Il y a actuellement 598 visiteurs
Vendredi 22 Novembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

Pb virus rookit [réglé]

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel
Répondre

Pb virus rookit [réglé]

Message le 20 Fév 2010 19:35

Bonsoir !

Il y a quelques temps j'ai repéré un virus trojan sur mon ordinateur. Je possédais une version de avast plutot ancienne. J'ai fait 3 analyses complètes minutieuse de tout l'ordinateur et il ne repérait aucune trace du virus.
Ensuite j'ai télécharger le dernier avast. Et depuis j'ai le droit a des "il y a un virus sur votre ordinateur" ou "un logiciel malveillant a été repéré" très régulièrement. Ce qui n'arrivait pas avec l'ancienne version. Je ne sais pas du tout si c'est lié avec le virus d'avant.
Et mtn j'ai aussi google chrome qui s'ouvre de temps a autre pour me signaler que je me rend sur un site a risque alors que je ne l'utilise pas.
Que faire contre tout ça ? XD

Merci d'avance pour vos éclaircicements et vos solutions. :-?
Avatar de l'utilisateur
Sushis
Sous Expert(e)
Sous Expert(e)
 
Messages: 94
Inscription: 05 Juil 2009 12:37
 
Haut

Re: Pb Avast Antivirus

Message le 20 Fév 2010 20:55

Ma dernière analyse a repérer une menace qui s'appelle : win32:rookit-gen [rtk]

C'est grave docteur ? :x
Avatar de l'utilisateur
Sushis
Sous Expert(e)
Sous Expert(e)
 
Messages: 94
Inscription: 05 Juil 2009 12:37
 
Haut

Re: Pb virus rookit

Message le 20 Fév 2010 23:08

hello,

fais cela stp...

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Output" (en haut à droite) la case "minimal Output" soit cochée.

* Coches les case situées devant "Scan All Users", " LOP Check" et "Purity Check".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "Custom scanx/fixes"


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles


* Cliques sur l'icône "RunScan" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

@++
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 
Haut

Re: Pb virus rookit

Message le 21 Fév 2010 16:49

Voila le rapport OTL.Txt.

OTL logfile created on: 21/02/2010 16:37:46 - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Alexis\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 453,76 Gb Total Space | 216,51 Gb Free Space | 47,71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-MARYLINE
Current User Name: Alexis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Alexis\Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
PRC - C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE (Packard Bell BV)
PRC - C:\Windows\System32\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
PRC - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (X10)


========== Modules (SafeList) ==========

MOD - C:\Users\Alexis\Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\powrprof.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dsound.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (gupdate1c9e90aedb3754e) Service Google Update (gupdate1c9e90aedb3754e) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (Nero BackItUp Scheduler 3) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (GenericHidService) -- C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE (Packard Bell BV)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\System32\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (x10nets) -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (X10)


========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (usbaudio) Pilote USB audio (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (AVerBDA3x) -- C:\Windows\System32\drivers\AVerBDA3x.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (camfilt2) -- C:\Windows\System32\drivers\camfilt2.sys (Guillemot Corporation)
DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (xusb21) -- C:\Windows\System32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.iesearch.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page Restore =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/r ... ey=IESTART
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/r ... ey=IESTART
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3E 8E 28 00 47 AE 0F 44 A4 1C DA D8 B6 A7 75 FB [binary data]
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/r ... ey=IESTART
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/r ... ey=IESTART
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3E 8E 28 00 47 AE 0F 44 A4 1C DA D8 B6 A7 75 FB [binary data]
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3E 8E 28 00 47 AE 0F 44 A4 1C DA D8 B6 A7 75 FB [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3E 8E 28 00 47 AE 0F 44 A4 1C DA D8 B6 A7 75 FB [binary data]

IE - HKU\S-1-5-21-799158351-1554483609-395032453-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/r ... ey=IESTART
IE - HKU\S-1-5-21-799158351-1554483609-395032453-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com
IE - HKU\S-1-5-21-799158351-1554483609-395032453-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.fr/
IE - HKU\S-1-5-21-799158351-1554483609-395032453-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-799158351-1554483609-395032453-1001\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3E 8E 28 00 47 AE 0F 44 A4 1C DA D8 B6 A7 75 FB [binary data]
IE - HKU\S-1-5-21-799158351-1554483609-395032453-1001\S-1-5-21-799158351-1554483609-395032453-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-799158351-1554483609-395032453-1001\S-1-5-21-799158351-1554483609-395032453-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:2.1
FF - prefs.js..extensions.enabledItems: {b18251e5-7ab2-4d22-b091-182fe795fa83}:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/10 19:26:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/10 19:26:42 | 000,000,000 | ---D | M]

[2009/04/06 20:46:28 | 000,000,000 | ---D | M] -- C:\Users\Alexis\AppData\Roaming\mozilla\Extensions
[2009/04/06 20:46:28 | 000,000,000 | ---D | M] -- C:\Users\Alexis\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/02/21 00:09:22 | 000,000,000 | ---D | M] -- C:\Users\Alexis\AppData\Roaming\mozilla\Firefox\Profiles\4dnzcvq9.default\extensions
[2010/02/21 16:36:15 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Alexis\AppData\Roaming\mozilla\Firefox\Profiles\4dnzcvq9.default\extensions\{b18251e5-7ab2-4d22-b091-182fe795fa83}
[2009/12/18 19:39:11 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Alexis\AppData\Roaming\mozilla\Firefox\Profiles\4dnzcvq9.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/01/22 19:57:23 | 000,001,681 | ---- | M] () -- C:\Users\Alexis\AppData\Roaming\Mozilla\FireFox\Profiles\4dnzcvq9.default\searchplugins\ask.uk.xml
[2008/08/17 23:27:18 | 000,001,622 | ---- | M] () -- C:\Users\Alexis\AppData\Roaming\Mozilla\FireFox\Profiles\4dnzcvq9.default\searchplugins\ask.xml
[2010/02/21 09:28:18 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/02/10 22:05:19 | 000,000,000 | ---D | M] (Internal security) -- C:\Program Files\mozilla firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
[2010/01/16 02:10:07 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/01/16 02:10:07 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/16 02:10:07 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/01/16 02:10:07 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/01/16 02:10:07 | 000,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {00288E3E-AE47-440F-A41C-DAD8B6A775Fb} - C:\Windows\System32\dxva232.dll ()
O2 - BHO: (no name) - {007BD817-4D31-4D9C-8039-83EBF65E93Af} - C:\Windows\System32\dxva232.dll ()
O2 - BHO: (no name) - {00F7B02E-4D31-4D9C-8039-83EBF65E93Af} - C:\Windows\System32\dxva232.dll ()
O2 - BHO: (no name) - {0288E3E4-AE47-440F-A41C-DAD8B6A775Fb} - C:\Windows\System32\dxva232.dll ()
O2 - BHO: (no name) - {03DEC0B8-4D31-4D9C-8039-83EBF65E93Af} - C:\Windows\System32\dxva232.dll ()
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-799158351-1554483609-395032453-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-799158351-1554483609-395032453-1001\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Programmes\Alwil Software\Avast5\AvastUI.exe File not found
O4 - HKLM..\Run: [CamserviceDeluxe2] C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe (Guillemot Corporation S.A.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-799158351-1554483609-395032453-1001..\Run: [RTHDBPL] C:\Users\Alexis\AppData\Roaming\SystemProc\lsass.exe File not found
O4 - HKU\S-1-5-21-799158351-1554483609-395032453-1001..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-799158351-1554483609-395032453-1001..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Alexis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\maryline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/ms ... b56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZI ... b56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL File not found
O20 - AppInit_DLLs: (C:\Windows\System32\dwmredir32.dll) - C:\Windows\System32\dwmredir32.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Alexis\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Alexis\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{bf7642e3-da89-11dd-a321-0040caa3c388}\Shell - "" = AutoRun
O33 - MountPoints2\{bf7642e3-da89-11dd-a321-0040caa3c388}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c8d85fe8-53fd-11de-ae65-0040caa3c388}\Shell - "" = AutoRun
O33 - MountPoints2\{c8d85fe8-53fd-11de-ae65-0040caa3c388}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{df6191ac-29eb-11de-b182-0040caa3c388}\Shell - "" = AutoRun
O33 - MountPoints2\{df6191ac-29eb-11de-b182-0040caa3c388}\Shell\AutoRun\command - "" = K:\autorun.exe -- File not found
O33 - MountPoints2\{f3df1527-e199-11dd-8aad-0040caa3c388}\Shell\AutoRun\command - "" = J:\
O33 - MountPoints2\{f3df1527-e199-11dd-8aad-0040caa3c388}\Shell\explore\Command - "" = J:\RECYCLED\INFO.exe -- File not found
O33 - MountPoints2\{f3df1527-e199-11dd-8aad-0040caa3c388}\Shell\open\Command - "" = J:\RECYCLED\INFO.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 03:34:27 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/02/20 19:55:48 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/02/20 19:55:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/02/20 19:55:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/02/20 17:07:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/02/20 00:51:40 | 000,000,000 | -HSD | C] -- C:\Windows\System32\SysWoW32
[2010/02/20 00:51:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\313061461
[2010/02/10 09:55:28 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/10 09:55:28 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/10 09:55:17 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/10 09:55:17 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/10 09:55:17 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/10 09:55:17 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/08 20:57:00 | 000,162,512 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/02/08 20:57:00 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/02/08 20:57:00 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/02/08 20:57:00 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/02/08 20:56:59 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/02/08 20:56:15 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/02/08 20:56:15 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/02/08 20:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/02/08 12:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/02/08 11:56:50 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010/02/08 11:56:49 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/02/08 11:56:49 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/02/08 11:56:17 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010/02/08 11:56:16 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/02/08 11:56:15 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010/02/08 11:56:15 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/02/08 11:56:15 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/02/08 11:56:15 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010/02/08 11:56:15 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/02/08 11:56:15 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/02/08 11:56:15 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/02/08 11:56:15 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/02/08 11:56:15 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010/02/08 11:56:15 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010/02/08 11:56:15 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010/02/08 11:56:15 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/02/08 11:56:15 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/02/08 11:56:15 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010/02/08 11:56:15 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/02/08 11:56:15 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010/02/08 11:56:15 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010/02/08 11:56:15 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/02/08 11:56:15 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/02/08 11:56:15 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/02/08 11:56:14 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010/02/08 11:56:14 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010/02/08 11:56:14 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/02/08 11:55:22 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010/02/08 11:55:22 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/02/08 11:55:17 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010/02/08 11:55:15 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/02/08 11:55:15 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010/02/08 11:55:15 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/02/08 11:55:15 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2010/02/08 11:55:15 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010/02/08 11:55:15 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/02/08 11:55:15 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/02/08 11:55:15 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2010/02/08 11:55:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2010/02/08 11:53:42 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010/02/08 11:53:39 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010/02/07 21:12:37 | 000,000,000 | ---D | C] -- C:\Users\Alexis\AppData\Roaming\FreeVideoConverter
[2010/02/07 21:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\Free Video Converter
[2010/02/07 15:54:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/02/07 15:54:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/02/07 15:54:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/02/03 17:45:16 | 000,000,000 | -HSD | C] -- C:\Users\Alexis\AppData\Roaming\SystemProc
[2010/01/25 11:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/08/27 12:56:29 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2009/08/27 12:56:28 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2 C:\Users\Alexis\AppData\Roaming\*.tmp files -> C:\Users\Alexis\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/21 16:39:54 | 003,145,728 | -HS- | M] () -- C:\Users\Alexis\ntuser.dat
[2010/02/21 16:39:52 | 000,002,525 | -HS- | M] () -- C:\Users\Alexis\AppData\Roaming\0200000018b492b7757P.manifest
[2010/02/21 16:39:52 | 000,000,344 | -HS- | M] () -- C:\Users\Alexis\AppData\Roaming\0200000018b492b7757C.manifest
[2010/02/21 16:30:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\Extension de garantie-maryline.job
[2010/02/21 15:57:59 | 000,000,817 | ---- | M] () -- C:\Windows\System32\547002162
[2010/02/21 15:57:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/21 15:22:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/21 15:22:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/21 15:11:00 | 000,000,601 | -HS- | M] () -- C:\Users\Alexis\AppData\Roaming\0200000018b492b7757O.manifest
[2010/02/21 15:07:50 | 000,000,011 | -HS- | M] () -- C:\Users\Alexis\AppData\Roaming\0200000018b492b7757S.manifest
[2010/02/21 15:07:48 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/21 13:53:43 | 000,524,288 | -HS- | M] () -- C:\Users\Alexis\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/02/21 13:53:43 | 000,065,536 | -HS- | M] () -- C:\Users\Alexis\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/02/21 13:53:40 | 002,880,880 | -H-- | M] () -- C:\Users\Alexis\AppData\Local\IconCache.db
[2010/02/21 13:06:10 | 000,001,000 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/02/21 09:28:37 | 000,200,704 | ---- | M] () -- C:\Windows\System32\DevicePairing32.dll
[2010/02/21 09:22:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/21 09:22:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/21 09:22:11 | 3219,656,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/21 03:03:05 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/02/21 01:35:16 | 000,043,520 | ---- | M] () -- C:\Users\Alexis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/21 00:42:43 | 044,932,083 | ---- | M] () -- C:\Users\Alexis\Desktop\La Plagne 2010.wmv
[2010/02/21 00:39:20 | 000,000,302 | ---- | M] () -- C:\Windows\win.ini
[2010/02/20 19:18:38 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010/02/20 15:01:06 | 000,200,704 | ---- | M] () -- C:\Windows\System32\avicap3232.dll
[2010/02/20 00:51:15 | 000,203,776 | -HS- | M] () -- C:\Windows\System32\unrar.exe
[2010/02/12 18:54:59 | 001,592,070 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/12 18:54:59 | 000,713,304 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/02/12 18:54:59 | 000,625,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/12 18:54:59 | 000,143,336 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/02/12 18:54:59 | 000,116,946 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/12 12:26:12 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/02/11 19:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/02/11 19:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/02/11 19:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/02/11 19:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/02/11 19:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/02/11 19:38:45 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/02/11 19:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/02/10 19:34:17 | 000,001,992 | ---- | M] () -- C:\Users\Alexis\Desktop\Google Chrome.lnk
[2010/02/10 19:26:43 | 000,001,727 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/02/09 20:39:15 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010/02/08 21:35:29 | 000,000,115 | ---- | M] () -- C:\Users\Alexis\AppData\Roaming\701a9035
[2010/02/08 20:57:01 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/02/08 12:12:43 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/02/08 12:12:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/02/07 21:19:06 | 052,686,030 | ---- | M] () -- C:\Users\Alexis\Desktop\Scrat In No Time For Nuts.avi
[2010/02/07 21:12:39 | 000,000,941 | ---- | M] () -- C:\Users\Alexis\Desktop\Free Video Converter.lnk
[2010/02/07 15:59:27 | 001,637,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/03 17:45:13 | 000,199,168 | ---- | M] () -- C:\Windows\System32\dbnmpntw32.dll
[2010/02/03 17:45:13 | 000,001,372 | ---- | M] () -- C:\Users\Alexis\AppData\Roaming\i5lVYMeNPf1EVNH.vbs
[2010/02/03 17:42:47 | 000,199,168 | ---- | M] () -- C:\Windows\System32\dxva232.dll
[2010/02/03 17:42:45 | 000,131,584 | ---- | M] () -- C:\Windows\System32\dwmredir32.dll
[2010/02/01 19:41:38 | 000,001,703 | ---- | M] () -- C:\Users\Alexis\Desktop\LimeWire 5.4.6.lnk
[2 C:\Users\Alexis\AppData\Roaming\*.tmp files -> C:\Users\Alexis\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/21 09:28:36 | 000,200,704 | ---- | C] () -- C:\Windows\System32\DevicePairing32.dll
[2010/02/21 00:14:50 | 044,932,083 | ---- | C] () -- C:\Users\Alexis\Desktop\La Plagne 2010.wmv
[2010/02/20 15:01:05 | 000,200,704 | ---- | C] () -- C:\Windows\System32\avicap3232.dll
[2010/02/20 00:51:48 | 000,000,817 | ---- | C] () -- C:\Windows\System32\547002162
[2010/02/20 00:51:15 | 000,203,776 | -HS- | C] () -- C:\Windows\System32\unrar.exe
[2010/02/10 19:34:17 | 000,001,992 | ---- | C] () -- C:\Users\Alexis\Desktop\Google Chrome.lnk
[2010/02/10 19:26:43 | 000,001,727 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/02/08 20:57:01 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/02/08 12:12:43 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/02/08 12:12:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/02/07 21:17:13 | 052,686,030 | ---- | C] () -- C:\Users\Alexis\Desktop\Scrat In No Time For Nuts.avi
[2010/02/07 21:12:39 | 000,000,941 | ---- | C] () -- C:\Users\Alexis\Desktop\Free Video Converter.lnk
[2010/02/07 21:12:38 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll
[2010/02/03 17:48:29 | 000,000,115 | ---- | C] () -- C:\Users\Alexis\AppData\Roaming\701a9035
[2010/02/03 17:45:13 | 000,199,168 | ---- | C] () -- C:\Windows\System32\dbnmpntw32.dll
[2010/02/03 17:45:13 | 000,001,372 | ---- | C] () -- C:\Users\Alexis\AppData\Roaming\i5lVYMeNPf1EVNH.vbs
[2010/02/03 17:44:52 | 000,002,525 | -HS- | C] () -- C:\Users\Alexis\AppData\Roaming\0200000018b492b7757P.manifest
[2010/02/03 17:44:52 | 000,000,601 | -HS- | C] () -- C:\Users\Alexis\AppData\Roaming\0200000018b492b7757O.manifest
[2010/02/03 17:44:52 | 000,000,344 | -HS- | C] () -- C:\Users\Alexis\AppData\Roaming\0200000018b492b7757C.manifest
[2010/02/03 17:44:52 | 000,000,011 | -HS- | C] () -- C:\Users\Alexis\AppData\Roaming\0200000018b492b7757S.manifest
[2010/02/03 17:42:47 | 000,199,168 | ---- | C] () -- C:\Windows\System32\dxva232.dll
[2010/02/03 17:42:45 | 000,131,584 | ---- | C] () -- C:\Windows\System32\dwmredir32.dll
[2010/02/01 19:41:38 | 000,001,703 | ---- | C] () -- C:\Users\Alexis\Desktop\LimeWire 5.4.6.lnk
[2009/09/24 12:41:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/27 12:56:28 | 000,015,478 | ---- | C] () -- C:\Windows\snpstd3.ini
[2009/07/08 23:32:06 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/07/08 01:57:17 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2009/05/26 19:59:13 | 000,000,020 | ---- | C] () -- C:\Windows\System32\DATA.INI
[2009/04/15 19:31:50 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/02/28 20:15:32 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/09/07 15:04:44 | 000,003,784 | ---- | C] () -- C:\Users\Alexis\AppData\Roaming\wklnhst.dat
[2008/08/30 20:29:56 | 000,043,520 | ---- | C] () -- C:\Users\Alexis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/22 12:48:00 | 000,000,434 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/08/22 12:48:00 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/08/21 21:45:39 | 000,027,279 | ---- | C] () -- C:\Windows\maxlink.ini
[2008/06/26 02:57:09 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002/03/04 09:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\System32\Jpeg32.dll

========== LOP Check ==========

[2008/11/09 13:25:39 | 000,000,000 | ---D | M] -- C:\Users\Alexis\AppData\Roaming\.wyzo
[2009/06/17 20:48:09 | 000,000,000 | ---D | M] -- C:\Users\Alexis\AppData\Roaming\2K Sports
[2009/04/15 19:40:19 | 000,000,000 | ---D | M] -- C:\Users\Alexis\AppData\Roaming\DAEMON Tools
[2009/10/31 14:52:00 | 000,000,000 | ---D | M] -- C:\Users\Alexis\AppData\Roaming\DAEMON Tools Lite
[2009/04/15 19:40:19 | 000,000,000 | ---D | M] -- C:\Users\Alexis\AppData\Roaming\DAEMON Tools Pro
[2010/02/07 21:12:55 | 000,000,000 | ---D | M] -- C:\Users\Alexis\AppData\Roaming\FreeVideoConverter
[2009/09/02 22:51:13 | 000,000,000 | ---D | M] -- C:\Users\Alexis\AppData\Roaming\gtk-2.0
[2010/02/01 21:19:04 | 000,000,000 | ---D | M] -- C:\Users\Alexis\AppData\Roaming\LimeWire
[2009/07/01 02:05:57 | 000,000,000 | ---D | M] -- C:\Users\Alexis\AppData\Roaming\play2p
[2010/02/08 21:07:10 | 000,000,000 | ---D | M] -- C:\Users\Alexis\AppData\Roaming\Sony
[2010/02/20 00:57:13 | 000,000,000 | -HSD | M] -- C:\Users\Alexis\AppData\Roaming\SystemProc
[2008/09/07 15:04:50 | 000,000,000 | ---D | M] -- C:\Users\Alexis\AppData\Roaming\Template
[2009/12/25 22:18:16 | 000,000,000 | ---D | M] -- C:\Users\Alexis\AppData\Roaming\uTorrent
[2009/07/26 18:11:23 | 000,000,000 | ---D | M] -- C:\Users\Alexis\AppData\Roaming\Vso
[2008/08/25 17:20:13 | 000,000,000 | ---D | M] -- C:\Users\Lu\AppData\Roaming\Template
[2010/01/08 16:26:30 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Icones
[2010/02/21 13:54:02 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\LimeWire
[2009/08/01 17:58:05 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\ScanSoft
[2010/02/20 15:00:52 | 000,000,000 | -HSD | M] -- C:\Users\Mary\AppData\Roaming\SystemProc
[2009/06/23 20:41:02 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\Template
[2009/04/15 19:39:52 | 000,000,000 | ---D | M] -- C:\Users\maryline\AppData\Roaming\DAEMON Tools
[2009/04/15 19:39:52 | 000,000,000 | ---D | M] -- C:\Users\maryline\AppData\Roaming\DAEMON Tools Lite
[2009/04/15 19:39:52 | 000,000,000 | ---D | M] -- C:\Users\maryline\AppData\Roaming\DAEMON Tools Pro
[2009/01/06 19:40:40 | 000,000,000 | ---D | M] -- C:\Users\maryline\AppData\Roaming\gtk-2.0
[2009/04/15 16:25:04 | 000,000,000 | ---D | M] -- C:\Users\maryline\AppData\Roaming\LimeWire
[2008/08/25 13:05:49 | 000,000,000 | ---D | M] -- C:\Users\maryline\AppData\Roaming\Packard Bell
[2008/09/30 15:15:58 | 000,000,000 | ---D | M] -- C:\Users\maryline\AppData\Roaming\ScanSoft
[2009/02/04 14:55:52 | 000,000,000 | ---D | M] -- C:\Users\maryline\AppData\Roaming\Sony
[2008/08/22 12:50:13 | 000,000,000 | ---D | M] -- C:\Users\maryline\AppData\Roaming\Template
[2008/11/18 21:35:27 | 000,000,000 | ---D | M] -- C:\Users\maryline\AppData\Roaming\VSO
[2010/02/21 16:30:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\Extension de garantie-maryline.job
[2010/02/21 03:05:08 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008/08/22 09:09:57 | 002,699,468 | ---- | M] (A.I.SOFT,INC.) -- C:\240-USBVISTA-32A-A-FR.EXE


< MD5 for: AGP440.SYS >
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRD32.SYS >
[2007/10/31 10:23:22 | 000,124,960 | ---- | M] (NVIDIA Corporation) MD5=B8D6145D3EB05E9F81BADE9B7AFC2C80 -- C:\drivers\MOBO\CHIPSET\IDE\WinVista\sataraid\nvrd32.sys
[2007/10/31 10:23:22 | 000,124,960 | ---- | M] (NVIDIA Corporation) MD5=B8D6145D3EB05E9F81BADE9B7AFC2C80 -- C:\Windows\System32\drivers\nvrd32.sys
[2007/10/31 10:23:22 | 000,124,960 | ---- | M] (NVIDIA Corporation) MD5=B8D6145D3EB05E9F81BADE9B7AFC2C80 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_04bc6797\nvrd32.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2007/10/31 10:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\drivers\MOBO\CHIPSET\IDE\WinVista\sata_ide\nvstor32.sys
[2007/10/31 10:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\drivers\nvstor32.sys
[2007/10/31 10:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_a4ed2674\nvstor32.sys
[2007/10/31 10:23:22 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=9D2BD672C0461185D6EA1AE8BD3AE3F4 -- C:\drivers\MOBO\CHIPSET\IDE\WinVista\sataraid\nvstor32.sys
[2007/10/31 10:23:22 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=9D2BD672C0461185D6EA1AE8BD3AE3F4 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_04bc6797\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >

Et le Extras.Txt.

OTL Extras logfile created on: 21/02/2010 16:37:46 - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Alexis\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 453,76 Gb Total Space | 216,51 Gb Free Space | 47,71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-MARYLINE
Current User Name: Alexis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-799158351-1554483609-395032453-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:UPnP System
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:UPnP System

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:UPnP System
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:UPnP System

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1271ED05-4D5D-42D0-944B-99D90BA28414}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{409FDD27-62D3-4D06-84F7-26CF14DD704B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4E8CCADC-7B4F-4391-91EC-4102FAD476FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{50A8E358-1E2B-4C27-BF77-0539ABD919B0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88C57B9D-9796-498D-8D5E-5B460E307B3B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{97955631-DF98-4D8E-BB7F-63785704832F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9AFB1837-4E03-4B8D-9EC4-CE9E4DE1A6AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AD3585A1-3667-492B-A865-7498C09DB4E7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DA4D3E9E-62EA-4EBF-8672-BCB155872F9A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E781002E-556B-45FE-BF6E-EE7B9A93F2DC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F5B44F05-F306-49B7-BB46-2D7CF1539BE2}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E70AEA7-E2B3-458F-839B-FDB914B7A6BA}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{24776DC4-C3B9-4554-9D7A-A775875ACE5F}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{276B7532-C8FA-4197-822E-702B03E71453}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{2E066F94-4B26-4144-B359-3BE12D298159}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37134427-69D0-4126-9E74-05B931CA6603}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{3E2645D2-6E42-4277-A17D-B4BDD8A65EE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3F47FA52-90F6-4F84-AC00-10C7BEEF0E7E}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4E80F2B6-8479-443E-969F-674C2909CC86}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4F82F784-3474-43BF-8B86-A8C7379208BC}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{623FB93C-DB93-43B0-A843-412882CC8D5B}" = protocol=6 | dir=in | app=c:\program files\activision\prototype\prototypef.exe |
"{73E50D0C-2F0F-4B68-852D-847AACED86E2}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{73FC5E21-2710-484B-ADB2-DA2E09DEAE94}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CA424F5-0523-4589-81C8-82BFFCEA72DA}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{8EC4E3DC-370A-4945-BA4A-0E2197E9EF5A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A6334BC4-0225-44BE-97B3-FFC61C9F3316}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AFE12B62-0EEF-4A21-8774-81C4E7D5D3C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1EC55B5-E206-4BE8-986A-5093A5B49534}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B39EA186-9051-43FB-8E68-B990B7CFE088}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B6C363D8-B1D0-4BEA-A32D-339E0DEC4A56}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CAD3760C-8F61-47D8-B2C8-0471AFA4E23A}" = protocol=6 | dir=out | app=system |
"{CC3924A6-ECE9-41FD-A227-D012AFE540C6}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{CC7153F2-9F6A-415C-9D71-1D1D2B53A648}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E49CF73B-3977-48FE-B0B1-1E799D4054CC}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{E6D62F45-0F9D-47C5-9BAF-942D9F723FEB}" = protocol=17 | dir=in | app=c:\program files\activision\prototype\prototypef.exe |
"{E815F9E7-04AD-4D42-9FC7-E70048DA1307}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E8752084-375A-48E8-B9FA-AA083339B734}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0F9E57C-E431-4724-A44A-3A8367596982}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FDD6C8C5-02FC-4DFB-BDA7-84DEE5204A49}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"TCP Query User{10194515-CDA2-49EB-B345-0DA53D2B5161}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{52B85F71-EDFC-429E-B041-11572282A9BE}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{56EDABF3-DEFC-4400-865C-E286DB3B676F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{91368F80-C1AB-4898-941F-52DB4CDCC156}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{A0976076-04B3-4219-AB06-C00B57E20072}C:\program files\play2p\play2p.exe" = protocol=6 | dir=in | app=c:\program files\play2p\play2p.exe |
"TCP Query User{E8C6250B-9B30-4BB4-9031-5F1EB0A4307F}C:\program files\hercules\deluxe optical glass\station2.exe" = protocol=6 | dir=in | app=c:\program files\hercules\deluxe optical glass\station2.exe |
"UDP Query User{2CAA09BD-C783-402A-B41B-68151A481A3B}C:\program files\play2p\play2p.exe" = protocol=17 | dir=in | app=c:\program files\play2p\play2p.exe |
"UDP Query User{303B10DA-6673-4BE6-9702-458B72BFAC6C}C:\program files\hercules\deluxe optical glass\station2.exe" = protocol=17 | dir=in | app=c:\program files\hercules\deluxe optical glass\station2.exe |
"UDP Query User{63841CE5-38B6-476C-B9C6-594D576309BF}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{AF41A866-0463-418F-B784-E3E7A698B11A}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{D5905A07-A3C2-4D36-80F5-50107C57EC83}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{F6649DB6-FEF8-419F-A963-5D784CAF5193}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0214A441-A4AB-43A8-8DEF-2F73C5364673}" = Microsoft Works
"{0ED40D2A-7131-4FE7-941E-5C329336F712}" = HDReg France
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.0.1.11
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{56298F72-C2CC-4FE5-ACEA-30C7A866BF4C}" = Hercules Deluxe Optical Glass
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980B9958-1239-4FC5-8C88-AC5650321036}" = Nero 8 Essentials
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9F5DF7FC-3AF2-4502-9084-F62FC00A5A3F}" = Microsoft Xbox 360 Accessories 1.1
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.3 - Français
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AdobeReader" = Adobe Reader 8
"AUDIO_REALTEK" = Realtek HD Audio V6.0.1.5567
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"Free Video Converter_is1" = Free Video Converter V 2.5
"Google Chrome" = Google Chrome
"Google Updater" = Outil de mise à jour Google
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImageWriter" = Packard Bell ImageWriter
"Infocentre" = Infocentre Rev. 2.0
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"LCDTest" = Packard Bell LCD Test
"LimeWire" = LimeWire 5.4.6
"Messenger Plus! Live" = Messenger Plus! Live
"METABOLI" = Metaboli
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Nero8" = Nero 8 Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"OFF2k7_FR" = Microsoft® Office Trial 2007
"Picasa2" = Picasa 2
"PSP Video 9" = PSP Video 9 1.62
"SETUPMYPC_FR" = SetUp My PC
"SKYPE" = Skype 3.6.2.248
"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 4.12.2.4
"TVTUNER" = TVTUNER
"Updator" = Packard Bell Updator
"VIDEO_NVIDIA" = Video NVIDIA v174.74
"VLC media player" = VLC media player 1.0.0
"WinGimp-2.0_is1" = Gimp 2.6.2
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"works9se" = Microsoft Works 9 SE
"X10Hardware" = X10 Hardware(TM)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-799158351-1554483609-395032453-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08/02/2010 16:01:46 | Computer Name = PC-de-maryline | Source = WinMgmt | ID = 10
Description =

Error - 08/02/2010 16:05:34 | Computer Name = PC-de-maryline | Source = VSS | ID = 8193
Description =

Error - 08/02/2010 16:06:50 | Computer Name = PC-de-maryline | Source = VSS | ID = 8193
Description =

Error - 08/02/2010 16:08:46 | Computer Name = PC-de-maryline | Source = VSS | ID = 8193
Description =

Error - 08/02/2010 16:09:17 | Computer Name = PC-de-maryline | Source = Application Error | ID = 1000
Description = Application défaillante explorer.exe, version 6.0.6002.18005, horodatage
0x49e01da5, module défaillant dwmredir32.dll, version 0.0.0.0, horodatage 0x4b608441,
code d’exception 0xc0000005, décalage d’erreur 0x0000200d, ID du processus 0x1014,
heure de début de l’application 0x01caa8fa97507f0a.

Error - 08/02/2010 16:09:38 | Computer Name = PC-de-maryline | Source = VSS | ID = 8193
Description =

Error - 09/02/2010 14:55:47 | Computer Name = PC-de-maryline | Source = WinMgmt | ID = 10
Description =

Error - 09/02/2010 15:35:11 | Computer Name = PC-de-maryline | Source = VSS | ID = 8193
Description =

Error - 10/02/2010 04:49:47 | Computer Name = PC-de-maryline | Source = WinMgmt | ID = 10
Description =

Error - 10/02/2010 10:30:06 | Computer Name = PC-de-maryline | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 05/09/2009 09:44:57 | Computer Name = PC-de-maryline | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Processus : DefaultDomain Nom de l’objet : Media
Center Guide

Error - 07/01/2010 03:28:40 | Computer Name = PC-de-maryline | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Processus : DefaultDomain Nom de l’objet : Media
Center Guide

[ System Events ]
Error - 11/02/2010 11:55:56 | Computer Name = PC-de-maryline | Source = Service Control Manager | ID = 7026
Description =

Error - 12/02/2010 07:25:49 | Computer Name = PC-de-maryline | Source = Service Control Manager | ID = 7026
Description =

Error - 12/02/2010 07:28:59 | Computer Name = PC-de-maryline | Source = Service Control Manager | ID = 7026
Description =

Error - 12/02/2010 13:42:47 | Computer Name = PC-de-maryline | Source = Service Control Manager | ID = 7026
Description =

Error - 19/02/2010 19:52:28 | Computer Name = PC-de-maryline | Source = Service Control Manager | ID = 7026
Description =

Error - 19/02/2010 19:58:29 | Computer Name = PC-de-maryline | Source = Service Control Manager | ID = 7026
Description =

Error - 20/02/2010 06:05:20 | Computer Name = PC-de-maryline | Source = Service Control Manager | ID = 7026
Description =

Error - 20/02/2010 14:17:03 | Computer Name = PC-de-maryline | Source = Service Control Manager | ID = 7026
Description =

Error - 20/02/2010 14:21:33 | Computer Name = PC-de-maryline | Source = Service Control Manager | ID = 7026
Description =

Error - 21/02/2010 04:23:45 | Computer Name = PC-de-maryline | Source = Service Control Manager | ID = 7026
Description =


< End of report >
Avatar de l'utilisateur
Sushis
Sous Expert(e)
Sous Expert(e)
 
Messages: 94
Inscription: 05 Juil 2009 12:37
 
Haut

Re: Pb virus rookit

Message le 21 Fév 2010 18:50

Salut,

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Output" (en haut à droite) la case "minimal Output" soit cochée.

* Dans la section "Extrat registry" >> coches la case "none"

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Custom scan/fixes"

:OTL
O2 - BHO: (no name) - {00288E3E-AE47-440F-A41C-DAD8B6A775Fb} - C:\Windows\System32\dxva232.dll ()
O2 - BHO: (no name) - {007BD817-4D31-4D9C-8039-83EBF65E93Af} - C:\Windows\System32\dxva232.dll ()
O2 - BHO: (no name) - {00F7B02E-4D31-4D9C-8039-83EBF65E93Af} - C:\Windows\System32\dxva232.dll ()
O2 - BHO: (no name) - {0288E3E4-AE47-440F-A41C-DAD8B6A775Fb} - C:\Windows\System32\dxva232.dll ()
O2 - BHO: (no name) - {03DEC0B8-4D31-4D9C-8039-83EBF65E93Af} - C:\Windows\System32\dxva232.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-799158351-1554483609-395032453-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-799158351-1554483609-395032453-1001\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKU\S-1-5-21-799158351-1554483609-395032453-1001..\Run: [RTHDBPL] C:\Users\Alexis\AppData\Roaming\SystemProc\lsass.exe File not found
O4 - HKU\S-1-5-21-799158351-1554483609-395032453-1001..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O20 - AppInit_DLLs: (C:\Windows\System32\dwmredir32.dll) - C:\Windows\System32\dwmredir32.dll ()


:Files
C:\Windows\System32\dwmredir32.dll
C:\Users\Alexis\AppData\Roaming\SystemProc
C:\Windows\System32\SysWoW32
C:\Windows\System32\313061461
C:\Windows\System32\unrar.exe
C:\Windows\System32\dbnmpntw32.dll
C:\Users\Alexis\AppData\Roaming\i5lVYMeNPf1EVNH.vbs
C:\Windows\System32\dxva232.dll
C:\Windows\System32\dwmredir32.dll
C:\Windows\System32\avicap3232.dll
C:\Users\Mary\AppData\Roaming\SystemProc

:Commands
[emptytemp]


* Cliques sur l'icône "Run Fix" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport va s'ouvrir "OTL.Txt"
* Copie et colle le rapport dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

ensuite...

Tu as une infection qui se propage par support amovible ( disque dure externe, clef USB, carte photo, lecteur MP3 bref tous ce qui se branche à ton pc et qui peut stoker des fichiers).Si on désinfecte ton PC sans désinfecter ces périphériques, à la prochaine utilisation, ton pc sera réinfecté :oops:

Donc, branche tous les périphériques de ce genre que tu possède ( en les allumant si nécessaire ).

ensuite...

>> Télécharge USBFix sur ton bureau,et installe le en faisant un double-clic dessus...cela créera un raccourcie de lancement du tool.

>> Redémarre en mode sans échec...

>> Une fois en mode sans échec,fait un clic-droit et "exécuter en tant qu'administrateur" sur le raccourci créer par USBFix durant l'installation afin de le lancer.

>> Fait le choix N°2 (suppression),cela entrainera un redémarrage de ton PC,laisse travailler USBFix et poste le rapport qui sera générer en fin de scan.

ensuite...

>télécharges >> Malwarebytes <<
>Installes le et mets le à jours avant le scan
> choisis "exécuter un examen rapide" et à la fin du scan , coches tous les éléments trouvés,et cliques sur supprimer la sélection.
> et ensuite postes moi le rapport stp.

@++
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 
Haut

Re: Pb virus rookit

Message le 21 Fév 2010 19:30

Le rapport OTL

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00288E3E-AE47-440F-A41C-DAD8B6A775Fb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00288E3E-AE47-440F-A41C-DAD8B6A775Fb}\ not found.
File C:\Windows\System32\dxva232.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{007BD817-4D31-4D9C-8039-83EBF65E93Af}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{007BD817-4D31-4D9C-8039-83EBF65E93Af}\ not found.
File C:\Windows\System32\dxva232.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00F7B02E-4D31-4D9C-8039-83EBF65E93Af}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00F7B02E-4D31-4D9C-8039-83EBF65E93Af}\ not found.
File C:\Windows\System32\dxva232.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0288E3E4-AE47-440F-A41C-DAD8B6A775Fb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0288E3E4-AE47-440F-A41C-DAD8B6A775Fb}\ not found.
File C:\Windows\System32\dxva232.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03DEC0B8-4D31-4D9C-8039-83EBF65E93Af}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03DEC0B8-4D31-4D9C-8039-83EBF65E93Af}\ not found.
File C:\Windows\System32\dxva232.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-799158351-1554483609-395032453-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-799158351-1554483609-395032453-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_USERS\S-1-5-21-799158351-1554483609-395032453-1001\Software\Microsoft\Windows\CurrentVersion\Run\\RTHDBPL not found.
Registry value HKEY_USERS\S-1-5-21-799158351-1554483609-395032453-1001\Software\Microsoft\Windows\CurrentVersion\Run\\swg not found.
File C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\Windows\System32\dwmredir32.dll deleted successfully.
C:\Windows\System32\dwmredir32.dll moved successfully.
========== FILES ==========
C:\Windows\System32\dwmredir32.dll moved successfully.
File\Folder C:\Users\Alexis\AppData\Roaming\SystemProc not found.
C:\Windows\System32\SysWoW32 folder moved successfully.
C:\Windows\System32\313061461 folder moved successfully.
C:\Windows\System32\unrar.exe moved successfully.
File\Folder C:\Windows\System32\dbnmpntw32.dll not found.
File\Folder C:\Users\Alexis\AppData\Roaming\i5lVYMeNPf1EVNH.vbs not found.
File\Folder C:\Windows\System32\dxva232.dll not found.
C:\Windows\System32\dwmredir32.dll moved successfully.
File\Folder C:\Windows\System32\avicap3232.dll not found.
File\Folder C:\Users\Mary\AppData\Roaming\SystemProc not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alexis
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6319262 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Lu
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Mary
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: maryline
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes

User: Public

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: TEMP.PC-de-maryline.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6,00 mb


OTL by OldTimer - Version 3.1.30.1 log created on 02212010_192711

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Avatar de l'utilisateur
Sushis
Sous Expert(e)
Sous Expert(e)
 
Messages: 94
Inscription: 05 Juil 2009 12:37
 
Haut

Re: Pb virus rookit

Message le 21 Fév 2010 19:47

Rapport USB Fix :

############################## | UsbFix V6.097 |

User : Alexis (Administrateurs) # PC-DE-MARYLINE
Update on 20/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 19:41:48 | 21/02/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 453,76 Go (217,53 Go free) [HDD] # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
K:\ -> Disque CD-ROM
L:\ -> Disque amovible # 7,46 Go (1,97 Go free) [ALEX] # FAT32
M:\ -> Disque amovible # 58,54 Mo (8,81 Mo free) [PHONE] # FAT
N:\ -> Disque amovible # 1,88 Go (531,62 Mo free) [PHONE CARD] # FAT

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Windows\system32\runonce.exe
C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## | Elements infectieux |

Supprimé ! C:\$Recycle.Bin\S-1-5-18
Supprimé ! C:\$Recycle.Bin\S-1-5-20
Supprimé ! C:\$Recycle.Bin\S-1-5-21-697463152-3223666630-3488797994-500
Supprimé ! C:\$Recycle.Bin\S-1-5-21-799158351-1554483609-395032453-1000
Supprimé ! C:\$Recycle.Bin\S-1-5-21-799158351-1554483609-395032453-1001
Supprimé ! C:\$Recycle.Bin\S-1-5-21-799158351-1554483609-395032453-1002
Supprimé ! C:\$Recycle.Bin\S-1-5-21-799158351-1554483609-395032453-1006
Supprimé ! M:\SYSTEM
Supprimé ! N:\SYSTEM

################## | Registre |


################## | Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\G\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\K\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{bf7642e3-da89-11dd-a321-0040caa3c388}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{c8d85fe8-53fd-11de-ae65-0040caa3c388}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{df6191ac-29eb-11de-b182-0040caa3c388}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{f3df1527-e199-11dd-8aad-0040caa3c388}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[22/08/2008 09:09|--a------|2699468] C:\240-USBVISTA-32A-A-FR.EXE
[01/11/2009 16:43|--a------|425024] C:\AnalysisLog.sr0
[18/09/2006 22:43|--a------|24] C:\autoexec.bat
[11/04/2009 07:36|-rahs----|333257] C:\bootmgr
[26/06/2008 02:57|-ra-s----|8192] C:\BOOTSECT.BAK
[18/09/2006 22:43|--a------|10] C:\config.sys
[?|?|?] C:\hiberfil.sys
[10/11/2008 20:15|-rahs----|0] C:\IO.SYS
[10/11/2008 20:15|-rahs----|0] C:\MSDOS.SYS
[?|?|?] C:\pagefile.sys
[21/02/2010 19:46|--a------|4242] C:\UsbFix.txt
[23/10/2009 14:50|--a------|755056640] L:\Anges et Demons.avi
[02/04/2008 23:27|--a------|738540544] L:\Collateral.avi
[31/12/2009 17:46|--a------|736520192] L:\Esther - OSHiWA.avi
[31/12/2009 15:25|--a------|734193664] L:\Hostel.avi
[08/12/2009 16:07|--a------|731056530] L:\Inglourious Basterds.avi
[14/07/2009 22:29|--a------|735383552] L:\Le silence des agneaux.avi
[05/06/2009 16:28|--a------|734679040] L:\Next.avi
[30/04/2009 16:34|--a------|733249536] L:\Yes Man [DVDRIP][VF].avi
[06/02/2009 17:58|-rah-----|4998] M:\default-capability.xml
[01/01/1980 00:00|-r-h-----|244] M:\customized-capability.xml
[07/08/2008 08:55|-rah-----|159] N:\CDAInfo.txt
[07/08/2008 08:55|-rah-----|0] N:\MEMSTICK.IND
[07/08/2008 08:55|-rah-----|0] N:\MSTK_PRO.IND
[25/11/2008 10:03|---h-----|248] N:\Traceability.txt
[25/11/2008 10:03|---h-----|98] N:\MemStickInfo.txt
[06/02/2009 17:58|-r-h-----|4998] N:\default-capability.xml
[13/09/2008 16:37|-r-h-----|244] N:\customized-capability.xml
[27/07/2009 17:57|---------|296] N:\WMPInfo.xml

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# L:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# M:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# N:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

################## | Upload |

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_PC-de-maryline.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.097 ! |
Avatar de l'utilisateur
Sushis
Sous Expert(e)
Sous Expert(e)
 
Messages: 94
Inscription: 05 Juil 2009 12:37
 
Haut

Re: Pb virus rookit

Message le 21 Fév 2010 19:57

et le rapport malware :

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3772
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

21/02/2010 19:55:01
mbam-log-2010-02-21 (19-54-58).txt

Type de recherche: Examen rapide
Eléments examinés: 147247
Temps écoulé: 4 minute(s), 53 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 8

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Windows\System32\dwmredir32.dll (Trojan.Tracur) -> No action taken.
C:\Users\Alexis\AppData\Roaming\B98E.tmp (Trojan.Tracur) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\BitDownload (Trojan.Swizzor) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dwmredir32.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dwmredir32.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.SearchPage) -> Bad: (http://www.iesearch.com/) Good: (http://www.Google.com/) -> No action taken.

Dossier(s) infecté(s):
C:\Program Files\BitDownload (Trojan.Swizzor) -> No action taken.
C:\Windows\System32\SysWoW32 (Worm.Archive) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D} (Trojan.Swisyn) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Trojan.Swisyn) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Trojan.Swisyn) -> No action taken.

Fichier(s) infecté(s):
C:\Windows\System32\dwmredir32.dll (Trojan.Tracur) -> No action taken.
C:\Users\Alexis\AppData\Roaming\B98E.tmp (Trojan.Tracur) -> No action taken.
C:\Users\Mary\AppData\Roaming\75FE.tmp (Trojan.Tracur) -> No action taken.
C:\Windows\System32\DevicePairing32.dll (Trojan.Tracur) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Trojan.Swisyn) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Trojan.Swisyn) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Trojan.Swisyn) -> No action taken.
C:\Users\Lu\Desktop\BitDownload Downloads.lnk (Trojan.Swizzor) -> No action taken.
Avatar de l'utilisateur
Sushis
Sous Expert(e)
Sous Expert(e)
 
Messages: 94
Inscription: 05 Juil 2009 12:37
 
Haut

Re: Pb virus rookit

Message le 21 Fév 2010 20:00

hello,

est ce que tu as bien supprimer la sélection des objets trouvés par malwarebytes comme demandé ?
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 
Haut

Re: Pb virus rookit

Message le 21 Fév 2010 20:03

si ce n'est pas le cas, refais un scan et supprimes tout :wink:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 
Haut

Re: Pb virus rookit

Message le 21 Fév 2010 20:24

Oui j'ai tout supprimé et ça m'a demandé de redémarrer pour en supprimer 2. je l'ai fait ! :wink:

Mon ordi est sauvé mtn ? :D
Avatar de l'utilisateur
Sushis
Sous Expert(e)
Sous Expert(e)
 
Messages: 94
Inscription: 05 Juil 2009 12:37
 
Haut

Re: Pb virus rookit

Message le 21 Fév 2010 20:45

hello,

vérifie que avast soit à jours et fais un scan complet de ton pc..et poste moi le rapport stp.. :wink:

@++
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 
Haut

Re: Pb virus rookit

Message le 21 Fév 2010 20:54

Okay je fais ça je poste le rapport plus tard ;). Merci beaucoup pour ton aide :D
Avatar de l'utilisateur
Sushis
Sous Expert(e)
Sous Expert(e)
 
Messages: 94
Inscription: 05 Juil 2009 12:37
 
Haut

Re: Pb virus rookit

Message le 21 Fév 2010 23:09

Aucun fichier infecté detecté ! :wink:
Avatar de l'utilisateur
Sushis
Sous Expert(e)
Sous Expert(e)
 
Messages: 94
Inscription: 05 Juil 2009 12:37
 
Haut

Re: Pb virus rookit [réglé]

Message le 22 Fév 2010 19:20

hello,

c'est cool...fait cela stp...

Il nous reste a désinstaller de manière automatique tous les outils utilisés pour la désinfection...

pour cela...


télécharge >>> ToolsCleaner <<< (de A.Rothstein & dj QUIOU)

fait un double-clique dessus pour lancer le programme

Clique sur Recherche et laisse le scan se terminer (il peut durer une dizaine de minutes au maximum).

une fois la recherche lancée, ne clique pas dans la fenêtre, cela provoquerait un léger bug du programme.

Si toutes fois la mention (ne réponds pas) apparaissait dans le titre de la fenêtre ToolsCleaner, ne t'en occupes pas et laisse quand même le programme terminer son travail

Poste moi le rapport qui apparait

Attends mon feu vert pour cliquer sur Suppression

@++
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 
Haut
Suivante
Répondre

Sujets similaires

Message [Réglé] Mauvaise performance SSD NVME
Bonjour, j'ai un WDC PC SN530 SDBPNPZ-512G, et quand je fais des benchmark où je ne comprends rien, ils m'indiquent dès résultat pas terrible, y a t'il moyen d'arranger ça ?https://www.userbenchmark.com/UserRun/68904129Merci de votre aide.
Réponses: 9

Message [Réglé] Mini PC pour la 4k HDR
Bonjour (et bonne année a tous ),Actuellement, j'ai mon bon vieux mini PC (I5-4210U) , fonctionnel mais hélas devenu trop limité en performance pour la 4K (j'arrive à lire des fichiers en H264 avec très peu voir pas de lags tout dépend le lecteur) et on parle même pas avec du H265 (saccadé à mort) ...
Réponses: 6

Message [Réglé] android auto
Bonjour Je possede un tel. samsung S7 . Je viens d'intaller android auto et chaque fois que je branche mon tel. sur mon vehicule , mon telephone me dit de mettre android à jour. En fouillant un peu sur le net j'ai cru voir que samsung avait arreté les mises à jour sur les S7 . Est ce vrai , sinon co ...
Réponses: 3

Message [Réglè] HELP
Bonjour a tous,j'ai voulu désinstaller les pilotes AMD high définition audio device dans le gestionnaire croyant que les pilotes realtek prendraient la place j'ai redémarré mon PC et depuis je n'ai plus de son l?icône est affublée d'une belle croix rouge (aucun haut parleur ou casque n'est branché) ...
Réponses: 7

Message Son 5.1 [Réglé]
Bonjour,J'ouvre un autre post concernant mon souci de sortie son qui est désespérément figé sur "Stéréo". Mon PC Assemblé par mes soins possède une Carte Mère Gigabyte B550M DS3H "affublée" d'une carte Graphique AMD RX6600 Pulse. Mon PC est relié de ma carte graphique à mon TV à ...
Réponses: 3

Message [Réglé] Fenêtre intempestive Powershell au démarrage
Bonjour,Je m'ajoute à la longue liste des victimes de la fenêtre pop-up bleue qui s'ouvre et qui se ferme à chaque connexion de session, et quelques fois après.J'ai passé les antimalware et ESET... mais rien à faire.Je possède un Lenovo TrigKey AZW S3 en AMD Ryzen 7 qui tourne sur W11 64bits.je vous ...
Réponses: 11

Message [Réglé] Suite de mon sujet Démarrage PC parfois difficile
Bonjour,j'avais ouvert un sujet suite au démarrage très lent de mon PC. Votre aide m'a permis d'améliorer la situation mais ce n'est pas parfait (plus de 2 minutes avant la fenêtre de saisie du code d'accès Windows).On m'a conseillé de demander une désinfection. J'ai suivi la procédure et je joins l ...
Réponses: 12

Haut

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 26 invités

Forum Informatique aide pour le matériel sous Windows, Linux, Logiciels et Jeux Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group

.: Nous contacter :: Flux RSS :: Données personnelles :.