 2010-08-05 20:46   423656   ----a-w-   c:\windows\system32\deployJava1.dll
2010-07-01 19:35 . 2010-07-01 19:35   228024   ----a-w-   c:\windows\system32\klogon.dll
2010-07-01 18:48 . 2010-07-01 18:48   68256   ----a-w-   c:\programdata\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.1.400\French\setup.exe
2010-07-01 06:06 . 2010-07-01 06:06   1037648   ----a-w-   c:\programdata\Kaspersky Lab\AVP11\Bases\klavasyswatch.dll
2010-06-30 05:06 . 2010-06-30 05:06   271696   ----a-w-   c:\programdata\Kaspersky Lab\AVP11\Bases\sys_critical_obj.dll
2010-06-26 06:05 . 2010-08-13 18:12   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-13 18:12   71680   ----a-w-   c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-13 18:12   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-13 18:12   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-13 18:12   2037760   ----a-w-   c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-13 18:12   36864   ----a-w-   c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-13 18:12   302080   ----a-w-   c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-13 18:12   144896   ----a-w-   c:\windows\system32\drivers\srv2.sys
2010-06-11 16:16 . 2010-08-13 18:12   274944   ----a-w-   c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-13 18:12   1248768   ----a-w-   c:\windows\system32\msxml3.dll
2006-06-15 18:33 . 2010-08-22 12:39   233472   ----a-w-   c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 16:43 . 2010-08-22 12:39   204895   ----a-w-   c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 12:41 . 2010-08-22 12:39   77824   ----a-w-   c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 11:10 . 2010-08-22 12:39   426081   ----a-w-   c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 10:19 . 2010-08-22 12:38   458752   ----a-w-   c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 16:35 . 2010-08-22 12:39   139264   ----a-w-   c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 09:10 . 2010-08-22 12:38   204800   ----a-w-   c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 09:42 . 2010-08-22 12:38   106496   ----a-w-   c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 09:22 . 2010-08-22 12:38   212992   ----a-w-   c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 09:21 . 2010-08-22 12:38   167936   ----a-w-   c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-04 6265376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944]
"Skytel"="Skytel.exe" [2008-08-04 1833504]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-07-01 357096]
"a-squared"="c:\program files\EMSISOFT ANTI-MALWARE\a2guard.exe" [2010-07-26 3634568]
"V0410Mon.exe"="c:\windows\V0410Mon.exe" [2007-06-07 32768]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2010-8-22 303104]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2010-8-23 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~2\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~2\kloehk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute   REG_MULTI_SZ      \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"SmpcSys"=c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SmpcSys"=c:\program files\Packard Bell\SetupMyPC\SmpSys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f6,e5,e5,e1,03,51,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2010-08-22 41816]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-05-05 11776]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2010-07-28 1935656]
S2 AEV0410;Creative Camera VF0410 APO service application;c:\windows\system32\V0410Aps.exe [2007-06-07 73728]
S2 ETService;Empowering Technology Service;c:\program files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [2008-07-16 24576]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2010-06-28 71008]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
getPlusHelper   REG_MULTI_SZ      getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'

2010-09-07 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-10-19 09:21]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23FFFFF0%3B&q={searchTerms}
uDefault_Search_URL = hxxp://www.google.com
uStart Page = hxxp://www.google.com
mStart Page = about:blank
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vp32&d=0609&m=easynote_mh36
IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Ajouter à l'Anti-bannière - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: chat-land.org
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Cricri\AppData\Roaming\Mozilla\Firefox\Profiles\c6j1wr9m.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23FFFFF0%3B&q=
FF - component: c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-07 21:49
Windows 6.0.6002 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Heure de fin: 2010-09-07  21:57:09 - La machine a redémarré
ComboFix-quarantined-files.txt  2010-09-07 19:56

Avant-CF: 392 871 698 432 octets libres
Après-CF: 394 218 102 784 octets libres

- - End Of File - - 271B9BBBB6816D9BF5FE6EF6B59FCA9D


Maintenant avec OTL :

Code: Tout sélectionner
 OTL logfile created on: 07/09/2010 12:58:55 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Cricri\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,76 Gb Total Space | 366,01 Gb Free Space | 80,84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC-DE-CRICRI
Current User Name: Cricri
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/09/07 11:27:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Cricri\Downloads\OTL.exe
PRC - [2010/08/27 15:15:18 | 000,743,232 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010/08/27 15:13:36 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2010/08/24 11:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/05 23:16:16 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/08/05 23:16:13 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/28 15:49:04 | 001,935,656 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2010/07/01 21:39:08 | 000,357,096 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010/07/01 21:34:46 | 000,129,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
PRC - [2009/04/30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/08/04 11:16:46 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/07/16 14:00:00 | 000,024,576 | ---- | M] () -- C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
PRC - [2008/01/21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/06/07 14:01:38 | 000,155,648 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
PRC - [2007/06/07 03:48:32 | 000,073,728 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\V0410Aps.exe
PRC - [2007/06/07 03:00:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0410Mon.exe
PRC - [2007/01/30 12:02:28 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Program Files\FinePixViewerS\QuickDCF2.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/09/07 11:27:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Cricri\Downloads\OTL.exe
MOD - [2010/08/30 12:45:55 | 000,211,432 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll
MOD - [2009/04/11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe -- (Norton Internet Security)
SRV - File not found [Unknown | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2010/08/28 10:24:35 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/08/27 15:13:36 | 001,051,968 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/08/27 15:10:46 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/08/24 11:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/07/28 15:49:04 | 001,935,656 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2010/07/01 21:39:08 | 000,357,096 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/29 11:22:50 | 030,603,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/09/26 05:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/09/25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/04/30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/01/08 14:27:35 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/16 14:00:00 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008/02/03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/06/07 03:48:32 | 000,073,728 | ---- | M] (Creative Technology Ltd.) [Auto | Running] -- C:\Windows\System32\V0410Aps.exe -- (AEV0410)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\System32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG)
DRV - File not found [File_System | Boot | Stopped] -- C:\Windows\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/08/22 11:02:26 | 000,041,816 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
DRV - [2010/06/28 14:13:32 | 000,071,008 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys -- (a2acc)
DRV - [2010/06/22 19:23:54 | 000,495,192 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (kl1)
DRV - [2010/05/05 09:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
DRV - [2010/04/22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2010/01/12 06:42:22 | 000,241,696 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/11/02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/10/14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/04/11 06:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2009/02/13 21:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2009/01/13 19:25:32 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aztech_npf32.sys -- (NPF)
DRV - [2008/11/04 10:52:38 | 000,114,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2008/11/04 10:52:38 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2008/11/04 10:52:38 | 000,086,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2008/11/04 10:52:38 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2008/11/04 10:52:38 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/11/04 10:52:36 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2008/11/04 10:52:36 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2008/08/04 11:02:46 | 002,161,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/29 05:48:56 | 000,418,816 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28.sys -- (netr28)
DRV - [2008/07/16 13:56:06 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/07/11 04:20:10 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/05/16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008/04/28 00:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Pilote de carte Intel(R)
DRV - [2008/02/20 22:01:08 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/01/21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007/07/04 03:00:00 | 000,244,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0410Dev.sys -- (V0410Dev)
DRV - [2007/06/08 04:53:56 | 000,187,448 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/01/15 17:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006/12/05 07:37:46 | 000,007,168 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0410Vfx.sys -- (V0410Vfx)
DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vp32&d=0609&m=easynote_mh36
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3290985414-2491933689-948497203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-3290985414-2491933689-948497203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3290985414-2491933689-948497203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.cherche.us
IE - HKU\S-1-5-21-3290985414-2491933689-948497203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3290985414-2491933689-948497203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3290985414-2491933689-948497203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = cherche.us
IE - HKU\S-1-5-21-3290985414-2491933689-948497203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23FFFFF0%3B&q={searchTerms}
IE - HKU\S-1-5-21-3290985414-2491933689-948497203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3290985414-2491933689-948497203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.com
IE - HKU\S-1-5-21-3290985414-2491933689-948497203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3290985414-2491933689-948497203-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..keyword.URL: "http://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23FFFFF0%3B&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/22 14:39:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/22 14:39:54 | 000,000,000 | ---D | M]
 
[2010/08/22 15:03:32 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\mozilla\Extensions
[2010/08/22 15:03:32 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010/09/07 08:24:24 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\mozilla\Firefox\Profiles\c6j1wr9m.default\extensions
[2010/08/28 11:06:27 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Cricri\AppData\Roaming\mozilla\Firefox\Profiles\c6j1wr9m.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/08/18 16:19:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Cricri\AppData\Roaming\mozilla\Firefox\Profiles\c6j1wr9m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/23 18:30:29 | 000,001,575 | ---- | M] () -- C:\Users\Cricri\AppData\Roaming\Mozilla\FireFox\Profiles\c6j1wr9m.default\searchplugins\cherche.xml
[2010/09/02 10:22:33 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/08/05 22:46:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/22 11:07:39 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010/08/22 11:07:33 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/08/05 23:16:19 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/08/05 23:16:19 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/08/05 23:16:19 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/08/05 23:16:19 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/08/05 23:16:19 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [a-squared] C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [V0410Mon.exe] C:\Windows\V0410Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3290985414-2491933689-948497203-1000..\Run: [Creative Live! Cam Manager] C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-3290985414-2491933689-948497203-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O7 - HKU\S-1-5-21-3290985414-2491933689-948497203-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3290985414-2491933689-948497203-1000\..Trusted Domains: chat-land.org ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\Cricri\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Cricri\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{33a75fe1-ba46-11df-b2f4-00238be9625c}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{3fab81ba-8996-11df-9986-00238be9625c}\Shell - "" = AutoRun
O33 - MountPoints2\{3fab81ba-8996-11df-9986-00238be9625c}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{449b0a21-085d-11df-ab63-0017c4986335}\Shell - "" = AutoRun
O33 - MountPoints2\{449b0a21-085d-11df-ab63-0017c4986335}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{ce1423cf-6396-11de-8aae-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ce1423cf-6396-11de-8aae-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/09/07 09:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom
[2010/09/02 09:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Gravity
[2010/09/01 08:51:52 | 000,000,000 | ---D | C] -- C:\Users\Cricri\AppData\Local\EPS-FileDownloader
[2010/09/01 08:51:05 | 000,000,000 | ---D | C] -- C:\Users\Cricri\AppData\Local\Apps
[2010/09/01 08:51:04 | 000,000,000 | ---D | C] -- C:\Users\Cricri\AppData\Local\Deployment
[2010/08/30 10:08:20 | 000,000,000 | ---D | C] -- C:\Users\Cricri\AppData\Roaming\Reallusion
[2010/08/30 10:08:19 | 000,000,000 | ---D | C] -- C:\Users\Cricri\AppData\Roaming\tmp
[2010/08/28 10:24:37 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010/08/28 10:24:37 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010/08/23 18:01:14 | 000,000,000 | ---D | C] -- C:\Users\Cricri\Documents\Sony Ericsson
[2010/08/23 16:32:57 | 000,274,432 | ---- | C] (FUJI PHOTO FILM CO., LTD.) -- C:\Windows\System32\FFTIFF16.dll
[2010/08/23 16:32:57 | 000,208,896 | ---- | C] (FUJI PHOTO FILM CO., LTD.) -- C:\Windows\System32\FFRafShellEx.dll
[2010/08/23 16:32:56 | 000,155,648 | ---- | C] (FUJI PHOTO FILM CO., LTD.) -- C:\Windows\System32\FFRAFLIB.DLL
[2010/08/23 16:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\FinePixViewer
[2010/08/22 15:47:35 | 000,000,000 | ---D | C] -- C:\Users\Cricri\AppData\Roaming\Creative
[2010/08/22 15:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2010/08/22 15:24:38 | 000,000,000 | ---D | C] -- C:\Users\Cricri\Documents\Anti-Malware
[2010/08/22 15:04:22 | 000,000,000 | ---D | C] -- C:\Users\Cricri\Documents\TomTom
[2010/08/22 15:03:25 | 000,000,000 | ---D | C] -- C:\Users\Cricri\AppData\Roaming\TomTom
[2010/08/22 15:03:25 | 000,000,000 | ---D | C] -- C:\Users\Cricri\AppData\Local\TomTom
[2010/08/22 15:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2010/08/22 15:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2010/08/22 14:48:14 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mscomct2.ocx
[2010/08/22 14:48:13 | 000,053,248 | ---- | C] (Creative Technology Ltd ) -- C:\Windows\Ctregrun.exe
[2010/08/22 14:44:40 | 000,150,528 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\VNIAPO32.dll
[2010/08/22 14:44:40 | 000,130,048 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0410Apv.dll
[2010/08/22 14:44:40 | 000,114,688 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0410Afx.dll
[2010/08/22 14:44:40 | 000,073,728 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0410Aps.exe
[2010/08/22 14:44:40 | 000,064,512 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\DaisyWrp.dll
[2010/08/22 14:43:59 | 000,307,200 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0410Cvw.dll
[2010/08/22 14:43:59 | 000,126,976 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0410Vfw.dll
[2010/08/22 14:43:59 | 000,102,400 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0410Ext.ax
[2010/08/22 14:43:59 | 000,090,112 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\CtDrvIns.exe
[2010/08/22 14:43:59 | 000,036,864 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0410Pin.dll
[2010/08/22 14:43:59 | 000,036,864 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\CtCamMgr.dll
[2010/08/22 14:43:59 | 000,032,768 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\V0410Mon.exe
[2010/08/22 14:43:59 | 000,024,576 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\V0410Cfg.exe
[2010/08/22 14:43:59 | 000,024,576 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\CtCamPin.crl
[2010/08/22 14:43:58 | 000,244,672 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\V0410Dev.sys
[2010/08/22 14:43:58 | 000,163,840 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0410Cvw.crl
[2010/08/22 14:43:58 | 000,032,768 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0410Hwx.dll
[2010/08/22 14:43:58 | 000,024,576 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0410Srv.exe
[2010/08/22 14:43:58 | 000,020,480 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0410Ext.crl
[2010/08/22 14:43:58 | 000,007,168 | ---- | C] (EyePower Games Pte. Ltd.) -- C:\Windows\System32\drivers\V0410Vfx.sys
[2010/08/22 14:43:42 | 000,000,000 | ---D | C] -- C:\Windows\CtDrvInstall
[2010/08/22 14:39:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion
[2010/08/22 14:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Reallusion
[2010/08/22 14:36:24 | 005,627,904 | ---- | C] (Reallusion Inc.) -- C:\Windows\System32\LiveCamVirtual.ocx
[2010/08/22 14:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative
[2010/08/22 14:26:29 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71u.dll
[2010/08/22 14:26:27 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71.DLL
[2010/08/22 14:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2010/08/22 14:06:57 | 000,042,000 | ---- | C] (CACE Technologies) -- C:\Windows\System32\drivers\aztech_npf32.sys
[2010/08/22 14:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bewan Powerline E200
[2010/08/22 13:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\FinePixViewerS
[2010/08/22 13:40:39 | 000,000,000 | ---D | C] -- C:\Users\Cricri\AppData\Roaming\InstallShield
[2010/08/22 13:39:43 | 000,000,000 | ---D | C] -- C:\Users\Cricri\AppData\Roaming\FUJIFILM
[2010/08/22 13:31:30 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe4B3.dll
[2010/08/22 13:31:04 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\seehcri.sys
[2010/08/22 13:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\Avanquest update
[2010/08/22 13:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software
[2010/08/22 13:28:05 | 000,000,000 | ---D | C] -- C:\Users\Cricri\AppData\Local\Sony Ericsson
[2010/08/22 13:01:20 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe63E2.dll
[2010/08/22 13:01:17 | 000,109,736 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s1018unic.sys
[2010/08/22 13:01:17 | 000,104,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s1018obex.sys
[2010/08/22 13:01:17 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s1018whnt.sys
[2010/08/22 13:01:17 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s1018wh.sys
[2010/08/22 13:01:16 | 000,114,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s1018mdm.sys
[2010/08/22 13:01:16 | 000,108,328 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s1018mgmt.sys
[2010/08/22 13:01:16 | 000,086,696 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s1018bus.sys
[2010/08/22 13:01:16 | 000,026,024 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s1018nd5.sys
[2010/08/22 13:01:16 | 000,015,016 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s1018mdfl.sys
[2010/08/22 13:01:16 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s1018cmnt.sys
[2010/08/22 13:01:16 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s1018cm.sys
[2010/08/22 13:01:16 | 000,010,792 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s1018cr.sys
[2010/08/22 13:01:15 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0016whnt.sys
[2010/08/22 13:01:15 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0016wh.sys
[2010/08/22 13:01:14 | 000,089,256 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0016bus.sys
[2010/08/22 13:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2010/08/22 13:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2010/08/22 10:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2010/08/22 10:23:49 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010/08/22 10:23:19 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX
[2010/08/22 10:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\fwc
[2010/08/22 10:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Fake Webcam
[2010/08/22 10:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\SMPlayer
[2010/08/15 13:51:01 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/08/15 13:48:27 | 000,000,000 | ---D | C] -- C:\Users\Cricri\AppData\Local\Sunbelt Software
[2010/08/13 20:12:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/08/13 20:12:44 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/08/13 20:12:44 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/08/13 20:12:44 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/08/13 20:12:44 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/08/13 20:12:44 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/13 20:12:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/08/13 20:12:44 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/13 20:12:44 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/08/13 20:12:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/08/13 20:12:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/08/13 20:12:44 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/08/13 20:12:44 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/08/13 20:12:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/08/13 20:12:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/13 20:12:42 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/13 20:12:36 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/13 20:12:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/13 20:12:23 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/13 20:12:22 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/09/07 12:58:58 | 001,572,864 | -HS- | M] () -- C:\Users\Cricri\NTUSER.DAT
[2010/09/07 12:07:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/07 12:07:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/07 10:38:15 | 000,100,352 | ---- | M] () -- C:\Users\Cricri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/07 09:10:30 | 001,495,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/07 09:10:30 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/09/07 09:10:30 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/07 09:10:30 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/09/07 09:10:30 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/07 08:09:07 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/09/07 08:07:52 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010/09/07 08:07:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/07 08:07:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/03 23:15:58 | 000,524,288 | -HS- | M] () -- C:\Users\Cricri\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/09/03 23:15:58 | 000,065,536 | -HS- | M] () -- C:\Users\Cricri\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/09/03 23:15:24 | 002,092,560 | -H-- | M] () -- C:\Users\Cricri\AppData\Local\IconCache.db
[2010/09/03 12:12:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/09/02 10:09:15 | 000,001,920 | ---- | M] () -- C:\Users\Cricri\Desktop\Ragnarok.lnk
[2010/09/02 10:09:15 | 000,001,915 | ---- | M] () -- C:\Users\Cricri\Desktop\Setup.lnk
[2010/09/01 11:43:09 | 915,789,317 | ---- | M] () -- C:\Users\Cricri\Desktop\RagnarokOnline_11.2a.exe
[2010/08/28 10:24:32 | 000,001,876 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Maintenance en 1 clic.lnk
[2010/08/28 10:24:32 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010/08/28 10:18:12 | 000,000,811 | ---- | M] () -- C:\Users\Cricri\Desktop\CCleaner.lnk
[2010/08/27 15:16:00 | 000,030,528 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010/08/27 15:10:56 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010/08/27 15:10:46 | 000,030,016 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010/08/26 17:25:07 | 000,459,627 | ---- | M] () -- C:\Users\Cricri\Desktop\Virement loyer.docx
[2010/08/26 17:24:29 | 000,002,673 | ---- | M] () -- C:\Users\Cricri\Desktop\Microsoft Word 2010.lnk
[2010/08/25 17:29:09 | 000,460,651 | ---- | M] () -- C:\Users\Cricri\Desktop\PAGE CE VIREMENT LOYER MENSUEL.docx
[2010/08/23 18:41:45 | 000,000,011 | ---- | M] () -- C:\Users\Cricri\logie
[2010/08/23 18:41:45 | 000,000,011 | ---- | M] () -- C:\Users\Cricri\logff
[2010/08/23 18:30:29 | 000,000,451 | ---- | M] () -- C:\Users\Cricri\scriptjava.html
[2010/08/23 18:30:28 | 000,000,114 | ---- | M] () -- C:\Users\Cricri\Application Data\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL
[2010/08/23 18:29:29 | 000,000,015 | ---- | M] () -- C:\Users\Cricri\prncnfgd
[2010/08/23 16:33:11 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\FinePixViewer.lnk
[2010/08/23 16:33:11 | 000,001,747 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk
[2010/08/22 15:03:19 | 000,000,713 | ---- | M] () -- C:\Users\Cricri\Desktop\TomTom HOME 2.lnk
[2010/08/22 14:39:59 | 000,000,075 | RHS- | M] () -- C:\Windows\CT4CET.bin
[2010/08/22 14:05:26 | 000,001,944 | ---- | M] () -- C:\Users\Cricri\Desktop\Utilitaire Bewan Powerline E200.lnk
[2010/08/22 13:42:29 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Guide de l'utilisateur.lnk
[2010/08/22 13:42:29 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\FinePixViewer S.lnk
[2010/08/22 13:41:43 | 000,000,651 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Exif Launcher S.lnk
[2010/08/22 13:31:39 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Sony Ericsson PC Suite 6.0.lnk
[2010/08/22 13:31:32 | 000,148,736 | ---- | M] (Avanquest Software) -- C:\ProgramData\hpe4B3.dll
[2010/08/22 13:01:20 | 000,148,736 | ---- | M] (Avanquest Software) -- C:\ProgramData\hpe63E2.dll
[2010/08/22 11:20:13 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010/08/22 11:20:13 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010/08/22 11:05:24 | 000,000,990 | ---- | M] () -- C:\Users\Cricri\Desktop\Kaspersky Internet Security 2011.lnk
[2010/08/22 10:50:53 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/22 10:50:30 | 000,000,841 | ---- | M] () -- C:\Users\Cricri\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2010/08/22 10:50:30 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2010/08/22 10:37:36 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\SMPlayer.lnk
[2010/08/22 10:23:52 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\CamStudio.lnk
[2010/08/22 10:23:19 | 000,000,818 | ---- | M] () -- C:\Users\Cricri\Application Data\Microsoft\Internet Explorer\Quick Launch\Fake Webcam (No Preview Mode).lnk
[2010/08/22 10:23:19 | 000,000,808 | ---- | M] () -- C:\Users\Cricri\Application Data\Microsoft\Internet Explorer\Quick Launch\Fake Webcam.lnk
[2010/08/22 10:23:19 | 000,000,784 | ---- | M] () -- C:\Users\Cricri\Desktop\Fake Webcam.lnk
[2010/08/15 13:51:00 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/08/14 13:13:30 | 000,000,828 | ---- | M] () -- C:\Users\Cricri\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2010/08/14 13:13:30 | 000,000,804 | ---- | M] () -- C:\Users\Cricri\Desktop\Glary Utilities.lnk
[2010/08/13 20:36:25 | 000,385,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/09/03 12:12:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/09/02 10:09:15 | 000,001,920 | ---- | C] () -- C:\Users\Cricri\Desktop\Ragnarok.lnk
[2010/09/02 10:09:15 | 000,001,915 | ---- | C] () -- C:\Users\Cricri\Desktop\Setup.lnk
[2010/09/01 08:51:58 | 915,789,317 | ---- | C] () -- C:\Users\Cricri\Desktop\RagnarokOnline_11.2a.exe
[2010/08/26 17:25:07 | 000,459,627 | ---- | C] () -- C:\Users\Cricri\Desktop\Virement loyer.docx
[2010/08/25 17:29:08 | 000,460,651 | ---- | C] () -- C:\Users\Cricri\Desktop\PAGE CE VIREMENT LOYER MENSUEL.docx
[2010/08/23 18:30:37 | 000,000,011 | ---- | C] () -- C:\Users\Cricri\logie
[2010/08/23 18:30:37 | 000,000,011 | ---- | C] () -- C:\Users\Cricri\logff
[2010/08/23 18:30:29 | 000,000,451 | ---- | C] () -- C:\Users\Cricri\scriptjava.html
[2010/08/23 18:30:28 | 000,000,114 | ---- | C] () -- C:\Users\Cricri\Application Data\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL
[2010/08/23 18:29:29 | 000,000,015 | ---- | C] () -- C:\Users\Cricri\prncnfgd
[2010/08/23 16:33:11 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\FinePixViewer.lnk
[2010/08/23 16:33:11 | 000,001,747 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk
[2010/08/22 15:03:19 | 000,000,713 | ---- | C] () -- C:\Users\Cricri\Desktop\TomTom HOME 2.lnk
[2010/08/22 14:50:35 | 000,007,062 | ---- | C] () -- C:\Windows\System32\audiopid.vxd
[2010/08/22 14:43:59 | 000,188,891 | ---- | C] () -- C:\Windows\System32\V0410Cvw.bff
[2010/08/22 14:43:59 | 000,057,656 | ---- | C] () -- C:\Windows\System32\drivers\V0410PC.bmp
[2010/08/22 14:43:59 | 000,005,711 | ---- | C] () -- C:\Windows\VF0410.uns
[2010/08/22 14:39:59 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/08/22 14:36:24 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\livecamv.sys
[2010/08/22 14:05:26 | 000,001,944 | ---- | C] () -- C:\Users\Cricri\Desktop\Utilitaire Bewan Powerline E200.lnk
[2010/08/22 13:42:29 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Guide de l'utilisateur.lnk
[2010/08/22 13:42:29 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\FinePixViewer S.lnk
[2010/08/22 13:41:43 | 000,000,651 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Exif Launcher S.lnk
[2010/08/22 13:31:39 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Sony Ericsson PC Suite 6.0.lnk
[2010/08/22 11:07:38 | 000,000,990 | ---- | C] () -- C:\Users\Cricri\Desktop\Kaspersky Internet Security 2011.lnk
[2010/08/22 10:50:30 | 000,000,841 | ---- | C] () -- C:\Users\Cricri\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2010/08/22 10:50:30 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2010/08/22 10:23:52 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\CamStudio.lnk
[2010/08/22 10:23:19 | 000,000,818 | ---- | C] () -- C:\Users\Cricri\Application Data\Microsoft\Internet Explorer\Quick Launch\Fake Webcam (No Preview Mode).lnk
[2010/08/22 10:23:19 | 000,000,808 | ---- | C] () -- C:\Users\Cricri\Application Data\Microsoft\Internet Explorer\Quick Launch\Fake Webcam.lnk
[2010/08/22 10:23:19 | 000,000,784 | ---- | C] () -- C:\Users\Cricri\Desktop\Fake Webcam.lnk
[2010/08/22 10:23:00 | 000,000,811 | ---- | C] () -- C:\Users\Public\Desktop\SMPlayer.lnk
[2010/07/08 10:11:19 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/05/31 18:31:42 | 000,000,680 | ---- | C] () -- C:\Users\Cricri\AppData\Local\d3d9caps.dat
[2010/01/23 22:32:08 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/01/23 22:32:06 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010/01/23 22:32:06 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/01/23 22:32:06 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/01/23 22:32:04 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/01/23 22:32:04 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2010/01/23 22:27:27 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/12/05 16:26:00 | 000,100,352 | ---- | C] () -- C:\Users\Cricri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/10/19 21:15:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/28 06:00:54 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009/01/08 21:47:57 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/01/08 21:47:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/08/23 16:34:08 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\FUJIFILM
[2009/10/19 19:19:19 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\GlarySoft
[2009/10/19 18:30:20 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\Packard Bell
[2010/08/30 10:08:19 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\tmp
[2010/08/22 15:03:25 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\TomTom
[2010/02/14 15:18:07 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\TuneUp Software
[2010/09/07 12:58:40 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\uTorrent
[2010/09/07 08:09:07 | 000,000,314 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2010/09/03 23:16:10 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2008/01/21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008/01/21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009/04/11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009/04/11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009/04/11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006/11/02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys
 
[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2009/04/11 08:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 08:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 08:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/21 04:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/21 04:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 11:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys
 
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2009/04/11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009/04/11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2008/01/21 04:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2008/01/21 04:24:19 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=147D7F9C556D259924351FEB0DE606C3 -- C:\Windows\System32\drivers\rasacd.sys
[2008/01/21 04:24:19 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=147D7F9C556D259924351FEB0DE606C3 -- C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasacd.sys
 
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2009/04/11 06:51:27 | 000,180,736 | ---- | M] (Microsoft Corporation) MD5=30BFBDFB7F95559EDE971F9DDB9A00BA -- C:\Windows\System32\drivers\rdpwd.sys
[2009/04/11 06:51:27 | 000,180,736 | ---- | M] (Microsoft Corporation) MD5=30BFBDFB7F95559EDE971F9DDB9A00BA -- C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.0.6002.18005_none_4d610153d22453a6\rdpwd.sys
[2008/01/21 04:24:49 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=E1C18F4097A5ABCEC941DC4B2F99DB7E -- C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.0.6001.18000_none_4b758847d502885a\rdpwd.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2008/01/21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2006/11/02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=46ED8E91793B2E6F848015445A0AC188 -- C:\Windows\System32\drivers\sfloppy.sys
[2006/11/02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=46ED8E91793B2E6F848015445A0AC188 -- C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_7a4ca8e4\sfloppy.sys
[2008/01/21 04:23:20 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=C33BFBD6E9E41FCD9FFEF9729E9FAED6 -- C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_36da1340\sfloppy.sys
[2008/01/21 04:23:20 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=C33BFBD6E9E41FCD9FFEF9729E9FAED6 -- C:\Windows\winsxs\x86_flpydisk.inf_31bf3856ad364e35_6.0.6001.18000_none_e70a102d7a7bbf43\sfloppy.sys
 
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2008/01/21 04:24:08 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=5DCF5E267BE67A1AE926F2DF77FBCC56 -- C:\Windows\System32\drivers\tdpipe.sys
[2008/01/21 04:24:08 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=5DCF5E267BE67A1AE926F2DF77FBCC56 -- C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.0.6001.18000_none_dbac376c44b742d7\tdpipe.sys
 
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2008/01/21 04:24:08 | 000,029,184 | ---- | M] (Microsoft Corporation) MD5=389C63E32B3CEFED425B61ED92D3F021 -- C:\Windows\System32\drivers\tdtcp.sys
[2008/01/21 04:24:08 | 000,029,184 | ---- | M] (Microsoft Corporation) MD5=389C63E32B3CEFED425B61ED92D3F021 -- C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.0.6001.18000_none_dbac376c44b742d7\tdtcp.sys
 
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2006/11/02 11:14:58 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=B51E52ACF758BE00EF3A58EA452FE360 -- C:\Windows\System32\drivers\usbprint.sys
[2006/11/02 11:14:58 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=B51E52ACF758BE00EF3A58EA452FE360 -- C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_35521f61\usbprint.sys
[2008/01/21 04:23:22 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=E75C4B5269091D15A2E7DC0B6D35F2F5 -- C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_29f90369\usbprint.sys
[2008/01/21 04:23:22 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=E75C4B5269091D15A2E7DC0B6D35F2F5 -- C:\Windows\winsxs\x86_usbprint.inf_31bf3856ad364e35_6.0.6001.18000_none_32f9c26ac169fb1e\usbprint.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_0bb72b9f\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_67b3f94c\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\winsxs\x86_sti.inf_31bf3856ad364e35_6.0.6001.18000_none_59ded168e0c6a0d3\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\winsxs\x86_sti.inf_31bf3856ad364e35_6.0.6002.18005_none_5bca4a74dde86c1f\usbscan.sys
[2006/11/02 11:14:17 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=B1F95285C08DDFE00C0B955462637EC7 -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_727905e0\usbscan.sys
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2010/07/01 21:35:12 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\klogon.dll
[2008/01/21 04:24:11 | 001,386,496 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\msvbvm60.dll
[2009/04/11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\rsaenh.dll
[2009/04/11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\SLC.dll
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]
< End of report >



voila si tu a besoin d'autres choses dis le moi .
Avatar de l'utilisateur
Firzen
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 100
Inscription: 13 Mar 2010 10:40
 

Re: Virus dans c:\windows\explorer.exe

Message le 08 Sep 2010 11:49

OK fait ceci et dis moi après si tu as toujours cette alerte.


* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case " Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

Code: Tout sélectionner
:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe -- (Norton Internet Security) 
SRV - File not found [Unknown | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)     
DRV - File not found [File_System | System | Stopped] -- C:\Windows\System32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)     
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15)   
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG) 
DRV - File not found [File_System | Boot | Stopped] -- C:\Windows\System32\DRIVERS\Lbd.sys -- (Lbd)   
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
IE - HKU\S-1-5-21-3290985414-2491933689-948497203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT   
IE - HKU\S-1-5-21-3290985414-2491933689-948497203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.cherche.us
IE - HKU\S-1-5-21-3290985414-2491933689-948497203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = cherche.us
FF - prefs.js..keyword.URL: "http://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23F
:Commands
[emptytemp]



* Cliques sur l'icône Correction (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: Virus dans c:\windows\explorer.exe

Message le 08 Sep 2010 21:08

voici les résultats du scan :

Code: Tout sélectionner
 All processes killed
========== OTL ==========
Service Norton Internet Security stopped successfully!
Service Norton Internet Security deleted successfully!
File C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe not found.
Service getPlusHelper stopped successfully!
Service getPlusHelper deleted successfully!
File C:\Program Files\NOS\bin\getPlus_Helper.dll not found.
Service SRTSPX stopped successfully!
Service SRTSPX deleted successfully!
File C:\Windows\System32\drivers\NIS\1000000.07D\SRTSPX.SYS not found.
Service SRTSP stopped successfully!
Service SRTSP deleted successfully!
File C:\Windows\System32\drivers\NIS\1000000.07D\SRTSP.SYS not found.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File C:\Windows\System32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File C:\Windows\System32\DRIVERS\nwlnkflt.sys not found.
Service NAVEX15 stopped successfully!
Service NAVEX15 deleted successfully!
File C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS not found.
Service NAVENG stopped successfully!
Service NAVENG deleted successfully!
File C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS not found.
Service Lbd stopped successfully!
Service Lbd deleted successfully!
File C:\Windows\System32\DRIVERS\Lbd.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File C:\Windows\System32\DRIVERS\ipinip.sys not found.
HKU\S-1-5-21-3290985414-2491933689-948497203-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
HKU\S-1-5-21-3290985414-2491933689-948497203-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3290985414-2491933689-948497203-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
Prefs.js: "http://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23F removed from keyword.URL
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Cricri
->Temp folder emptied: 62013 bytes
->Temporary Internet Files folder emptied: 68848 bytes
->Java cache emptied: 28826986 bytes
->FireFox cache emptied: 40611362 bytes
->Flash cache emptied: 2913 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 108527 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 66,00 mb
 
 
OTL by OldTimer - Version 3.2.11.0 log created on 09082010_125517

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


par contre j'ai toujours la détection du virus via kaspersky
et maintenant j'ai aussi combofix en menace xD
Avatar de l'utilisateur
Firzen
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 100
Inscription: 13 Mar 2010 10:40
 

Re: Virus dans c:\windows\explorer.exe

Message le 09 Sep 2010 11:54

par contre j'ai toujours la détection du virus via kaspersky
et maintenant j'ai aussi combofix en menace xD


Pas de soucis pôur combofix tu peux le supprimer maintenant comme ceci.


Cliquez sur Démarrer > Exécuter et copiez/collez le texte en gras ci-dessous dans la zone de saisie :
ComboFix /Uninstall

Puis cliquez sur OK


Ensuite tu as juste ceci comme adresse de détection : "c:\windows\explorer.exe"

si oui fait ceci.

Relance OTL et mets ceci comme script.



* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL " Personnalisation"

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
wininit.exe
userinit.exe
winlogon.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT



* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: Virus dans c:\windows\explorer.exe

Message le 09 Sep 2010 20:32

Code: Tout sélectionner
 OTL logfile created on: 09/09/2010 20:42:27 - Run 2
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Cricri\Downloads\Logiciel Telecharger
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,76 Gb Total Space | 365,74 Gb Free Space | 80,78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC-DE-CRICRI
Current User Name: Cricri
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/09/08 13:00:13 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/07 11:27:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Cricri\Downloads\Logiciel Telecharger\OTL.exe
PRC - [2010/08/27 15:15:18 | 000,743,232 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010/08/27 15:13:36 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2010/08/24 11:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/24 11:38:16 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/07/28 15:49:04 | 001,935,656 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2010/07/01 21:34:46 | 000,129,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
PRC - [2009/09/10 16:58:25 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2009/04/30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/04 11:16:46 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/07/16 14:00:00 | 000,024,576 | ---- | M] () -- C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
PRC - [2008/01/21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/06/07 14:01:38 | 000,155,648 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
PRC - [2007/06/07 03:48:32 | 000,073,728 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\V0410Aps.exe
PRC - [2007/06/07 03:00:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0410Mon.exe
PRC - [2007/01/30 12:02:28 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Program Files\FinePixViewerS\QuickDCF2.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/09/07 11:27:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Cricri\Downloads\Logiciel Telecharger\OTL.exe
MOD - [2010/08/30 12:45:55 | 000,211,432 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll
MOD - [2009/04/11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2010/08/28 10:24:35 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/08/27 15:13:36 | 001,051,968 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/08/27 15:10:46 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/08/24 11:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/07/28 15:49:04 | 001,935,656 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2010/07/01 21:39:08 | 000,357,096 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/29 11:22:50 | 030,603,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/09/26 05:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/09/25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/04/30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/01/08 14:27:35 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/16 14:00:00 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008/02/03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/06/07 03:48:32 | 000,073,728 | ---- | M] (Creative Technology Ltd.) [Auto | Running] -- C:\Windows\System32\V0410Aps.exe -- (AEV0410)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010/08/22 11:02:26 | 000,041,816 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
DRV - [2010/06/28 14:13:32 | 000,071,008 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys -- (a2acc)
DRV - [2010/06/22 19:23:54 | 000,495,192 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (kl1)
DRV - [2010/05/05 09:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
DRV - [2010/04/22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2010/01/12 06:42:22 | 000,241,696 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/11/02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/10/14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/04/11 06:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2009/02/13 21:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/11/04 10:52:38 | 000,114,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2008/11/04 10:52:38 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2008/11/04 10:52:38 | 000,086,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2008/11/04 10:52:38 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2008/11/04 10:52:38 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/11/04 10:52:36 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2008/11/04 10:52:36 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2008/08/04 11:02:46 | 002,161,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/29 05:48:56 | 000,418,816 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28.sys -- (netr28)
DRV - [2008/07/16 13:56:06 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/07/11 04:20:10 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/05/16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008/04/28 00:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Pilote de carte Intel(R)
DRV - [2008/02/20 22:01:08 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/01/21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007/07/04 03:00:00 | 000,244,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0410Dev.sys -- (V0410Dev)
DRV - [2007/06/08 04:53:56 | 000,187,448 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/01/15 17:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006/12/05 07:37:46 | 000,007,168 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0410Vfx.sys -- (V0410Vfx)
DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vp32&d=0609&m=easynote_mh36
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/08 13:00:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/08 13:00:20 | 000,000,000 | ---D | M]
 
[2010/08/22 15:03:32 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\mozilla\Extensions
[2010/08/22 15:03:32 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010/09/09 10:03:03 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\mozilla\Firefox\Profiles\c6j1wr9m.default\extensions
[2010/08/28 11:06:27 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Cricri\AppData\Roaming\mozilla\Firefox\Profiles\c6j1wr9m.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/08/18 16:19:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Cricri\AppData\Roaming\mozilla\Firefox\Profiles\c6j1wr9m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/23 18:30:29 | 000,001,575 | ---- | M] () -- C:\Users\Cricri\AppData\Roaming\Mozilla\FireFox\Profiles\c6j1wr9m.default\searchplugins\cherche.xml
[2010/09/02 10:22:33 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/08/05 22:46:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/22 11:07:39 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010/08/22 11:07:33 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/08/05 23:16:19 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/08/05 23:16:19 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/08/05 23:16:19 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/08/05 23:16:19 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/08/05 23:16:19 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2010/09/07 21:45:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [a-squared] C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [V0410Mon.exe] C:\Windows\V0410Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Creative Live! Cam Manager] C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: chat-land.org ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\Cricri\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Cricri\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
 
 
SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (http://www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/09/08 12:55:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/07 21:57:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/09/07 21:57:15 | 000,000,000 | ---D | C] -- C:\Users\Cricri\AppData\Local\temp
[2010/09/07 21:44:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/09/07 21:30:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/09/07 21:30:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/09/07 21:30:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/09/07 21:29:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/09/07 21:28:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/07 21:27:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/07 09:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom
[2010/09/02 09:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Gravity
[2010/09/01 08:51:52 | 000,000,000 | ---D | C] -- C:\Users\Cricri\AppData\Local\EPS-FileDownloader
[2010/09/01 08:51:05 | 000,000,000 | ---D | C] -- C:\Users\Cricri\AppData\Local\Apps
[2010/09/01 08:51:04 | 000,000,000 | ---D | C] -- C:\Users\Cricri\AppData\Local\Deployment
[2010/08/30 10:08:20 | 000,000,000 | ---D | C] -- C:\Users\Cricri\AppData\Roaming\Reallusion
[2010/08/30 10:08:19 | 000,000,000 | ---D | C] -- C:\Users\Cricri\AppData\Roaming\tmp
[2010/08/28 10:24:37 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010/08/28 10:24:37 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010/08/23 18:01:14 | 000,000,000 | ---D | C] -- C:\Users\Cricri\Documents\Sony Ericsson
[2010/08/23 16:32:57 | 000,274,432 | ---- | C] (FUJI PHOTO FILM CO., LTD.) -- C:\Windows\System32\FFTIFF16.dll
[2010/08/23 16:32:57 | 000,208,896 | ---- | C] (FUJI PHOTO FILM CO., LTD.) -- C:\Windows\System32\FFRafShellEx.dll
[2010/08/23 16:32:56 | 000,155,648 | ---- | C] (FUJI PHOTO FILM CO., LTD.) -- C:\Windows\System32\FFRAFLIB.DLL
[2010/08/23 16:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\FinePixViewer
[2010/08/22 15:47:35 | 000,000,000 | ---D | C] -- C:\Users\Cricri\AppData\Roaming\Creative
[2010/08/22 15:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2010/08/22 15:24:38 | 000,000,000 | ---D | C] -- C:\Users\Cricri\Documents\Anti-Malware
[2010/08/22 15:04:22 | 000,000,000 | ---D | C] -- C:\Users\Cricri\Documents\TomTom
[2010/08/22 15:03:25 | 000,000,000 | ---D | C] -- C:\Users\Cricri\AppData\Roaming\TomTom
[2010/08/22 15:03:25 | 000,000,000 | ---D | C] -- C:\Users\Cricri\AppData\Local\TomTom
[2010/08/22 15:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2010/08/22 15:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2010/08/22 14:48:14 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mscomct2.ocx
[2010/08/22 14:48:13 | 000,053,248 | ---- | C] (Creative Technology Ltd ) -- C:\Windows\Ctregrun.exe
[2010/08/22 14:44:40 | 000,150,528 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\VNIAPO32.dll
[2010/08/22 14:44:40 | 000,130,048 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0410Apv.dll
[2010/08/22 14:44:40 | 000,114,688 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0410Afx.dll
[2010/08/22 14:44:40 | 000,073,728 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0410Aps.exe
[2010/08/22 14:44:40 | 000,064,512 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\DaisyWrp.dll
[2010/08/22 14:43:59 | 000,307,200 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0410Cvw.dll
[2010/08/22 14:43:59 | 000,126,976 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0410Vfw.dll
[2010/08/22 14:43:59 | 000,102,400 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0410Ext.ax
[2010/08/22 14:43:59 | 000,090,112 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\CtDrvIns.exe
[2010/08/22 14:43:59 | 000,036,864 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0410Pin.dll
[2010/08/22 14:43:59 | 000,036,864 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\CtCamMgr.dll
[2010/08/22 14:43:59 | 000,032,768 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\V0410Mon.exe
[2010/08/22 14:43:59 | 000,024,576 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\V0410Cfg.exe
[2010/08/22 14:43:59 | 000,024,576 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\CtCamPin.crl
[2010/08/22 14:43:58 | 000,244,672 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\V0410Dev.sys
[2010/08/22 14:43:58 | 000,163,840 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0410Cvw.crl
[2010/08/22 14:43:58 | 000,032,768 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0410Hwx.dll
[2010/08/22 14:43:58 | 000,024,576 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0410Srv.exe
[2010/08/22 14:43:58 | 000,020,480 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\V0410Ext.crl
[2010/08/22 14:43:58 | 000,007,168 | ---- | C] (EyePower Games Pte. Ltd.) -- C:\Windows\System32\drivers\V0410Vfx.sys
[2010/08/22 14:43:42 | 000,000,000 | ---D | C] -- C:\Windows\CtDrvInstall
[2010/08/22 14:39:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion
[2010/08/22 14:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Reallusion
[2010/08/22 14:36:24 | 005,627,904 | ---- | C] (Reallusion Inc.) -- C:\Windows\System32\LiveCamVirtual.ocx
[2010/08/22 14:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative
[2010/08/22 14:26:29 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71u.dll
[2010/08/22 14:26:27 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71.DLL
[2010/08/22 14:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2010/08/22 14:06:57 | 000,042,000 | ---- | C] (CACE Technologies) -- C:\Windows\System32\drivers\aztech_npf32.sys
[2010/08/22 14:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bewan Powerline E200
[2010/08/22 13:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\FinePixViewerS
[2010/08/22 13:40:39 | 000,000,000 | ---D | C] -- C:\Users\Cricri\AppData\Roaming\InstallShield
[2010/08/22 13:39:43 | 000,000,000 | ---D | C] -- C:\Users\Cricri\AppData\Roaming\FUJIFILM
[2010/08/22 13:31:04 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\seehcri.sys
[2010/08/22 13:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\Avanquest update
[2010/08/22 13:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software
[2010/08/22 13:28:05 | 000,000,000 | ---D | C] -- C:\Users\Cricri\AppData\Local\Sony Ericsson
[2010/08/22 13:01:17 | 000,109,736 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s1018unic.sys
[2010/08/22 13:01:17 | 000,104,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s1018obex.sys
[2010/08/22 13:01:17 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s1018whnt.sys
[2010/08/22 13:01:17 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s1018wh.sys
[2010/08/22 13:01:16 | 000,114,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s1018mdm.sys
[2010/08/22 13:01:16 | 000,108,328 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s1018mgmt.sys
[2010/08/22 13:01:16 | 000,086,696 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s1018bus.sys
[2010/08/22 13:01:16 | 000,026,024 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s1018nd5.sys
[2010/08/22 13:01:16 | 000,015,016 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s1018mdfl.sys
[2010/08/22 13:01:16 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s1018cmnt.sys
[2010/08/22 13:01:16 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s1018cm.sys
[2010/08/22 13:01:16 | 000,010,792 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s1018cr.sys
[2010/08/22 13:01:15 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0016whnt.sys
[2010/08/22 13:01:15 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0016wh.sys
[2010/08/22 13:01:14 | 000,089,256 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0016bus.sys
[2010/08/22 13:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2010/08/22 13:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2010/08/22 10:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2010/08/22 10:23:49 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010/08/22 10:23:19 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX
[2010/08/22 10:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\fwc
[2010/08/22 10:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Fake Webcam
[2010/08/22 10:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\SMPlayer
[2010/08/15 13:51:01 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/08/15 13:48:27 | 000,000,000 | ---D | C] -- C:\Users\Cricri\AppData\Local\Sunbelt Software
[2010/08/13 20:12:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/08/13 20:12:44 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/08/13 20:12:44 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/08/13 20:12:44 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/08/13 20:12:44 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/08/13 20:12:44 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/13 20:12:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/08/13 20:12:44 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/13 20:12:44 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/08/13 20:12:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/08/13 20:12:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/08/13 20:12:44 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/08/13 20:12:44 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/08/13 20:12:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/08/13 20:12:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/13 20:12:42 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/13 20:12:36 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/13 20:12:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/13 20:12:23 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/13 20:12:22 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/09/09 20:47:29 | 001,572,864 | -HS- | M] () -- C:\Users\Cricri\NTUSER.DAT
[2010/09/09 20:41:07 | 000,100,864 | ---- | M] () -- C:\Users\Cricri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/09 20:35:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/09 15:49:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/09 15:49:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/09 11:00:22 | 000,000,811 | ---- | M] () -- C:\Users\Cricri\Desktop\CCleaner.lnk
[2010/09/09 09:51:00 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/09/09 09:49:17 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010/09/09 09:49:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/08 22:21:34 | 000,524,288 | -HS- | M] () -- C:\Users\Cricri\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/09/08 22:21:34 | 000,065,536 | -HS- | M] () -- C:\Users\Cricri\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/09/08 22:21:28 | 002,094,970 | -H-- | M] () -- C:\Users\Cricri\AppData\Local\IconCache.db
[2010/09/07 21:49:31 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/09/07 21:45:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/09/07 09:10:30 | 001,495,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/07 09:10:30 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/09/07 09:10:30 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/07 09:10:30 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/09/07 09:10:30 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/02 10:09:15 | 000,001,920 | ---- | M] () -- C:\Users\Cricri\Desktop\Ragnarok.lnk
[2010/09/02 10:09:15 | 000,001,915 | ---- | M] () -- C:\Users\Cricri\Desktop\Setup.lnk
[2010/09/01 11:43:09 | 915,789,317 | ---- | M] () -- C:\Users\Cricri\Desktop\RagnarokOnline_11.2a.exe
[2010/08/28 10:24:32 | 000,001,876 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Maintenance en 1 clic.lnk
[2010/08/28 10:24:32 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010/08/27 15:16:00 | 000,030,528 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010/08/27 15:10:56 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010/08/27 15:10:46 | 000,030,016 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010/08/26 17:25:07 | 000,459,627 | ---- | M] () -- C:\Users\Cricri\Desktop\Virement loyer.docx
[2010/08/26 17:24:29 | 000,002,673 | ---- | M] () -- C:\Users\Cricri\Desktop\Microsoft Word 2010.lnk
[2010/08/25 17:29:09 | 000,460,651 | ---- | M] () -- C:\Users\Cricri\Desktop\PAGE CE VIREMENT LOYER MENSUEL.docx
[2010/08/23 18:41:45 | 000,000,011 | ---- | M] () -- C:\Users\Cricri\logie
[2010/08/23 18:41:45 | 000,000,011 | ---- | M] () -- C:\Users\Cricri\logff
[2010/08/23 18:30:29 | 000,000,451 | ---- | M] () -- C:\Users\Cricri\scriptjava.html
[2010/08/23 18:30:28 | 000,000,114 | ---- | M] () -- C:\Users\Cricri\Application Data\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL
[2010/08/23 18:29:29 | 000,000,015 | ---- | M] () -- C:\Users\Cricri\prncnfgd
[2010/08/23 16:33:11 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\FinePixViewer.lnk
[2010/08/23 16:33:11 | 000,001,747 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk
[2010/08/22 15:03:19 | 000,000,713 | ---- | M] () -- C:\Users\Cricri\Desktop\TomTom HOME 2.lnk
[2010/08/22 14:39:59 | 000,000,075 | RHS- | M] () -- C:\Windows\CT4CET.bin
[2010/08/22 14:05:26 | 000,001,944 | ---- | M] () -- C:\Users\Cricri\Desktop\Utilitaire Bewan Powerline E200.lnk
[2010/08/22 13:42:29 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Guide de l'utilisateur.lnk
[2010/08/22 13:42:29 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\FinePixViewer S.lnk
[2010/08/22 13:41:43 | 000,000,651 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Exif Launcher S.lnk
[2010/08/22 13:31:39 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Sony Ericsson PC Suite 6.0.lnk
[2010/08/22 11:20:13 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010/08/22 11:20:13 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010/08/22 11:05:24 | 000,000,990 | ---- | M] () -- C:\Users\Cricri\Desktop\Kaspersky Internet Security 2011.lnk
[2010/08/22 10:50:53 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/22 10:50:30 | 000,000,841 | ---- | M] () -- C:\Users\Cricri\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2010/08/22 10:50:30 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2010/08/22 10:37:36 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\SMPlayer.lnk
[2010/08/22 10:23:52 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\CamStudio.lnk
[2010/08/22 10:23:19 | 000,000,818 | ---- | M] () -- C:\Users\Cricri\Application Data\Microsoft\Internet Explorer\Quick Launch\Fake Webcam (No Preview Mode).lnk
[2010/08/22 10:23:19 | 000,000,808 | ---- | M] () -- C:\Users\Cricri\Application Data\Microsoft\Internet Explorer\Quick Launch\Fake Webcam.lnk
[2010/08/22 10:23:19 | 000,000,784 | ---- | M] () -- C:\Users\Cricri\Desktop\Fake Webcam.lnk
[2010/08/15 13:51:00 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/08/14 13:13:30 | 000,000,828 | ---- | M] () -- C:\Users\Cricri\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2010/08/14 13:13:30 | 000,000,804 | ---- | M] () -- C:\Users\Cricri\Desktop\Glary Utilities.lnk
[2010/08/13 20:36:25 | 000,385,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/09/07 21:30:24 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/07 21:30:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/07 21:30:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/07 21:30:24 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/07 21:30:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/02 10:09:15 | 000,001,920 | ---- | C] () -- C:\Users\Cricri\Desktop\Ragnarok.lnk
[2010/09/02 10:09:15 | 000,001,915 | ---- | C] () -- C:\Users\Cricri\Desktop\Setup.lnk
[2010/09/01 08:51:58 | 915,789,317 | ---- | C] () -- C:\Users\Cricri\Desktop\RagnarokOnline_11.2a.exe
[2010/08/26 17:25:07 | 000,459,627 | ---- | C] () -- C:\Users\Cricri\Desktop\Virement loyer.docx
[2010/08/25 17:29:08 | 000,460,651 | ---- | C] () -- C:\Users\Cricri\Desktop\PAGE CE VIREMENT LOYER MENSUEL.docx
[2010/08/23 18:30:37 | 000,000,011 | ---- | C] () -- C:\Users\Cricri\logie
[2010/08/23 18:30:37 | 000,000,011 | ---- | C] () -- C:\Users\Cricri\logff
[2010/08/23 18:30:29 | 000,000,451 | ---- | C] () -- C:\Users\Cricri\scriptjava.html
[2010/08/23 18:30:28 | 000,000,114 | ---- | C] () -- C:\Users\Cricri\Application Data\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL
[2010/08/23 18:29:29 | 000,000,015 | ---- | C] () -- C:\Users\Cricri\prncnfgd
[2010/08/23 16:33:11 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\FinePixViewer.lnk
[2010/08/23 16:33:11 | 000,001,747 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk
[2010/08/22 15:03:19 | 000,000,713 | ---- | C] () -- C:\Users\Cricri\Desktop\TomTom HOME 2.lnk
[2010/08/22 14:50:35 | 000,007,062 | ---- | C] () -- C:\Windows\System32\audiopid.vxd
[2010/08/22 14:43:59 | 000,188,891 | ---- | C] () -- C:\Windows\System32\V0410Cvw.bff
[2010/08/22 14:43:59 | 000,057,656 | ---- | C] () -- C:\Windows\System32\drivers\V0410PC.bmp
[2010/08/22 14:43:59 | 000,005,711 | ---- | C] () -- C:\Windows\VF0410.uns
[2010/08/22 14:39:59 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/08/22 14:36:24 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\livecamv.sys
[2010/08/22 14:05:26 | 000,001,944 | ---- | C] () -- C:\Users\Cricri\Desktop\Utilitaire Bewan Powerline E200.lnk
[2010/08/22 13:42:29 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Guide de l'utilisateur.lnk
[2010/08/22 13:42:29 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\FinePixViewer S.lnk
[2010/08/22 13:41:43 | 000,000,651 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Exif Launcher S.lnk
[2010/08/22 13:31:39 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Sony Ericsson PC Suite 6.0.lnk
[2010/08/22 11:07:38 | 000,000,990 | ---- | C] () -- C:\Users\Cricri\Desktop\Kaspersky Internet Security 2011.lnk
[2010/08/22 10:50:30 | 000,000,841 | ---- | C] () -- C:\Users\Cricri\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2010/08/22 10:50:30 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2010/08/22 10:23:52 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\CamStudio.lnk
[2010/08/22 10:23:19 | 000,000,818 | ---- | C] () -- C:\Users\Cricri\Application Data\Microsoft\Internet Explorer\Quick Launch\Fake Webcam (No Preview Mode).lnk
[2010/08/22 10:23:19 | 000,000,808 | ---- | C] () -- C:\Users\Cricri\Application Data\Microsoft\Internet Explorer\Quick Launch\Fake Webcam.lnk
[2010/08/22 10:23:19 | 000,000,784 | ---- | C] () -- C:\Users\Cricri\Desktop\Fake Webcam.lnk
[2010/08/22 10:23:00 | 000,000,811 | ---- | C] () -- C:\Users\Public\Desktop\SMPlayer.lnk
[2010/07/08 10:11:19 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/05/31 18:31:42 | 000,000,680 | ---- | C] () -- C:\Users\Cricri\AppData\Local\d3d9caps.dat
[2010/01/23 22:32:08 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/01/23 22:32:06 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010/01/23 22:32:06 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/01/23 22:32:06 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/01/23 22:32:04 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/01/23 22:32:04 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2010/01/23 22:27:27 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/12/05 16:26:00 | 000,100,864 | ---- | C] () -- C:\Users\Cricri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/10/19 21:15:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/28 06:00:54 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009/01/08 21:47:57 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/01/08 21:47:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2009/10/20 16:05:02 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\Adobe
[2010/08/22 15:47:35 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\Creative
[2010/08/23 16:34:08 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\FUJIFILM
[2009/10/19 19:19:19 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\GlarySoft
[2009/10/19 18:41:26 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\Google
[2009/10/19 18:28:25 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\Identities
[2010/08/22 13:40:39 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\InstallShield
[2010/09/09 11:08:54 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\Macromedia
[2010/02/14 16:47:09 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\Malwarebytes
[2006/11/02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\Media Center Programs
[2010/09/09 11:47:44 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\Media Player Classic
[2010/08/26 20:05:20 | 000,000,000 | --SD | M] -- C:\Users\Cricri\AppData\Roaming\Microsoft
[2009/10/19 18:59:25 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\Mozilla
[2010/02/14 17:24:10 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\Nero
[2009/10/19 18:30:20 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\Packard Bell
[2010/08/30 10:08:20 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\Reallusion
[2010/08/30 10:08:19 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\tmp
[2010/08/22 15:03:25 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\TomTom
[2010/02/14 15:18:07 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\TuneUp Software
[2010/09/09 20:42:04 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\uTorrent
[2010/02/14 16:28:59 | 000,000,000 | ---D | M] -- C:\Users\Cricri\AppData\Roaming\WinRAR
 
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
[color=#A23BEC]< MD5 for: WININIT.EXE  >[/color]
[2008/01/21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008/01/21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2010/07/01 21:35:12 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\klogon.dll
[2009/04/11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\rsaenh.dll
[2009/04/11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\SLC.dll
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\drivers\kl1.sys
[2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\drivers\kl2.sys
[2010/06/22 19:23:54 | 000,495,192 | ---- | M] (Kaspersky Lab)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\drivers\klif.sys
[2010/04/22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\drivers\klim6.sys
[2009/11/02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\drivers\klmouflt.sys
 
[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2008/01/21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< End of report >
Avatar de l'utilisateur
Firzen
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 100
Inscription: 13 Mar 2010 10:40
 

Re: Virus dans c:\windows\explorer.exe

Message le 10 Sep 2010 11:49

fait ceci.

Télécharger Antivir ici.

http://www.free-av.com/

Désactive ton propre antivirus juste le temps du passage d'Antivir.

Mets antivir à jour et fait un scan complet et mets moi la rapport après.
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: Virus dans c:\windows\explorer.exe

Message le 11 Sep 2010 12:16

Code: Tout sélectionner
 Avira AntiVir Personal
Date de création du fichier de rapport : samedi 11 septembre 2010  10:13

La recherche porte sur 2801829 souches de virus.

Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série         : 0000149996-ADJIE-0000001
Plateforme              : Windows Vista
Version de Windows      : (Service Pack 2)  [6.0.6002]
Mode Boot               : Démarré normalement
Identifiant             : SYSTEM
Nom de l'ordinateur     : PC-DE-CRICRI

Informations de version :
BUILD.DAT               : 9.0.0.77      21698 Bytes  09/06/2010 12:01:00
AVSCAN.EXE              : 9.0.3.10     466689 Bytes  13/10/2009 10:25:46
AVSCAN.DLL              : 9.0.3.0       49409 Bytes  03/03/2009 09:21:02
LUKE.DLL                : 9.0.3.2      209665 Bytes  20/02/2009 10:35:11
LUKERES.DLL             : 9.0.2.0       13569 Bytes  03/03/2009 09:21:31
VBASE000.VDF            : 7.10.0.0   19875328 Bytes  06/11/2009 06:35:52
VBASE001.VDF            : 7.10.1.0    1372672 Bytes  19/11/2009 11:00:16
VBASE002.VDF            : 7.10.3.1    3143680 Bytes  20/01/2010 11:00:21
VBASE003.VDF            : 7.10.3.75    996864 Bytes  26/01/2010 11:00:23
VBASE004.VDF            : 7.10.4.203   1579008 Bytes  05/03/2010 11:00:26
VBASE005.VDF            : 7.10.6.82   2494464 Bytes  15/04/2010 11:00:30
VBASE006.VDF            : 7.10.7.218   2294784 Bytes  02/06/2010 11:00:34
VBASE007.VDF            : 7.10.9.165   4840960 Bytes  23/07/2010 11:00:42
VBASE008.VDF            : 7.10.9.166      2048 Bytes  23/07/2010 11:00:42
VBASE009.VDF            : 7.10.9.167      2048 Bytes  23/07/2010 11:00:42
VBASE010.VDF            : 7.10.9.168      2048 Bytes  23/07/2010 11:00:42
VBASE011.VDF            : 7.10.9.169      2048 Bytes  23/07/2010 11:00:42
VBASE012.VDF            : 7.10.9.170      2048 Bytes  23/07/2010 11:00:42
VBASE013.VDF            : 7.10.9.198    157696 Bytes  26/07/2010 11:00:43
VBASE014.VDF            : 7.10.9.255    997888 Bytes  29/07/2010 11:00:44
VBASE015.VDF            : 7.10.10.28    139264 Bytes  02/08/2010 11:00:44
VBASE016.VDF            : 7.10.10.52    127488 Bytes  03/08/2010 11:00:45
VBASE017.VDF            : 7.10.10.84    137728 Bytes  06/08/2010 11:00:45
VBASE018.VDF            : 7.10.10.107    176640 Bytes  09/08/2010 11:00:46
VBASE019.VDF            : 7.10.10.130    132608 Bytes  10/08/2010 11:00:46
VBASE020.VDF            : 7.10.10.158    131072 Bytes  12/08/2010 11:00:47
VBASE021.VDF            : 7.10.10.190    136704 Bytes  16/08/2010 11:00:47
VBASE022.VDF            : 7.10.10.217    118272 Bytes  19/08/2010 11:00:47
VBASE023.VDF            : 7.10.10.246    130048 Bytes  23/08/2010 11:00:48
VBASE024.VDF            : 7.10.11.11    144896 Bytes  25/08/2010 11:00:48
VBASE025.VDF            : 7.10.11.33    135168 Bytes  27/08/2010 11:00:49
VBASE026.VDF            : 7.10.11.52    148992 Bytes  31/08/2010 11:00:49
VBASE027.VDF            : 7.10.11.75    124928 Bytes  03/09/2010 11:00:49
VBASE028.VDF            : 7.10.11.92    137728 Bytes  06/09/2010 11:00:50
VBASE029.VDF            : 7.10.11.107    166400 Bytes  08/09/2010 11:00:50
VBASE030.VDF            : 7.10.11.127    136704 Bytes  10/09/2010 08:12:21
VBASE031.VDF            : 7.10.11.128      2048 Bytes  10/09/2010 08:12:21
Version du moteur       : 8.2.4.50
AEVDF.DLL               : 8.1.2.1      106868 Bytes  10/09/2010 11:01:00
AESCRIPT.DLL            : 8.1.3.44    1364346 Bytes  10/09/2010 11:01:00
AESCN.DLL               : 8.1.6.1      127347 Bytes  10/09/2010 11:00:58
AESBX.DLL               : 8.1.3.1      254324 Bytes  10/09/2010 11:01:00
AERDL.DLL               : 8.1.8.2      614772 Bytes  10/09/2010 11:00:58
AEPACK.DLL              : 8.2.3.5      471412 Bytes  10/09/2010 11:00:57
AEOFFICE.DLL            : 8.1.1.8      201081 Bytes  10/09/2010 11:00:56
AEHEUR.DLL              : 8.1.2.21    2883958 Bytes  10/09/2010 11:00:56
AEHELP.DLL              : 8.1.13.3     242038 Bytes  10/09/2010 11:00:53
AEGEN.DLL               : 8.1.3.20     397684 Bytes  10/09/2010 11:00:53
AEEMU.DLL               : 8.1.2.0      393588 Bytes  10/09/2010 11:00:52
AECORE.DLL              : 8.1.16.2     192887 Bytes  10/09/2010 11:00:51
AEBB.DLL                : 8.1.1.0       53618 Bytes  10/09/2010 11:00:51
AVWINLL.DLL             : 9.0.0.3       18177 Bytes  12/12/2008 07:47:30
AVPREF.DLL              : 9.0.3.0       44289 Bytes  26/08/2009 14:13:31
AVREP.DLL               : 8.0.0.7      159784 Bytes  10/09/2010 11:01:01
AVREG.DLL               : 9.0.0.0       36609 Bytes  07/11/2008 14:24:42
AVARKT.DLL              : 9.0.0.3      292609 Bytes  24/03/2009 14:05:22
AVEVTLOG.DLL            : 9.0.0.7      167169 Bytes  30/01/2009 09:36:37
SQLITE3.DLL             : 3.6.1.0      326401 Bytes  28/01/2009 14:03:49
SMTPLIB.DLL             : 9.2.0.25      28417 Bytes  02/02/2009 07:20:57
NETNT.DLL               : 9.0.0.0       11521 Bytes  07/11/2008 14:40:59
RCIMAGE.DLL             : 9.0.0.25    2438913 Bytes  17/06/2009 12:44:26
RCTEXT.DLL              : 9.0.73.0      88321 Bytes  02/11/2009 15:58:32

Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen

Début de la recherche : samedi 11 septembre 2010  10:13

La recherche d'objets cachés commence.
'97140' objets ont été contrôlés, '0' objets cachés ont été trouvés.

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Ragexe.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'mfpmp.exe' - '0' module(s) sont contrôlés
Processus de recherche 'wmplayer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'plugin-container.exe' - '1' module(s) sont contrôlés
Processus de recherche 'klwtblfs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmpnetwk.exe' - '1' module(s) sont contrôlés
Processus de recherche 'QuickDCF2.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmpnscfg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'TomTomHOMERunner.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CTLCMgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'V0410Mon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'igfxsrvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'igfxpers.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hkcmd.exe' - '1' module(s) sont contrôlés
Processus de recherche 'igfxtray.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SynTPEnh.exe' - '1' module(s) sont contrôlés
Processus de recherche 'RtHDVCpl.exe' - '1' module(s) sont contrôlés
Processus de recherche 'MSASCui.exe' - '1' module(s) sont contrôlés
Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'TuneUpUtilitiesApp32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'dwm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'TuneUpUtilitiesService32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'TomTomHOMEService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SupServ.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ETService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'V0410Aps.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PhotoshopElementsFileAgent.exe' - '1' module(s) sont contrôlés
Processus de recherche 'a2service.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SLsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'audiodg.exe' - '0' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wininit.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'59' processus ont été contrôlés avec '59' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
    [INFO]      Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
    [INFO]      Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '55' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\' <Florian>
C:\pagefile.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    [REMARQUE]  Ce fichier est un fichier système Windows.
    [REMARQUE]  Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.


Fin de la recherche : samedi 11 septembre 2010  11:31
Temps nécessaire:  1:17:51 Heure(s)

La recherche a été effectuée intégralement

  21262 Les répertoires ont été contrôlés
 378436 Des fichiers ont été contrôlés
      0 Des virus ou programmes indésirables ont été trouvés
      0 Des fichiers ont été classés comme suspects
      0 Des fichiers ont été supprimés
      0 Des virus ou programmes indésirables ont été réparés
      0 Les fichiers ont été déplacés dans la quarantaine
      0 Les fichiers ont été renommés
      1 Impossible de contrôler des fichiers
 378435 Fichiers non infectés
   3475 Les archives ont été contrôlées
      1 Avertissements
      1 Consignes
  97140 Des objets ont été contrôlés lors du Rootkitscan
      0 Des objets cachés ont été trouvés
Avatar de l'utilisateur
Firzen
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 100
Inscription: 13 Mar 2010 10:40
 

Re: Virus dans c:\windows\explorer.exe

Message le 11 Sep 2010 12:29

ok tu peux supprimer antivir car aucune détection a été faite.

Donc bizarre ce que te signale "Kaspersky" :cry:

As tu un rapporta tout hasard?

ton Antivirus est bien à jour?

Je vais me renseigner un peu plus.

A+
Avatar de l'utilisateur
bernard53
PC-Infopraticien
PC-Infopraticien
 
Messages: 12778
Inscription: 08 Déc 2009 19:51
 

Re: Virus dans c:\windows\explorer.exe

Message le 11 Sep 2010 21:37

oui je le met a jour régulièrement, il me signale aussi très souvent 1 fois tous les 2 jours en moyenne, une attaque réseau qu'il bloque.
Avatar de l'utilisateur
Firzen
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 100
Inscription: 13 Mar 2010 10:40
 

Re: Virus dans c:\windows\explorer.exe

Message le 11 Sep 2010 22:12

Salut , :)

- comment se comporte ton pc ? Ralentissement.... ?
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Re: Virus dans c:\windows\explorer.exe

Message le 11 Sep 2010 22:33

salut, non il ne rame pas , apparemment aucune infections visible
Avatar de l'utilisateur
Firzen
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 100
Inscription: 13 Mar 2010 10:40
 

Re: Virus dans c:\windows\explorer.exe

Message le 11 Sep 2010 22:40

ok , et donc tu dit ton antivirus détecte toujours une menace ?

Si ComboFix ..... ne trouve pas se virus c'est qu'il y en a pas.
Pareil avec "OTL" :roll:

Essaye de faire ceci mais je doute du résultat :s

Image Télécharge ZHPDiag par Nicolas Coolman et sauvegarde-le sur le Bureau.

* Double-clique sur ZHPDiag.exe.
* clique sur le bouton Lancer le diagnostic
* Lorsque l'analyse sera terminée, un fichier au format texte s'affiche dans la zone résultat du bas.
* Clique sur le bouton Copier dans le presse papier
* Colle le résultat de l'analyse dans ta réponse en faisant un copier/coller.

Image -Si le rapport est trop long tu peut l'heberger >>>ici<<<

@ ++
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Re: Virus dans c:\windows\explorer.exe

Message le 12 Sep 2010 10:34

Voici le lien ou j'ai héberger le résultat du scan avec ZHPDiag :

je ne vois rien de particulier a parts des traces de norton antivirus , il était pré-installer dans mon pc a son achat .
Je vois aussi dans internet explorer un site nommé chat lang, je ne le connais pas .

http://www.sendspace.com/file/otd67c

j'ai pris un scren de mon antivirus pour vous montrer la véracité des faits ^^ :

Image
Avatar de l'utilisateur
Firzen
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 100
Inscription: 13 Mar 2010 10:40
 

Suivante


Sujets similaires

Message Windows 11 bloque sur une màj...
Bonjour, et désolé si par le passé il a pu m'arriver de rager contre des hackers, certains sont des gens normaux, qui ont juste je dirait un hobby fort gênant parfois, et certainement très discutable.Bref, avant d'envisager le pire et donc une réinstallation partielle, j'aimerais avoir l'avis de que ...
Réponses: 10

Message récupération d'une image windows
Bonjour à tous !Après plusieurs jours (eh oui !) à tenter de sauver mon D.D. je l'ai en finale effacé avec Killdisk (6 h pour 1,5 To)...Je lui réinstalle Win 10 (c'est en cours)Quand il était en état j'avais créé une image disque et un backup sur un D.D. amovible.J'espère récupérer ma précédente in ...
Réponses: 8

Message Téléchargement Windows 11
Bonjour,Je vous mets le lien de téléchargement officiel de Windows 11:https://www.microsoft.com/fr-fr/software-download/windows11Bonne journée.
Réponses: 31

Message Windows s'est de nouveau ralenti
Bonjour !J'y reviens: Après une manip, peut être malheureuse, mais qui a fonctionné, de modif du grub d'Ubuntu, Win 10 (issu de Win 7) est entré en hibernation.Il se charge complètement en une heure environ, puis chaque ordre (clic sur une appli) met une à deux minutes pour être actif, puis plusieur ...
Réponses: 1

Message 24H2 mise à jour majeure Windows 11
Bonjour à tous,Disponible depuis ce début mois sur les PC éligibles, la release 24H2 de Windows 11 peut être téléchargé depuis l'assistant Upgrade ... Cette mise à jour semble essentielle avec l'introduction importante de l'IA dans le système d'exploitation !!Pour plus d'information, je vous invite ...
Réponses: 1

Message Défaut d'installation vmware-workstation-windows-17.6.0-4873
Bonjour,J'ai besoin d'installer vmware rapidement. N'arrivant pas à régler le problème de l'hyper V sur des anciennes versions de vwware sur windows 11 version 23H2 je souhaite passer sur la dernière version, la v17 qui semble avoir corriger ces problèmes.Le problème c'est qu'à la fin de l'installat ...
Réponses: 4

Message Récupération fichier disparu sur Windows 10
Bonjour,En tapant dans Word, le texte a subitement dusparu. Impossible de le récupérer. Je l'avais déja partiellement enregistré la veille : impossible également derécupérer ce dernier. Que faire ? Toutce que j'ai pu récupérer c'est une partie du texte que j'avais enregistré préalablement dans Drive ...
Réponses: 1


Qui est en ligne

Utilisateurs parcourant ce forum: Bing [Bot] et 20 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.
cron