Bonjour,
Bon pour commencer j'ai chopé un virus nommé Tr rootkit.gen et j'arrive pas à le supprimer.
Mon antivirus (avira) le detecte mais par contre n'arrive pas à le supprimer,il le met juste dans la quarantaine,alors pourriez vous m'aider s'il vous pleez!!
Il y a actuellement 185 visiteurs
Mardi 05 Novembre 2024
       |
[Réglé] virus TR rootkit.gen
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...), veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...), veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel
19 messages
• Page 1 sur 2 • 1, 2
Re: virus TR rootkit.gen
le 01 Sep 2010 19:29
Bonjour
Télécharge ComboFix <ICI>>
Pour les Utilisateurs de VISTA: Clic-droit et choisis "Exécuter en tant qu'administrateur".
Pour VISTA : pas d'installation de la console de récupération.
>> Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée.
Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir préinstallée sur votre PC avant toute suppression de nuisibles.
Elle permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.
Suis les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela est demandé, accepte le Contrat de Licence Utilisateur Final pour l'installer.
>> Une fois sur ton bureau double clique dessus pour le lancer.
Note importante : Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.
Lorsque le scan sera complet, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
>>Ne pas cliquer dans la fenêtre de Combofix durant l’analyse, ceci provoquerait le gel du programme
Utilises ceci si ta connection ne se refait pas.
>>Télécharge Winsockxpfix sur ton bureau .
si a tout hasard ta connexion internet n'est plus active après le redémarrage du pc fait cela pour la réparer...
Fait un double clic sur l'icône
de WinsockXPFix.
>>clique sur "Fix" > et si ton pc ne redémarre pas,redémarre le manuellement.
Télécharge ComboFix <ICI>>
Pour les Utilisateurs de VISTA: Clic-droit et choisis "Exécuter en tant qu'administrateur".
Pour VISTA : pas d'installation de la console de récupération.
>> Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée.
Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir préinstallée sur votre PC avant toute suppression de nuisibles.
Elle permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.
Suis les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela est demandé, accepte le Contrat de Licence Utilisateur Final pour l'installer.
>> Une fois sur ton bureau double clique dessus pour le lancer.
Note importante : Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.
Lorsque le scan sera complet, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
>>Ne pas cliquer dans la fenêtre de Combofix durant l’analyse, ceci provoquerait le gel du programme
Utilises ceci si ta connection ne se refait pas.
>>Télécharge Winsockxpfix sur ton bureau .
si a tout hasard ta connexion internet n'est plus active après le redémarrage du pc fait cela pour la réparer...
Fait un double clic sur l'icône
de WinsockXPFix.>>clique sur "Fix" > et si ton pc ne redémarre pas,redémarre le manuellement.
-
bernard53 - PC-Infopraticien
- Messages: 12778
- Inscription: 08 Déc 2009 19:51
Re: virus TR rootkit.gen
le 01 Sep 2010 20:14
zoriten a écrit:Merci d'avance!au fait j'ai une question,est-ce normal que mon pc emette des sons quand je clique sur combofix?faut il desactiver l'antivirus?
Oui il faut désactiver ton antivirus et autre logiciel de protection le temps de passage de Combofix, celui-ci te l'indique d'ailleurs.
-
bernard53 - PC-Infopraticien
- Messages: 12778
- Inscription: 08 Déc 2009 19:51
Re: virus TR rootkit.gen
le 01 Sep 2010 20:27
voici le rapport:
EDIT Skynet : balises [code] ajoutées. Merci de lire les consignes en haut du sujet.
- Code: Tout sélectionner
ComboFix 10-09-01.02 - NZR 01/09/2010 22:17:27.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3582.3048 [GMT 3:00]
Lancé depuis: c:\documents and settings\NZR\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\NZR\Application Data\avdrn.dat
c:\documents and settings\NZR\Recent\vdf_fusebundle.zip
c:\windows\system32\scrrnfr.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-08-01 au 2010-09-01 ))))))))))))))))))))))))))))))))))))
.
2010-08-20 03:57 . 2010-08-20 03:57 503808 ----a-w- c:\documents and settings\NZR\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3b9fd8a5-n\msvcp71.dll
2010-08-20 03:57 . 2010-08-20 03:57 499712 ----a-w- c:\documents and settings\NZR\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3b9fd8a5-n\jmc.dll
2010-08-20 03:57 . 2010-08-20 03:57 348160 ----a-w- c:\documents and settings\NZR\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3b9fd8a5-n\msvcr71.dll
2010-08-15 14:46 . 2010-09-01 19:21 764416 ----a-w- c:\windows\system32\drivers\laqcau.sys
2010-08-15 14:46 . 2010-09-01 19:21 585504 ----a-w- c:\windows\system32\drivers\jvmhs.sys
2010-08-06 03:57 . 2010-08-06 03:57 61440 ----a-w- c:\documents and settings\NZR\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-270f3299-n\decora-sse.dll
2010-08-06 03:57 . 2010-08-06 03:57 12800 ----a-w- c:\documents and settings\NZR\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-270f3299-n\decora-d3d.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 11:23 . 2010-06-15 12:37 -------- d-----w- c:\documents and settings\NZR\Application Data\vlc
2010-09-01 08:38 . 2010-06-15 17:58 -------- d-----w- c:\documents and settings\NZR\Application Data\dvdcss
2010-08-17 16:10 . 2010-08-17 16:10 12 ----a-w- c:\windows\system32\config\systemprofile\Application Data\bawuho.dat
2010-08-15 14:45 . 2010-08-15 14:45 16 ----a-w- c:\documents and settings\NetworkService\Application Data\bawuho.dat
2010-08-12 00:02 . 2002-09-06 19:00 80748 ----a-w- c:\windows\system32\perfc00C.dat
2010-08-12 00:02 . 2002-09-06 19:00 500900 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-30 03:57 . 2010-07-30 03:57 503808 ----a-w- c:\documents and settings\NZR\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7c33ac55-n\msvcp71.dll
2010-07-30 03:57 . 2010-07-30 03:57 499712 ----a-w- c:\documents and settings\NZR\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7c33ac55-n\jmc.dll
2010-07-30 03:57 . 2010-07-30 03:57 348160 ----a-w- c:\documents and settings\NZR\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7c33ac55-n\msvcr71.dll
2010-07-17 18:05 . 2010-07-06 06:07 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-07-07 00:00 . 2010-07-07 00:00 -------- d-----w- c:\program files\MSXML 4.0
2010-07-06 08:19 . 2010-07-06 07:34 8 ----a-w- c:\windows\system32\nvModes.dat
2010-07-06 07:47 . 2010-07-06 07:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2010-07-06 07:32 . 2010-07-06 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-07-06 06:13 . 2010-07-06 06:13 -------- d-----w- c:\documents and settings\NZR\Application Data\CyberLink
2010-07-06 06:13 . 2010-06-15 12:03 69240 ----a-w- c:\documents and settings\NZR\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-06 06:09 . 2010-07-06 06:06 -------- d-----w- c:\program files\CyberLink
2010-07-06 06:09 . 2010-07-06 06:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-06 06:06 . 2010-07-06 06:06 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-07-04 13:24 . 2010-06-15 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-30 12:32 . 2008-04-13 19:33 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-25 03:57 . 2010-06-25 03:57 61440 ----a-w- c:\documents and settings\NZR\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-31fcc850-n\decora-sse.dll
2010-06-25 03:57 . 2010-06-25 03:57 12800 ----a-w- c:\documents and settings\NZR\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-31fcc850-n\decora-d3d.dll
2010-06-24 21:29 . 2009-02-11 14:52 1861248 ----a-w- c:\windows\system32\win32k.sys
2010-06-24 12:10 . 2008-04-13 19:33 671232 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:10 . 2008-04-13 19:33 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-21 14:18 . 2009-02-11 14:52 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-04-13 19:33 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-15 12:41 . 2010-06-15 12:41 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-06-15 12:39 . 2010-06-15 12:39 0 ----a-w- c:\windows\nsreg.dat
2010-06-15 07:18 . 2010-06-15 06:21 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-15 06:19 . 2010-06-15 06:19 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-14 14:31 . 2010-06-15 06:20 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:42 . 2008-04-13 19:33 1172480 ----a-w- c:\windows\system32\msxml3.dll
.
<pre>
c:\windows\DriverPacks\3\MON\MIT\auto .exe
</pre>
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-05-25 147456]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2005-10-9 610365]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [15/06/2010 15:14 5248]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15/06/2010 15:02 135336]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [15/06/2010 12:59 686080]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [15/06/2010 15:14 160640]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - jvmhs
*Deregistered* - laqcau
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenu du dossier 'Tâches planifiées'
2010-09-01 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-21 19:18]
.
.
------- Examen supplémentaire -------
.
IE: c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\NZR\Application Data\Mozilla\Firefox\Profiles\m6xofqu3.default\
FF - prefs.js: browser.startup.homepage - http://www.google.fr
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-01 22:22
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jvmhs]
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\laqcau]
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(2260)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\Logi_MwX.Exe
c:\progra~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2010-09-01 22:23:33 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-09-01 19:23
Avant-CF: 33 035 714 560 octets libres
Après-CF: 33 766 039 552 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
- - End Of File - - FFC2EED092DF5BCC0BCF663F9964614A
EDIT Skynet : balises [code] ajoutées. Merci de lire les consignes en haut du sujet.
- zoriten
- Visiteur Confirmé
- Messages: 17
- Inscription: 31 Aoû 2010 20:33
Re: virus TR rootkit.gen
le 01 Sep 2010 20:38
ok fait ceci.
Ouvre le Menu Démarrer > Exécuter (Touche Windows+ R : en raccourci)
Dans la boîte de dialogue, copie/colle tout ce qui est en citation ci-dessous :
Puis valide
2/ Ouvre CFScript.txt (sur ton Bureau) . > copie dedans cette nouvelle citation :
Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture:
Une fenêtre bleue va apparaître et ComboFix vas de nouveau faire une analyse.
Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Ensuite ceci pour contrôle:
* Télécharge >> OTL <<sur ton bureau.
* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"
* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.
* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal " soit cochée.
* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL " Personnalisation"
* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Ouvre le Menu Démarrer > Exécuter (Touche Windows+ R : en raccourci)
Dans la boîte de dialogue, copie/colle tout ce qui est en citation ci-dessous :
fsutil file createnew "%userprofile%\bureau\CFScript.txt" 0
Puis valide
2/ Ouvre CFScript.txt (sur ton Bureau) . > copie dedans cette nouvelle citation :
KillAll::
Rootkit::
c:\windows\system32\drivers\laqcau.sys
c:\windows\system32\drivers\jvmhs.sys
RegLockDel::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jvmhs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\laqcau]
File::
c:\windows\system32\config\systemprofile\Application Data\bawuho.dat
c:\documents and settings\NetworkService\Application Data\bawuho.dat
Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture:
Une fenêtre bleue va apparaître et ComboFix vas de nouveau faire une analyse.
Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Ensuite ceci pour contrôle:
* Télécharge >> OTL <<sur ton bureau.
* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"
* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.
* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal " soit cochée.
* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL " Personnalisation"
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
vstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
-
bernard53 - PC-Infopraticien
- Messages: 12778
- Inscription: 08 Déc 2009 19:51
Re: virus TR rootkit.gen
le 01 Sep 2010 21:03
le rapport:
EDIT Skynet : balises [code] ajoutées.
- Code: Tout sélectionner
ComboFix 10-09-01.02 - NZR 01/09/2010 22:53:57.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3582.3116 [GMT 3:00]
Lancé depuis: c:\documents and settings\NZR\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\NZR\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FILE ::
"c:\documents and settings\NetworkService\Application Data\bawuho.dat"
"c:\windows\system32\config\systemprofile\Application Data\bawuho.dat"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\NetworkService\Application Data\bawuho.dat
c:\windows\system32\config\systemprofile\Application Data\bawuho.dat
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_jvmhs
-------\Legacy_laqcau
-------\Service_jvmhs
-------\Service_laqcau
((((((((((((((((((((((((((((( Fichiers créés du 2010-08-01 au 2010-09-01 ))))))))))))))))))))))))))))))))))))
.
2010-08-20 03:57 . 2010-08-20 03:57 503808 ----a-w- c:\documents and settings\NZR\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3b9fd8a5-n\msvcp71.dll
2010-08-20 03:57 . 2010-08-20 03:57 499712 ----a-w- c:\documents and settings\NZR\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3b9fd8a5-n\jmc.dll
2010-08-20 03:57 . 2010-08-20 03:57 348160 ----a-w- c:\documents and settings\NZR\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3b9fd8a5-n\msvcr71.dll
2010-08-06 03:57 . 2010-08-06 03:57 61440 ----a-w- c:\documents and settings\NZR\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-270f3299-n\decora-sse.dll
2010-08-06 03:57 . 2010-08-06 03:57 12800 ----a-w- c:\documents and settings\NZR\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-270f3299-n\decora-d3d.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 11:23 . 2010-06-15 12:37 -------- d-----w- c:\documents and settings\NZR\Application Data\vlc
2010-09-01 08:38 . 2010-06-15 17:58 -------- d-----w- c:\documents and settings\NZR\Application Data\dvdcss
2010-08-12 00:02 . 2002-09-06 19:00 80748 ----a-w- c:\windows\system32\perfc00C.dat
2010-08-12 00:02 . 2002-09-06 19:00 500900 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-30 03:57 . 2010-07-30 03:57 503808 ----a-w- c:\documents and settings\NZR\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7c33ac55-n\msvcp71.dll
2010-07-30 03:57 . 2010-07-30 03:57 499712 ----a-w- c:\documents and settings\NZR\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7c33ac55-n\jmc.dll
2010-07-30 03:57 . 2010-07-30 03:57 348160 ----a-w- c:\documents and settings\NZR\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7c33ac55-n\msvcr71.dll
2010-07-17 18:05 . 2010-07-06 06:07 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-07-07 00:00 . 2010-07-07 00:00 -------- d-----w- c:\program files\MSXML 4.0
2010-07-06 08:19 . 2010-07-06 07:34 8 ----a-w- c:\windows\system32\nvModes.dat
2010-07-06 07:47 . 2010-07-06 07:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2010-07-06 07:32 . 2010-07-06 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-07-06 06:13 . 2010-07-06 06:13 -------- d-----w- c:\documents and settings\NZR\Application Data\CyberLink
2010-07-06 06:13 . 2010-06-15 12:03 69240 ----a-w- c:\documents and settings\NZR\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-06 06:09 . 2010-07-06 06:06 -------- d-----w- c:\program files\CyberLink
2010-07-06 06:09 . 2010-07-06 06:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-06 06:06 . 2010-07-06 06:06 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-07-04 13:24 . 2010-06-15 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-30 12:32 . 2008-04-13 19:33 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-25 03:57 . 2010-06-25 03:57 61440 ----a-w- c:\documents and settings\NZR\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-31fcc850-n\decora-sse.dll
2010-06-25 03:57 . 2010-06-25 03:57 12800 ----a-w- c:\documents and settings\NZR\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-31fcc850-n\decora-d3d.dll
2010-06-24 21:29 . 2009-02-11 14:52 1861248 ----a-w- c:\windows\system32\win32k.sys
2010-06-24 12:10 . 2008-04-13 19:33 671232 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:10 . 2008-04-13 19:33 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-21 14:18 . 2009-02-11 14:52 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-04-13 19:33 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-15 12:41 . 2010-06-15 12:41 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-06-15 12:39 . 2010-06-15 12:39 0 ----a-w- c:\windows\nsreg.dat
2010-06-15 07:18 . 2010-06-15 06:21 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-15 06:19 . 2010-06-15 06:19 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-14 14:31 . 2010-06-15 06:20 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:42 . 2008-04-13 19:33 1172480 ----a-w- c:\windows\system32\msxml3.dll
.
[code]<pre>
c:\windows\DriverPacks\3\MON\MIT\auto .exe
</pre>[/code]
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-05-25 147456]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2005-10-9 610365]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [15/06/2010 15:14 5248]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15/06/2010 15:02 135336]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [15/06/2010 12:59 686080]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [15/06/2010 15:14 160640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenu du dossier 'Tâches planifiées'
2010-09-01 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-21 19:18]
.
.
------- Examen supplémentaire -------
.
IE: c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\NZR\Application Data\Mozilla\Firefox\Profiles\m6xofqu3.default\
FF - prefs.js: browser.startup.homepage - http://www.google.fr
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-01 22:58
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(2428)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\Logi_MwX.Exe
c:\progra~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2010-09-01 22:59:29 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-09-01 19:59
ComboFix2.txt 2010-09-01 19:23
Avant-CF: 33 770 364 928 octets libres
Après-CF: 33 697 787 904 octets libres
- - End Of File - - FACC3C5BECD92DD91689341F0D9BE9F4
EDIT Skynet : balises [code] ajoutées.
- zoriten
- Visiteur Confirmé
- Messages: 17
- Inscription: 31 Aoû 2010 20:33
Re: virus TR rootkit.gen
le 01 Sep 2010 21:14
Voici lerapport OTL:
EDIT Skynet : balises [code] ajoutées.
- Code: Tout sélectionner
OTL logfile created on: 01/09/2010 23:08:04 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\NZR\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 85,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 31,40 Gb Free Space | 64,32% Space Free | Partition Type: NTFS
Drive D: | 244,14 Gb Total Space | 105,99 Gb Free Space | 43,41% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 73,52 Gb Free Space | 75,29% Space Free | Partition Type: NTFS
Drive F: | 75,13 Gb Total Space | 59,97 Gb Free Space | 79,82% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CHEF
Current User Name: NZR
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - C:\Documents and Settings\NZR\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - C:\Documents and Settings\NZR\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe (Broadcom Corporation.)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (jraid) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (Cap713x) -- C:\WINDOWS\system32\drivers\Cap713x.sys (Philips Semiconductors GmbH)
DRV - (a347bus) -- C:\WINDOWS\system32\drivers\a347bus.sys ( )
DRV - (a347scsi) -- C:\WINDOWS\System32\Drivers\a347scsi.sys ( )
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys (Logitech, Inc.)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: "www.google.fr"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/05 15:11:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/25 23:16:52 | 000,000,000 | ---D | M]
[2010/06/15 15:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NZR\Application Data\Mozilla\Extensions
[2010/09/01 06:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NZR\Application Data\Mozilla\Firefox\Profiles\m6xofqu3.default\extensions
[2010/06/29 15:54:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\NZR\Application Data\Mozilla\Firefox\Profiles\m6xofqu3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/01 06:51:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/17 19:17:04 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/06/17 19:17:04 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/06/17 19:17:04 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/06/17 19:17:04 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/06/17 19:17:04 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2010/09/01 22:57:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\NZR\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\NZR\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/15 09:22:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2010/09/01 23:06:16 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\NZR\Bureau\OTL.exe
[2010/09/01 22:55:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/09/01 22:53:09 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/09/01 22:16:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/01 21:52:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/01 21:52:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/01 21:52:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/01 21:52:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/01 21:51:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/01 21:48:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/01 21:47:17 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\NZR\Bureau\WinsockxpFix.exe
[2010/08/26 21:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/23 22:58:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/06/15 15:14:47 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2010/06/15 15:14:47 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2010/09/01 23:06:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NZR\Bureau\OTL.exe
[2010/09/01 22:57:39 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/01 22:57:33 | 000,201,151 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/09/01 22:57:32 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/09/01 22:57:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/01 22:57:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/01 22:57:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/01 22:57:20 | 3756,511,232 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/01 22:56:35 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\NZR\NTUSER.DAT
[2010/09/01 22:16:38 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2010/09/01 21:49:10 | 004,279,484 | -H-- | M] () -- C:\Documents and Settings\NZR\Local Settings\Application Data\IconCache.db
[2010/09/01 21:47:44 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\NZR\Bureau\WinsockxpFix.exe
[2010/09/01 21:45:55 | 003,830,204 | R--- | M] () -- C:\Documents and Settings\NZR\Bureau\ComboFix.exe
[2010/09/01 11:35:44 | 000,053,536 | ---- | M] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-09-01-11h35m42s-Smile ft Omar-.mp3
[2010/09/01 11:35:41 | 000,052,601 | ---- | M] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-09-01-11h35m39s-Smile ft Omar-.mp3
[2010/08/31 13:37:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/30 10:03:02 | 014,349,017 | ---- | M] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-08-30-10h02m07s-Ando sy Haingo.wmv-.asf
[2010/08/30 09:50:51 | 010,310,006 | ---- | M] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-08-30-09h50m29s-majunga_0.mpg-.mpg
[2010/08/30 09:50:28 | 002,136,417 | ---- | M] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-08-30-09h50m25s-majunga_0.mpg-.mpg
[2010/08/26 00:00:04 | 042,617,861 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\vdf_fusebundle.zip
[2010/08/25 20:32:08 | 000,425,908 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Photo 002(2).jpg
[2010/08/25 20:32:00 | 000,425,908 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Photo 002.jpg
[2010/08/23 14:56:43 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/08/21 20:33:21 | 006,367,051 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Shakira - Gypsy.mp3
[2010/08/21 15:46:29 | 003,772,125 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Lady Antebellum - Need you now.mp3
[2010/08/20 20:06:20 | 004,233,509 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\55 Aha - Crying in the rain.mp3
[2010/08/17 22:11:55 | 004,575,527 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Sting & Cheb Mami - Desert Rose.mp3
[2010/08/15 23:24:18 | 019,662,976 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Derrick Laro And Trinity - Don't Stop Till You Get Enough ( 12 Inch Extended Version ).mp3
[2010/08/15 22:53:39 | 005,218,848 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\richard cheese - Beat It.mp3
[2010/08/15 22:26:45 | 009,002,400 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\06 - OMC - How Bizarre.mp3
[2010/08/14 11:30:24 | 005,452,321 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Hot_Chocolate_-_11_-_You_Sexy_Thing.mp3
[2010/08/13 00:22:02 | 002,990,242 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\You are everything - Diana Ross & Marvin Gaye.mp3
[2010/08/13 00:02:09 | 004,090,861 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\7 - Roberta Flack & Donny Hathaway - You've Got A Friend.mp3
[2010/08/12 03:02:29 | 001,050,372 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 03:02:29 | 000,500,900 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/08/12 03:02:29 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 03:02:29 | 000,080,748 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/08/12 03:02:29 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/11 21:17:46 | 005,247,272 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Carlos_Santana_-_Maria_Maria.mp3
[2010/08/11 03:17:36 | 000,278,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/11 03:01:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/09 22:35:45 | 005,908,480 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\08-canardo-petit_enfant_soldat.mp3
[2010/08/09 22:13:09 | 005,782,088 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\La Fouine_Green_Canardo_MLC - Nes Pour Briller.mp3
[2010/08/07 21:44:28 | 005,953,788 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\14-canardo-christelle.mp3
[2010/08/07 21:24:14 | 006,434,166 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Tracy Chapman-GiveMeOneReason.mp3
[2010/08/07 17:44:13 | 003,948,164 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Michael Jackson feat. Stevie Wonder - Just Good Friends.mp3
[2010/08/07 17:05:29 | 003,172,030 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Will Smith - Welcome to Miami.mp3
[2010/08/07 11:39:24 | 003,868,164 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Brian Mcknight - Crazy Love.mp3
[2010/08/05 21:40:43 | 004,562,638 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\68000.06_bryan_adams-_sting-_rod_steward_-_all_for_love.mp3
[2010/08/03 09:19:56 | 000,229,875 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\msclpe221002.rtf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2010/09/01 22:16:38 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2010/09/01 22:16:37 | 000,263,488 | RHS- | C] () -- C:\cmldr
[2010/09/01 21:52:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/01 21:52:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/01 21:52:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/01 21:52:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/01 21:52:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/01 21:44:40 | 003,830,204 | R--- | C] () -- C:\Documents and Settings\NZR\Bureau\ComboFix.exe
[2010/09/01 11:35:44 | 000,053,536 | ---- | C] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-09-01-11h35m42s-Smile ft Omar-.mp3
[2010/09/01 11:35:41 | 000,052,601 | ---- | C] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-09-01-11h35m39s-Smile ft Omar-.mp3
[2010/08/30 10:02:37 | 014,349,017 | ---- | C] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-08-30-10h02m07s-Ando sy Haingo.wmv-.asf
[2010/08/30 09:50:50 | 010,310,006 | ---- | C] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-08-30-09h50m29s-majunga_0.mpg-.mpg
[2010/08/30 09:50:28 | 002,136,417 | ---- | C] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-08-30-09h50m25s-majunga_0.mpg-.mpg
[2010/08/25 20:32:00 | 000,425,908 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Photo 002(2).jpg
[2010/08/25 20:31:55 | 000,425,908 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Photo 002.jpg
[2010/08/24 21:33:04 | 042,617,861 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\vdf_fusebundle.zip
[2010/08/21 20:28:25 | 006,367,051 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Shakira - Gypsy.mp3
[2010/08/21 15:36:42 | 003,772,125 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Lady Antebellum - Need you now.mp3
[2010/08/20 20:03:18 | 004,233,509 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\55 Aha - Crying in the rain.mp3
[2010/08/17 22:01:35 | 004,575,527 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Sting & Cheb Mami - Desert Rose.mp3
[2010/08/15 23:08:59 | 019,662,976 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Derrick Laro And Trinity - Don't Stop Till You Get Enough ( 12 Inch Extended Version ).mp3
[2010/08/15 22:49:54 | 005,218,848 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\richard cheese - Beat It.mp3
[2010/08/15 22:20:19 | 009,002,400 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\06 - OMC - How Bizarre.mp3
[2010/08/14 11:26:33 | 005,452,321 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Hot_Chocolate_-_11_-_You_Sexy_Thing.mp3
[2010/08/13 00:19:59 | 002,990,242 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\You are everything - Diana Ross & Marvin Gaye.mp3
[2010/08/12 23:59:24 | 004,090,861 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\7 - Roberta Flack & Donny Hathaway - You've Got A Friend.mp3
[2010/08/11 21:14:30 | 005,247,272 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Carlos_Santana_-_Maria_Maria.mp3
[2010/08/09 22:31:55 | 005,908,480 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\08-canardo-petit_enfant_soldat.mp3
[2010/08/09 22:08:57 | 005,782,088 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\La Fouine_Green_Canardo_MLC - Nes Pour Briller.mp3
[2010/08/07 21:44:28 | 005,953,788 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\14-canardo-christelle.mp3
[2010/08/07 21:20:51 | 006,434,166 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Tracy Chapman-GiveMeOneReason.mp3
[2010/08/07 17:41:48 | 003,948,164 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Michael Jackson feat. Stevie Wonder - Just Good Friends.mp3
[2010/08/07 17:03:16 | 003,172,030 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Will Smith - Welcome to Miami.mp3
[2010/08/07 11:36:42 | 003,868,164 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Brian Mcknight - Crazy Love.mp3
[2010/08/05 21:35:54 | 004,562,638 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\68000.06_bryan_adams-_sting-_rod_steward_-_all_for_love.mp3
[2010/08/03 09:19:56 | 000,229,875 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\msclpe221002.rtf
[2010/07/06 09:08:13 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2010/06/20 19:32:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2010/06/16 09:30:35 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010/06/16 08:56:05 | 000,052,852 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/06/15 15:45:13 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/06/15 15:45:13 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/06/15 15:45:11 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/06/15 15:45:11 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/06/15 15:45:10 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/15 15:45:10 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/06/15 15:08:31 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/06/15 13:12:42 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/06/15 13:12:42 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/06/15 13:12:42 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/06/15 13:12:42 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/06/15 12:55:30 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/06/15 11:39:34 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\NZR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/07 07:43:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 07:43:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005/08/29 16:07:06 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009/02/11 17:56:55 | 017,816,432 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009/02/11 17:56:55 | 017,816,432 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 19:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008/04/13 22:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 22:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 22:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
[color=#A23BEC]< MD5 for: IASTOR.SYS >[/color]
[2008/09/12 20:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\DriverPacks\M\I4\IaStor.sys
[2007/09/30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\DriverPacks\M\I3\IASTOR.SYS
[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2008/04/13 22:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 22:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 22:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[color=#A23BEC]< MD5 for: NVATABUS.SYS >[/color]
[2006/02/26 18:21:18 | 000,089,856 | ---- | M] (NVIDIA Corporation) MD5=83F0275A21D9772B51CEF57E35AFAE61 -- C:\WINDOWS\DriverPacks\M\NV123\NVATABUS.sys
[2006/04/24 18:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\DriverPacks\M\NVTM\NVATABUS.sys
[color=#A23BEC]< MD5 for: NVGTS.SYS >[/color]
[2007/07/27 23:16:02 | 000,105,984 | ---- | M] (NVIDIA Corporation) MD5=4BC4BAAED05161E0D331627E90A10745 -- C:\WINDOWS\DriverPacks\M\NV6\nvgts.sys
[color=#A23BEC]< MD5 for: NVRD32.SYS >[/color]
[2007/07/27 23:15:56 | 000,116,736 | ---- | M] (NVIDIA Corporation) MD5=77AC69AC4F07BD9D29528B8FCC71FB49 -- C:\WINDOWS\DriverPacks\M\NV6\nvrd32.sys
[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2008/04/13 22:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 22:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 22:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[color=#A23BEC]< MD5 for: VIAMRAID.SYS >[/color]
[2008/07/10 04:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\WINDOWS\DriverPacks\M\V1\viamraid.sys
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
< End of report >
PRC - C:\Documents and Settings\NZR\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - C:\Documents and Settings\NZR\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\cabinet.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe (Broadcom Corporation.)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (jraid) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (Cap713x) -- C:\WINDOWS\system32\drivers\Cap713x.sys (Philips Semiconductors GmbH)
DRV - (a347bus) -- C:\WINDOWS\system32\drivers\a347bus.sys ( )
DRV - (a347scsi) -- C:\WINDOWS\System32\Drivers\a347scsi.sys ( )
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys (Logitech, Inc.)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: "www.google.fr"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/05 15:11:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/25 23:16:52 | 000,000,000 | ---D | M]
[2010/06/15 15:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NZR\Application Data\Mozilla\Extensions
[2010/09/01 06:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NZR\Application Data\Mozilla\Firefox\Profiles\m6xofqu3.default\extensions
[2010/06/29 15:54:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\NZR\Application Data\Mozilla\Firefox\Profiles\m6xofqu3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/01 06:51:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/17 19:17:04 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/06/17 19:17:04 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/06/17 19:17:04 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/06/17 19:17:04 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/06/17 19:17:04 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2010/09/01 22:57:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\NZR\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\NZR\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/15 09:22:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2010/09/01 23:06:16 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\NZR\Bureau\OTL.exe
[2010/09/01 22:55:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/09/01 22:53:09 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/09/01 22:16:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/01 21:52:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/01 21:52:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/01 21:52:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/01 21:52:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/01 21:51:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/01 21:48:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/01 21:47:17 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\NZR\Bureau\WinsockxpFix.exe
[2010/08/26 21:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/23 22:58:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/06/15 15:14:47 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2010/06/15 15:14:47 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2010/09/01 23:06:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NZR\Bureau\OTL.exe
[2010/09/01 22:57:39 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/01 22:57:33 | 000,201,151 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/09/01 22:57:32 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/09/01 22:57:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/01 22:57:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/01 22:57:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/01 22:57:20 | 3756,511,232 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/01 22:56:35 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\NZR\NTUSER.DAT
[2010/09/01 22:16:38 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2010/09/01 21:49:10 | 004,279,484 | -H-- | M] () -- C:\Documents and Settings\NZR\Local Settings\Application Data\IconCache.db
[2010/09/01 21:47:44 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\NZR\Bureau\WinsockxpFix.exe
[2010/09/01 21:45:55 | 003,830,204 | R--- | M] () -- C:\Documents and Settings\NZR\Bureau\ComboFix.exe
[2010/09/01 11:35:44 | 000,053,536 | ---- | M] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-09-01-11h35m42s-Smile ft Omar-.mp3
[2010/09/01 11:35:41 | 000,052,601 | ---- | M] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-09-01-11h35m39s-Smile ft Omar-.mp3
[2010/08/31 13:37:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/30 10:03:02 | 014,349,017 | ---- | M] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-08-30-10h02m07s-Ando sy Haingo.wmv-.asf
[2010/08/30 09:50:51 | 010,310,006 | ---- | M] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-08-30-09h50m29s-majunga_0.mpg-.mpg
[2010/08/30 09:50:28 | 002,136,417 | ---- | M] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-08-30-09h50m25s-majunga_0.mpg-.mpg
[2010/08/26 00:00:04 | 042,617,861 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\vdf_fusebundle.zip
[2010/08/25 20:32:08 | 000,425,908 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Photo 002(2).jpg
[2010/08/25 20:32:00 | 000,425,908 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Photo 002.jpg
[2010/08/23 14:56:43 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/08/21 20:33:21 | 006,367,051 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Shakira - Gypsy.mp3
[2010/08/21 15:46:29 | 003,772,125 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Lady Antebellum - Need you now.mp3
[2010/08/20 20:06:20 | 004,233,509 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\55 Aha - Crying in the rain.mp3
[2010/08/17 22:11:55 | 004,575,527 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Sting & Cheb Mami - Desert Rose.mp3
[2010/08/15 23:24:18 | 019,662,976 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Derrick Laro And Trinity - Don't Stop Till You Get Enough ( 12 Inch Extended Version ).mp3
[2010/08/15 22:53:39 | 005,218,848 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\richard cheese - Beat It.mp3
[2010/08/15 22:26:45 | 009,002,400 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\06 - OMC - How Bizarre.mp3
[2010/08/14 11:30:24 | 005,452,321 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Hot_Chocolate_-_11_-_You_Sexy_Thing.mp3
[2010/08/13 00:22:02 | 002,990,242 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\You are everything - Diana Ross & Marvin Gaye.mp3
[2010/08/13 00:02:09 | 004,090,861 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\7 - Roberta Flack & Donny Hathaway - You've Got A Friend.mp3
[2010/08/12 03:02:29 | 001,050,372 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 03:02:29 | 000,500,900 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/08/12 03:02:29 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 03:02:29 | 000,080,748 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/08/12 03:02:29 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/11 21:17:46 | 005,247,272 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Carlos_Santana_-_Maria_Maria.mp3
[2010/08/11 03:17:36 | 000,278,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/11 03:01:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/09 22:35:45 | 005,908,480 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\08-canardo-petit_enfant_soldat.mp3
[2010/08/09 22:13:09 | 005,782,088 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\La Fouine_Green_Canardo_MLC - Nes Pour Briller.mp3
[2010/08/07 21:44:28 | 005,953,788 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\14-canardo-christelle.mp3
[2010/08/07 21:24:14 | 006,434,166 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Tracy Chapman-GiveMeOneReason.mp3
[2010/08/07 17:44:13 | 003,948,164 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Michael Jackson feat. Stevie Wonder - Just Good Friends.mp3
[2010/08/07 17:05:29 | 003,172,030 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Will Smith - Welcome to Miami.mp3
[2010/08/07 11:39:24 | 003,868,164 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Brian Mcknight - Crazy Love.mp3
[2010/08/05 21:40:43 | 004,562,638 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\68000.06_bryan_adams-_sting-_rod_steward_-_all_for_love.mp3
[2010/08/03 09:19:56 | 000,229,875 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\msclpe221002.rtf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2010/09/01 22:16:38 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2010/09/01 22:16:37 | 000,263,488 | RHS- | C] () -- C:\cmldr
[2010/09/01 21:52:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/01 21:52:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/01 21:52:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/01 21:52:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/01 21:52:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/01 21:44:40 | 003,830,204 | R--- | C] () -- C:\Documents and Settings\NZR\Bureau\ComboFix.exe
[2010/09/01 11:35:44 | 000,053,536 | ---- | C] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-09-01-11h35m42s-Smile ft Omar-.mp3
[2010/09/01 11:35:41 | 000,052,601 | ---- | C] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-09-01-11h35m39s-Smile ft Omar-.mp3
[2010/08/30 10:02:37 | 014,349,017 | ---- | C] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-08-30-10h02m07s-Ando sy Haingo.wmv-.asf
[2010/08/30 09:50:50 | 010,310,006 | ---- | C] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-08-30-09h50m29s-majunga_0.mpg-.mpg
[2010/08/30 09:50:28 | 002,136,417 | ---- | C] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-08-30-09h50m25s-majunga_0.mpg-.mpg
[2010/08/25 20:32:00 | 000,425,908 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Photo 002(2).jpg
[2010/08/25 20:31:55 | 000,425,908 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Photo 002.jpg
[2010/08/24 21:33:04 | 042,617,861 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\vdf_fusebundle.zip
[2010/08/21 20:28:25 | 006,367,051 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Shakira - Gypsy.mp3
[2010/08/21 15:36:42 | 003,772,125 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Lady Antebellum - Need you now.mp3
[2010/08/20 20:03:18 | 004,233,509 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\55 Aha - Crying in the rain.mp3
[2010/08/17 22:01:35 | 004,575,527 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Sting & Cheb Mami - Desert Rose.mp3
[2010/08/15 23:08:59 | 019,662,976 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Derrick Laro And Trinity - Don't Stop Till You Get Enough ( 12 Inch Extended Version ).mp3
[2010/08/15 22:49:54 | 005,218,848 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\richard cheese - Beat It.mp3
[2010/08/15 22:20:19 | 009,002,400 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\06 - OMC - How Bizarre.mp3
[2010/08/14 11:26:33 | 005,452,321 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Hot_Chocolate_-_11_-_You_Sexy_Thing.mp3
[2010/08/13 00:19:59 | 002,990,242 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\You are everything - Diana Ross & Marvin Gaye.mp3
[2010/08/12 23:59:24 | 004,090,861 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\7 - Roberta Flack & Donny Hathaway - You've Got A Friend.mp3
[2010/08/11 21:14:30 | 005,247,272 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Carlos_Santana_-_Maria_Maria.mp3
[2010/08/09 22:31:55 | 005,908,480 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\08-canardo-petit_enfant_soldat.mp3
[2010/08/09 22:08:57 | 005,782,088 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\La Fouine_Green_Canardo_MLC - Nes Pour Briller.mp3
[2010/08/07 21:44:28 | 005,953,788 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\14-canardo-christelle.mp3
[2010/08/07 21:20:51 | 006,434,166 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Tracy Chapman-GiveMeOneReason.mp3
[2010/08/07 17:41:48 | 003,948,164 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Michael Jackson feat. Stevie Wonder - Just Good Friends.mp3
[2010/08/07 17:03:16 | 003,172,030 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Will Smith - Welcome to Miami.mp3
[2010/08/07 11:36:42 | 003,868,164 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Brian Mcknight - Crazy Love.mp3
[2010/08/05 21:35:54 | 004,562,638 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\68000.06_bryan_adams-_sting-_rod_steward_-_all_for_love.mp3
[2010/08/03 09:19:56 | 000,229,875 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\msclpe221002.rtf
[2010/07/06 09:08:13 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2010/06/20 19:32:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2010/06/16 09:30:35 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010/06/16 08:56:05 | 000,052,852 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/06/15 15:45:13 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/06/15 15:45:13 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/06/15 15:45:11 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/06/15 15:45:11 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/06/15 15:45:10 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/15 15:45:10 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/06/15 15:08:31 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/06/15 13:12:42 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/06/15 13:12:42 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/06/15 13:12:42 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/06/15 13:12:42 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/06/15 12:55:30 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/06/15 11:39:34 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\NZR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/07 07:43:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 07:43:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005/08/29 16:07:06 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009/02/11 17:56:55 | 017,816,432 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009/02/11 17:56:55 | 017,816,432 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 19:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008/04/13 22:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 22:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 22:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
[color=#A23BEC]< MD5 for: IASTOR.SYS >[/color]
[2008/09/12 20:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\DriverPacks\M\I4\IaStor.sys
[2007/09/30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\DriverPacks\M\I3\IASTOR.SYS
[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2008/04/13 22:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 22:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 22:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[color=#A23BEC]< MD5 for: NVATABUS.SYS >[/color]
[2006/02/26 18:21:18 | 000,089,856 | ---- | M] (NVIDIA Corporation) MD5=83F0275A21D9772B51CEF57E35AFAE61 -- C:\WINDOWS\DriverPacks\M\NV123\NVATABUS.sys
[2006/04/24 18:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\DriverPacks\M\NVTM\NVATABUS.sys
[color=#A23BEC]< MD5 for: NVGTS.SYS >[/color]
[2007/07/27 23:16:02 | 000,105,984 | ---- | M] (NVIDIA Corporation) MD5=4BC4BAAED05161E0D331627E90A10745 -- C:\WINDOWS\DriverPacks\M\NV6\nvgts.sys
[color=#A23BEC]< MD5 for: NVRD32.SYS >[/color]
[2007/07/27 23:15:56 | 000,116,736 | ---- | M] (NVIDIA Corporation) MD5=77AC69AC4F07BD9D29528B8FCC71FB49 -- C:\WINDOWS\DriverPacks\M\NV6\nvrd32.sys
[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2008/04/13 22:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 22:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 22:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[color=#A23BEC]< MD5 for: VIAMRAID.SYS >[/color]
[2008/07/10 04:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\WINDOWS\DriverPacks\M\V1\viamraid.sys
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
< End of report >
EDIT Skynet : balises [code] ajoutées.
- zoriten
- Visiteur Confirmé
- Messages: 17
- Inscription: 31 Aoû 2010 20:33
Re: virus TR rootkit.gen
le 01 Sep 2010 21:16
Le temps que je regarde ton rapport mets tes deux rapports avec les balises signalées s.t.p
OK ton Rapport OTL est bien.
As tu encore une détection faite pas antivir à part peux être le backup de Combofix?
OK ton Rapport OTL est bien.
As tu encore une détection faite pas antivir à part peux être le backup de Combofix?
-
bernard53 - PC-Infopraticien
- Messages: 12778
- Inscription: 08 Déc 2009 19:51
Re: virus TR rootkit.gen
le 01 Sep 2010 21:43
- Code: Tout sélectionner
OTL logfile created on: 01/09/2010 23:08:04 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\NZR\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 85,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 31,40 Gb Free Space | 64,32% Space Free | Partition Type: NTFS
Drive D: | 244,14 Gb Total Space | 105,99 Gb Free Space | 43,41% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 73,52 Gb Free Space | 75,29% Space Free | Partition Type: NTFS
Drive F: | 75,13 Gb Total Space | 59,97 Gb Free Space | 79,82% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CHEF
Current User Name: NZR
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - C:\Documents and Settings\NZR\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - C:\Documents and Settings\NZR\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe (Broadcom Corporation.)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (jraid) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (Cap713x) -- C:\WINDOWS\system32\drivers\Cap713x.sys (Philips Semiconductors GmbH)
DRV - (a347bus) -- C:\WINDOWS\system32\drivers\a347bus.sys ( )
DRV - (a347scsi) -- C:\WINDOWS\System32\Drivers\a347scsi.sys ( )
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys (Logitech, Inc.)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: "www.google.fr"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/05 15:11:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/25 23:16:52 | 000,000,000 | ---D | M]
[2010/06/15 15:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NZR\Application Data\Mozilla\Extensions
[2010/09/01 06:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NZR\Application Data\Mozilla\Firefox\Profiles\m6xofqu3.default\extensions
[2010/06/29 15:54:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\NZR\Application Data\Mozilla\Firefox\Profiles\m6xofqu3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/01 06:51:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/17 19:17:04 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/06/17 19:17:04 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/06/17 19:17:04 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/06/17 19:17:04 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/06/17 19:17:04 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2010/09/01 22:57:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\NZR\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\NZR\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/15 09:22:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2010/09/01 23:06:16 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\NZR\Bureau\OTL.exe
[2010/09/01 22:55:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/09/01 22:53:09 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/09/01 22:16:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/01 21:52:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/01 21:52:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/01 21:52:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/01 21:52:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/01 21:51:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/01 21:48:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/01 21:47:17 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\NZR\Bureau\WinsockxpFix.exe
[2010/08/26 21:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/23 22:58:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/06/15 15:14:47 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2010/06/15 15:14:47 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2010/09/01 23:06:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NZR\Bureau\OTL.exe
[2010/09/01 22:57:39 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/01 22:57:33 | 000,201,151 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/09/01 22:57:32 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/09/01 22:57:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/01 22:57:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/01 22:57:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/01 22:57:20 | 3756,511,232 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/01 22:56:35 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\NZR\NTUSER.DAT
[2010/09/01 22:16:38 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2010/09/01 21:49:10 | 004,279,484 | -H-- | M] () -- C:\Documents and Settings\NZR\Local Settings\Application Data\IconCache.db
[2010/09/01 21:47:44 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\NZR\Bureau\WinsockxpFix.exe
[2010/09/01 21:45:55 | 003,830,204 | R--- | M] () -- C:\Documents and Settings\NZR\Bureau\ComboFix.exe
[2010/09/01 11:35:44 | 000,053,536 | ---- | M] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-09-01-11h35m42s-Smile ft Omar-.mp3
[2010/09/01 11:35:41 | 000,052,601 | ---- | M] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-09-01-11h35m39s-Smile ft Omar-.mp3
[2010/08/31 13:37:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/30 10:03:02 | 014,349,017 | ---- | M] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-08-30-10h02m07s-Ando sy Haingo.wmv-.asf
[2010/08/30 09:50:51 | 010,310,006 | ---- | M] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-08-30-09h50m29s-majunga_0.mpg-.mpg
[2010/08/30 09:50:28 | 002,136,417 | ---- | M] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-08-30-09h50m25s-majunga_0.mpg-.mpg
[2010/08/26 00:00:04 | 042,617,861 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\vdf_fusebundle.zip
[2010/08/25 20:32:08 | 000,425,908 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Photo 002(2).jpg
[2010/08/25 20:32:00 | 000,425,908 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Photo 002.jpg
[2010/08/23 14:56:43 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/08/21 20:33:21 | 006,367,051 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Shakira - Gypsy.mp3
[2010/08/21 15:46:29 | 003,772,125 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Lady Antebellum - Need you now.mp3
[2010/08/20 20:06:20 | 004,233,509 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\55 Aha - Crying in the rain.mp3
[2010/08/17 22:11:55 | 004,575,527 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Sting & Cheb Mami - Desert Rose.mp3
[2010/08/15 23:24:18 | 019,662,976 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Derrick Laro And Trinity - Don't Stop Till You Get Enough ( 12 Inch Extended Version ).mp3
[2010/08/15 22:53:39 | 005,218,848 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\richard cheese - Beat It.mp3
[2010/08/15 22:26:45 | 009,002,400 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\06 - OMC - How Bizarre.mp3
[2010/08/14 11:30:24 | 005,452,321 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Hot_Chocolate_-_11_-_You_Sexy_Thing.mp3
[2010/08/13 00:22:02 | 002,990,242 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\You are everything - Diana Ross & Marvin Gaye.mp3
[2010/08/13 00:02:09 | 004,090,861 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\7 - Roberta Flack & Donny Hathaway - You've Got A Friend.mp3
[2010/08/12 03:02:29 | 001,050,372 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 03:02:29 | 000,500,900 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/08/12 03:02:29 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 03:02:29 | 000,080,748 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/08/12 03:02:29 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/11 21:17:46 | 005,247,272 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Carlos_Santana_-_Maria_Maria.mp3
[2010/08/11 03:17:36 | 000,278,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/11 03:01:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/09 22:35:45 | 005,908,480 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\08-canardo-petit_enfant_soldat.mp3
[2010/08/09 22:13:09 | 005,782,088 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\La Fouine_Green_Canardo_MLC - Nes Pour Briller.mp3
[2010/08/07 21:44:28 | 005,953,788 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\14-canardo-christelle.mp3
[2010/08/07 21:24:14 | 006,434,166 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Tracy Chapman-GiveMeOneReason.mp3
[2010/08/07 17:44:13 | 003,948,164 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Michael Jackson feat. Stevie Wonder - Just Good Friends.mp3
[2010/08/07 17:05:29 | 003,172,030 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Will Smith - Welcome to Miami.mp3
[2010/08/07 11:39:24 | 003,868,164 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Brian Mcknight - Crazy Love.mp3
[2010/08/05 21:40:43 | 004,562,638 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\68000.06_bryan_adams-_sting-_rod_steward_-_all_for_love.mp3
[2010/08/03 09:19:56 | 000,229,875 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\msclpe221002.rtf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2010/09/01 22:16:38 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2010/09/01 22:16:37 | 000,263,488 | RHS- | C] () -- C:\cmldr
[2010/09/01 21:52:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/01 21:52:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/01 21:52:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/01 21:52:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/01 21:52:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/01 21:44:40 | 003,830,204 | R--- | C] () -- C:\Documents and Settings\NZR\Bureau\ComboFix.exe
[2010/09/01 11:35:44 | 000,053,536 | ---- | C] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-09-01-11h35m42s-Smile ft Omar-.mp3
[2010/09/01 11:35:41 | 000,052,601 | ---- | C] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-09-01-11h35m39s-Smile ft Omar-.mp3
[2010/08/30 10:02:37 | 014,349,017 | ---- | C] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-08-30-10h02m07s-Ando sy Haingo.wmv-.asf
[2010/08/30 09:50:50 | 010,310,006 | ---- | C] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-08-30-09h50m29s-majunga_0.mpg-.mpg
[2010/08/30 09:50:28 | 002,136,417 | ---- | C] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-08-30-09h50m25s-majunga_0.mpg-.mpg
[2010/08/25 20:32:00 | 000,425,908 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Photo 002(2).jpg
[2010/08/25 20:31:55 | 000,425,908 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Photo 002.jpg
[2010/08/24 21:33:04 | 042,617,861 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\vdf_fusebundle.zip
[2010/08/21 20:28:25 | 006,367,051 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Shakira - Gypsy.mp3
[2010/08/21 15:36:42 | 003,772,125 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Lady Antebellum - Need you now.mp3
[2010/08/20 20:03:18 | 004,233,509 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\55 Aha - Crying in the rain.mp3
[2010/08/17 22:01:35 | 004,575,527 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Sting & Cheb Mami - Desert Rose.mp3
[2010/08/15 23:08:59 | 019,662,976 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Derrick Laro And Trinity - Don't Stop Till You Get Enough ( 12 Inch Extended Version ).mp3
[2010/08/15 22:49:54 | 005,218,848 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\richard cheese - Beat It.mp3
[2010/08/15 22:20:19 | 009,002,400 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\06 - OMC - How Bizarre.mp3
[2010/08/14 11:26:33 | 005,452,321 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Hot_Chocolate_-_11_-_You_Sexy_Thing.mp3
[2010/08/13 00:19:59 | 002,990,242 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\You are everything - Diana Ross & Marvin Gaye.mp3
[2010/08/12 23:59:24 | 004,090,861 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\7 - Roberta Flack & Donny Hathaway - You've Got A Friend.mp3
[2010/08/11 21:14:30 | 005,247,272 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Carlos_Santana_-_Maria_Maria.mp3
[2010/08/09 22:31:55 | 005,908,480 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\08-canardo-petit_enfant_soldat.mp3
[2010/08/09 22:08:57 | 005,782,088 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\La Fouine_Green_Canardo_MLC - Nes Pour Briller.mp3
[2010/08/07 21:44:28 | 005,953,788 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\14-canardo-christelle.mp3
[2010/08/07 21:20:51 | 006,434,166 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Tracy Chapman-GiveMeOneReason.mp3
[2010/08/07 17:41:48 | 003,948,164 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Michael Jackson feat. Stevie Wonder - Just Good Friends.mp3
[2010/08/07 17:03:16 | 003,172,030 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Will Smith - Welcome to Miami.mp3
[2010/08/07 11:36:42 | 003,868,164 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Brian Mcknight - Crazy Love.mp3
[2010/08/05 21:35:54 | 004,562,638 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\68000.06_bryan_adams-_sting-_rod_steward_-_all_for_love.mp3
[2010/08/03 09:19:56 | 000,229,875 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\msclpe221002.rtf
[2010/07/06 09:08:13 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2010/06/20 19:32:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2010/06/16 09:30:35 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010/06/16 08:56:05 | 000,052,852 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/06/15 15:45:13 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/06/15 15:45:13 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/06/15 15:45:11 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/06/15 15:45:11 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/06/15 15:45:10 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/15 15:45:10 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/06/15 15:08:31 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/06/15 13:12:42 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/06/15 13:12:42 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/06/15 13:12:42 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/06/15 13:12:42 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/06/15 12:55:30 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/06/15 11:39:34 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\NZR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/07 07:43:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 07:43:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005/08/29 16:07:06 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009/02/11 17:56:55 | 017,816,432 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009/02/11 17:56:55 | 017,816,432 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 19:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008/04/13 22:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 22:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 22:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
[color=#A23BEC]< MD5 for: IASTOR.SYS >[/color]
[2008/09/12 20:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\DriverPacks\M\I4\IaStor.sys
[2007/09/30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\DriverPacks\M\I3\IASTOR.SYS
[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2008/04/13 22:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 22:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 22:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[color=#A23BEC]< MD5 for: NVATABUS.SYS >[/color]
[2006/02/26 18:21:18 | 000,089,856 | ---- | M] (NVIDIA Corporation) MD5=83F0275A21D9772B51CEF57E35AFAE61 -- C:\WINDOWS\DriverPacks\M\NV123\NVATABUS.sys
[2006/04/24 18:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\DriverPacks\M\NVTM\NVATABUS.sys
[color=#A23BEC]< MD5 for: NVGTS.SYS >[/color]
[2007/07/27 23:16:02 | 000,105,984 | ---- | M] (NVIDIA Corporation) MD5=4BC4BAAED05161E0D331627E90A10745 -- C:\WINDOWS\DriverPacks\M\NV6\nvgts.sys
[color=#A23BEC]< MD5 for: NVRD32.SYS >[/color]
[2007/07/27 23:15:56 | 000,116,736 | ---- | M] (NVIDIA Corporation) MD5=77AC69AC4F07BD9D29528B8FCC71FB49 -- C:\WINDOWS\DriverPacks\M\NV6\nvrd32.sys
[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2008/04/13 22:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 22:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 22:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[color=#A23BEC]< MD5 for: VIAMRAID.SYS >[/color]
[2008/07/10 04:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\WINDOWS\DriverPacks\M\V1\viamraid.sys
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
< End of report >
PRC - C:\Documents and Settings\NZR\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - C:\Documents and Settings\NZR\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\cabinet.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe (Broadcom Corporation.)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (jraid) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (Cap713x) -- C:\WINDOWS\system32\drivers\Cap713x.sys (Philips Semiconductors GmbH)
DRV - (a347bus) -- C:\WINDOWS\system32\drivers\a347bus.sys ( )
DRV - (a347scsi) -- C:\WINDOWS\System32\Drivers\a347scsi.sys ( )
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys (Logitech, Inc.)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: "www.google.fr"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/05 15:11:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/25 23:16:52 | 000,000,000 | ---D | M]
[2010/06/15 15:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NZR\Application Data\Mozilla\Extensions
[2010/09/01 06:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NZR\Application Data\Mozilla\Firefox\Profiles\m6xofqu3.default\extensions
[2010/06/29 15:54:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\NZR\Application Data\Mozilla\Firefox\Profiles\m6xofqu3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/01 06:51:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/17 19:17:04 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/06/17 19:17:04 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/06/17 19:17:04 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/06/17 19:17:04 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/06/17 19:17:04 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2010/09/01 22:57:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\NZR\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\NZR\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/15 09:22:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2010/09/01 23:06:16 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\NZR\Bureau\OTL.exe
[2010/09/01 22:55:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/09/01 22:53:09 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/09/01 22:16:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/01 21:52:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/01 21:52:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/01 21:52:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/01 21:52:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/01 21:51:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/01 21:48:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/01 21:47:17 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\NZR\Bureau\WinsockxpFix.exe
[2010/08/26 21:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/23 22:58:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/06/15 15:14:47 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2010/06/15 15:14:47 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2010/09/01 23:06:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NZR\Bureau\OTL.exe
[2010/09/01 22:57:39 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/01 22:57:33 | 000,201,151 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/09/01 22:57:32 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/09/01 22:57:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/01 22:57:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/01 22:57:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/01 22:57:20 | 3756,511,232 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/01 22:56:35 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\NZR\NTUSER.DAT
[2010/09/01 22:16:38 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2010/09/01 21:49:10 | 004,279,484 | -H-- | M] () -- C:\Documents and Settings\NZR\Local Settings\Application Data\IconCache.db
[2010/09/01 21:47:44 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\NZR\Bureau\WinsockxpFix.exe
[2010/09/01 21:45:55 | 003,830,204 | R--- | M] () -- C:\Documents and Settings\NZR\Bureau\ComboFix.exe
[2010/09/01 11:35:44 | 000,053,536 | ---- | M] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-09-01-11h35m42s-Smile ft Omar-.mp3
[2010/09/01 11:35:41 | 000,052,601 | ---- | M] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-09-01-11h35m39s-Smile ft Omar-.mp3
[2010/08/31 13:37:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/30 10:03:02 | 014,349,017 | ---- | M] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-08-30-10h02m07s-Ando sy Haingo.wmv-.asf
[2010/08/30 09:50:51 | 010,310,006 | ---- | M] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-08-30-09h50m29s-majunga_0.mpg-.mpg
[2010/08/30 09:50:28 | 002,136,417 | ---- | M] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-08-30-09h50m25s-majunga_0.mpg-.mpg
[2010/08/26 00:00:04 | 042,617,861 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\vdf_fusebundle.zip
[2010/08/25 20:32:08 | 000,425,908 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Photo 002(2).jpg
[2010/08/25 20:32:00 | 000,425,908 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Photo 002.jpg
[2010/08/23 14:56:43 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/08/21 20:33:21 | 006,367,051 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Shakira - Gypsy.mp3
[2010/08/21 15:46:29 | 003,772,125 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Lady Antebellum - Need you now.mp3
[2010/08/20 20:06:20 | 004,233,509 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\55 Aha - Crying in the rain.mp3
[2010/08/17 22:11:55 | 004,575,527 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Sting & Cheb Mami - Desert Rose.mp3
[2010/08/15 23:24:18 | 019,662,976 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Derrick Laro And Trinity - Don't Stop Till You Get Enough ( 12 Inch Extended Version ).mp3
[2010/08/15 22:53:39 | 005,218,848 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\richard cheese - Beat It.mp3
[2010/08/15 22:26:45 | 009,002,400 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\06 - OMC - How Bizarre.mp3
[2010/08/14 11:30:24 | 005,452,321 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Hot_Chocolate_-_11_-_You_Sexy_Thing.mp3
[2010/08/13 00:22:02 | 002,990,242 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\You are everything - Diana Ross & Marvin Gaye.mp3
[2010/08/13 00:02:09 | 004,090,861 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\7 - Roberta Flack & Donny Hathaway - You've Got A Friend.mp3
[2010/08/12 03:02:29 | 001,050,372 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 03:02:29 | 000,500,900 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/08/12 03:02:29 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 03:02:29 | 000,080,748 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/08/12 03:02:29 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/11 21:17:46 | 005,247,272 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Carlos_Santana_-_Maria_Maria.mp3
[2010/08/11 03:17:36 | 000,278,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/11 03:01:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/09 22:35:45 | 005,908,480 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\08-canardo-petit_enfant_soldat.mp3
[2010/08/09 22:13:09 | 005,782,088 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\La Fouine_Green_Canardo_MLC - Nes Pour Briller.mp3
[2010/08/07 21:44:28 | 005,953,788 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\14-canardo-christelle.mp3
[2010/08/07 21:24:14 | 006,434,166 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Tracy Chapman-GiveMeOneReason.mp3
[2010/08/07 17:44:13 | 003,948,164 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Michael Jackson feat. Stevie Wonder - Just Good Friends.mp3
[2010/08/07 17:05:29 | 003,172,030 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Will Smith - Welcome to Miami.mp3
[2010/08/07 11:39:24 | 003,868,164 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\Brian Mcknight - Crazy Love.mp3
[2010/08/05 21:40:43 | 004,562,638 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\68000.06_bryan_adams-_sting-_rod_steward_-_all_for_love.mp3
[2010/08/03 09:19:56 | 000,229,875 | ---- | M] () -- C:\Documents and Settings\NZR\Bureau\msclpe221002.rtf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2010/09/01 22:16:38 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2010/09/01 22:16:37 | 000,263,488 | RHS- | C] () -- C:\cmldr
[2010/09/01 21:52:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/01 21:52:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/01 21:52:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/01 21:52:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/01 21:52:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/01 21:44:40 | 003,830,204 | R--- | C] () -- C:\Documents and Settings\NZR\Bureau\ComboFix.exe
[2010/09/01 11:35:44 | 000,053,536 | ---- | C] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-09-01-11h35m42s-Smile ft Omar-.mp3
[2010/09/01 11:35:41 | 000,052,601 | ---- | C] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-09-01-11h35m39s-Smile ft Omar-.mp3
[2010/08/30 10:02:37 | 014,349,017 | ---- | C] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-08-30-10h02m07s-Ando sy Haingo.wmv-.asf
[2010/08/30 09:50:50 | 010,310,006 | ---- | C] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-08-30-09h50m29s-majunga_0.mpg-.mpg
[2010/08/30 09:50:28 | 002,136,417 | ---- | C] () -- C:\Documents and Settings\NZR\Mes documents\vlc-record-2010-08-30-09h50m25s-majunga_0.mpg-.mpg
[2010/08/25 20:32:00 | 000,425,908 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Photo 002(2).jpg
[2010/08/25 20:31:55 | 000,425,908 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Photo 002.jpg
[2010/08/24 21:33:04 | 042,617,861 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\vdf_fusebundle.zip
[2010/08/21 20:28:25 | 006,367,051 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Shakira - Gypsy.mp3
[2010/08/21 15:36:42 | 003,772,125 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Lady Antebellum - Need you now.mp3
[2010/08/20 20:03:18 | 004,233,509 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\55 Aha - Crying in the rain.mp3
[2010/08/17 22:01:35 | 004,575,527 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Sting & Cheb Mami - Desert Rose.mp3
[2010/08/15 23:08:59 | 019,662,976 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Derrick Laro And Trinity - Don't Stop Till You Get Enough ( 12 Inch Extended Version ).mp3
[2010/08/15 22:49:54 | 005,218,848 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\richard cheese - Beat It.mp3
[2010/08/15 22:20:19 | 009,002,400 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\06 - OMC - How Bizarre.mp3
[2010/08/14 11:26:33 | 005,452,321 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Hot_Chocolate_-_11_-_You_Sexy_Thing.mp3
[2010/08/13 00:19:59 | 002,990,242 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\You are everything - Diana Ross & Marvin Gaye.mp3
[2010/08/12 23:59:24 | 004,090,861 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\7 - Roberta Flack & Donny Hathaway - You've Got A Friend.mp3
[2010/08/11 21:14:30 | 005,247,272 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Carlos_Santana_-_Maria_Maria.mp3
[2010/08/09 22:31:55 | 005,908,480 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\08-canardo-petit_enfant_soldat.mp3
[2010/08/09 22:08:57 | 005,782,088 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\La Fouine_Green_Canardo_MLC - Nes Pour Briller.mp3
[2010/08/07 21:44:28 | 005,953,788 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\14-canardo-christelle.mp3
[2010/08/07 21:20:51 | 006,434,166 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Tracy Chapman-GiveMeOneReason.mp3
[2010/08/07 17:41:48 | 003,948,164 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Michael Jackson feat. Stevie Wonder - Just Good Friends.mp3
[2010/08/07 17:03:16 | 003,172,030 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Will Smith - Welcome to Miami.mp3
[2010/08/07 11:36:42 | 003,868,164 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\Brian Mcknight - Crazy Love.mp3
[2010/08/05 21:35:54 | 004,562,638 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\68000.06_bryan_adams-_sting-_rod_steward_-_all_for_love.mp3
[2010/08/03 09:19:56 | 000,229,875 | ---- | C] () -- C:\Documents and Settings\NZR\Bureau\msclpe221002.rtf
[2010/07/06 09:08:13 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2010/06/20 19:32:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2010/06/16 09:30:35 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010/06/16 08:56:05 | 000,052,852 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/06/15 15:45:13 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/06/15 15:45:13 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/06/15 15:45:11 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/06/15 15:45:11 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/06/15 15:45:10 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/15 15:45:10 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/06/15 15:08:31 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/06/15 13:12:42 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/06/15 13:12:42 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/06/15 13:12:42 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/06/15 13:12:42 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/06/15 12:55:30 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/06/15 11:39:34 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\NZR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/07 07:43:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 07:43:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 07:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005/08/29 16:07:06 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009/02/11 17:56:55 | 017,816,432 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009/02/11 17:56:55 | 017,816,432 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 19:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008/04/13 22:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 22:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 22:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
[color=#A23BEC]< MD5 for: IASTOR.SYS >[/color]
[2008/09/12 20:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\DriverPacks\M\I4\IaStor.sys
[2007/09/30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\DriverPacks\M\I3\IASTOR.SYS
[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2008/04/13 22:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 22:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 22:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[color=#A23BEC]< MD5 for: NVATABUS.SYS >[/color]
[2006/02/26 18:21:18 | 000,089,856 | ---- | M] (NVIDIA Corporation) MD5=83F0275A21D9772B51CEF57E35AFAE61 -- C:\WINDOWS\DriverPacks\M\NV123\NVATABUS.sys
[2006/04/24 18:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\DriverPacks\M\NVTM\NVATABUS.sys
[color=#A23BEC]< MD5 for: NVGTS.SYS >[/color]
[2007/07/27 23:16:02 | 000,105,984 | ---- | M] (NVIDIA Corporation) MD5=4BC4BAAED05161E0D331627E90A10745 -- C:\WINDOWS\DriverPacks\M\NV6\nvgts.sys
[color=#A23BEC]< MD5 for: NVRD32.SYS >[/color]
[2007/07/27 23:15:56 | 000,116,736 | ---- | M] (NVIDIA Corporation) MD5=77AC69AC4F07BD9D29528B8FCC71FB49 -- C:\WINDOWS\DriverPacks\M\NV6\nvrd32.sys
[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2008/04/13 22:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 22:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 22:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[color=#A23BEC]< MD5 for: VIAMRAID.SYS >[/color]
[2008/07/10 04:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\WINDOWS\DriverPacks\M\V1\viamraid.sys
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
< End of report >
EDIT :
l'autre rapport:
- Code: Tout sélectionner
OTL Extras logfile created on: 01/09/2010 23:08:04 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\NZR\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 85,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 31,40 Gb Free Space | 64,32% Space Free | Partition Type: NTFS
Drive D: | 244,14 Gb Total Space | 105,99 Gb Free Space | 43,41% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 73,52 Gb Free Space | 75,29% Space Free | Partition Type: NTFS
Drive F: | 75,13 Gb Total Space | 59,97 Gb Free Space | 79,82% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CHEF
Current User Name: NZR
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0868BB9D-5EA0-40AF-A1CC-A38ED4E5BC67}" = 32 Bit HP CIO Components Installer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.4 - Français
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDVD 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer Express
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 120%
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Full)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NVIDIA Drivers" = NVIDIA Drivers
"PROPLUS" = Microsoft Office Professional Plus 2007
"Revo Uninstaller" = Revo Uninstaller 1.88
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = Archiveur WinRAR
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 23/07/2010 03:09:35 | Computer Name = CHEF | Source = PerfNet | ID = 2005
Description = Impossible de lire les données de performance du Service serveur. Aucune
donnée de performance du serveur ne sera renvoyée pour cet extrait. Le code d'erreur
renvoyé est la donnée DWORD 0, IOSB.Status est DWORD 1 et IOSB.Information est DWORD
2.
Error - 23/07/2010 03:09:35 | Computer Name = CHEF | Source = PerfNet | ID = 2006
Description = Impossible de lire les données de performance de la file d'attente
serveur du Service serveur. Aucune donnée de performance de la file d'attente serveur
ne
sera renvoyée pour cet extrait. Le code d'erreur renvoyé est la donnée DWORD 0,
IOSB.Status est DWORD 1 et IOSB.Information est DWORD 2.
Error - 26/07/2010 10:22:12 | Computer Name = CHEF | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 winword.exe, P2 12.0.4518.1014, P3
ntdll.dll, P4 5.1.2600.5755, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 26/07/2010 10:22:55 | Computer Name = CHEF | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application excel.exe, version 12.0.4518.1014, stamp 45428263,
faulting module excel.exe, version 12.0.4518.1014, stamp 45428263, debug? 0, fault
address 0x00076988.
Error - 27/07/2010 13:09:50 | Computer Name = CHEF | Source = PerfNet | ID = 2004
Description = Impossible d'ouvrir le Service serveur. Les données de performance
du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
0.
Error - 30/07/2010 12:10:31 | Computer Name = CHEF | Source = PerfNet | ID = 2004
Description = Impossible d'ouvrir le Service serveur. Les données de performance
du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
0.
Error - 01/08/2010 03:28:30 | Computer Name = CHEF | Source = Application Hang | ID = 1002
Description = Application bloquée avscan.exe, version 10.0.3.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.
Error - 03/08/2010 13:35:28 | Computer Name = CHEF | Source = PerfNet | ID = 2005
Description = Impossible de lire les données de performance du Service serveur. Aucune
donnée de performance du serveur ne sera renvoyée pour cet extrait. Le code d'erreur
renvoyé est la donnée DWORD 0, IOSB.Status est DWORD 1 et IOSB.Information est DWORD
2.
Error - 03/08/2010 13:35:28 | Computer Name = CHEF | Source = PerfNet | ID = 2006
Description = Impossible de lire les données de performance de la file d'attente
serveur du Service serveur. Aucune donnée de performance de la file d'attente serveur
ne
sera renvoyée pour cet extrait. Le code d'erreur renvoyé est la donnée DWORD 0,
IOSB.Status est DWORD 1 et IOSB.Information est DWORD 2.
Error - 08/08/2010 02:16:33 | Computer Name = CHEF | Source = Application Error | ID = 1000
Description = Application défaillante firefox.exe, version 1.9.0.3725, module défaillant
xul.dll, version 1.9.0.3725, adresse de défaillance 0x0032949a.
[ OSession Events ]
Error - 26/06/2010 20:20:44 | Computer Name = CHEF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23818
seconds with 2280 seconds of active time. This session ended with a crash.
Error - 28/06/2010 20:17:01 | Computer Name = CHEF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 51715
seconds with 7620 seconds of active time. This session ended with a crash.
Error - 26/07/2010 10:22:55 | Computer Name = CHEF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 814
seconds with 180 seconds of active time. This session ended with a crash.
Error - 11/08/2010 20:17:46 | Computer Name = CHEF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 48145
seconds with 3060 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 06/07/2010 03:04:38 | Computer Name = CHEF | Source = Cdrom | ID = 262159
Description = Le périphérique \Device\CdRom0 n'est pas encore prêt à être accédé.
Error - 06/07/2010 03:04:39 | Computer Name = CHEF | Source = Cdrom | ID = 262159
Description = Le périphérique \Device\CdRom0 n'est pas encore prêt à être accédé.
Error - 06/07/2010 03:04:40 | Computer Name = CHEF | Source = Cdrom | ID = 262159
Description = Le périphérique \Device\CdRom0 n'est pas encore prêt à être accédé.
Error - 06/07/2010 03:04:41 | Computer Name = CHEF | Source = Cdrom | ID = 262159
Description = Le périphérique \Device\CdRom0 n'est pas encore prêt à être accédé.
Error - 06/07/2010 03:04:42 | Computer Name = CHEF | Source = Cdrom | ID = 262159
Description = Le périphérique \Device\CdRom0 n'est pas encore prêt à être accédé.
Error - 06/07/2010 03:04:43 | Computer Name = CHEF | Source = Cdrom | ID = 262159
Description = Le périphérique \Device\CdRom0 n'est pas encore prêt à être accédé.
Error - 06/07/2010 03:04:44 | Computer Name = CHEF | Source = Cdrom | ID = 262159
Description = Le périphérique \Device\CdRom0 n'est pas encore prêt à être accédé.
Error - 06/07/2010 03:04:45 | Computer Name = CHEF | Source = Cdrom | ID = 262159
Description = Le périphérique \Device\CdRom0 n'est pas encore prêt à être accédé.
< End of report >
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0868BB9D-5EA0-40AF-A1CC-A38ED4E5BC67}" = 32 Bit HP CIO Components Installer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.4 - Français
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDVD 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer Express
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 120%
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Full)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NVIDIA Drivers" = NVIDIA Drivers
"PROPLUS" = Microsoft Office Professional Plus 2007
"Revo Uninstaller" = Revo Uninstaller 1.88
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = Archiveur WinRAR
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 23/07/2010 03:09:35 | Computer Name = CHEF | Source = PerfNet | ID = 2005
Description = Impossible de lire les données de performance du Service serveur. Aucune
donnée de performance du serveur ne sera renvoyée pour cet extrait. Le code d'erreur
renvoyé est la donnée DWORD 0, IOSB.Status est DWORD 1 et IOSB.Information est DWORD
2.
Error - 23/07/2010 03:09:35 | Computer Name = CHEF | Source = PerfNet | ID = 2006
Description = Impossible de lire les données de performance de la file d'attente
serveur du Service serveur. Aucune donnée de performance de la file d'attente serveur
ne
sera renvoyée pour cet extrait. Le code d'erreur renvoyé est la donnée DWORD 0,
IOSB.Status est DWORD 1 et IOSB.Information est DWORD 2.
Error - 26/07/2010 10:22:12 | Computer Name = CHEF | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 winword.exe, P2 12.0.4518.1014, P3
ntdll.dll, P4 5.1.2600.5755, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 26/07/2010 10:22:55 | Computer Name = CHEF | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application excel.exe, version 12.0.4518.1014, stamp 45428263,
faulting module excel.exe, version 12.0.4518.1014, stamp 45428263, debug? 0, fault
address 0x00076988.
Error - 27/07/2010 13:09:50 | Computer Name = CHEF | Source = PerfNet | ID = 2004
Description = Impossible d'ouvrir le Service serveur. Les données de performance
du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
0.
Error - 30/07/2010 12:10:31 | Computer Name = CHEF | Source = PerfNet | ID = 2004
Description = Impossible d'ouvrir le Service serveur. Les données de performance
du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
0.
Error - 01/08/2010 03:28:30 | Computer Name = CHEF | Source = Application Hang | ID = 1002
Description = Application bloquée avscan.exe, version 10.0.3.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.
Error - 03/08/2010 13:35:28 | Computer Name = CHEF | Source = PerfNet | ID = 2005
Description = Impossible de lire les données de performance du Service serveur. Aucune
donnée de performance du serveur ne sera renvoyée pour cet extrait. Le code d'erreur
renvoyé est la donnée DWORD 0, IOSB.Status est DWORD 1 et IOSB.Information est DWORD
2.
Error - 03/08/2010 13:35:28 | Computer Name = CHEF | Source = PerfNet | ID = 2006
Description = Impossible de lire les données de performance de la file d'attente
serveur du Service serveur. Aucune donnée de performance de la file d'attente serveur
ne
sera renvoyée pour cet extrait. Le code d'erreur renvoyé est la donnée DWORD 0,
IOSB.Status est DWORD 1 et IOSB.Information est DWORD 2.
Error - 08/08/2010 02:16:33 | Computer Name = CHEF | Source = Application Error | ID = 1000
Description = Application défaillante firefox.exe, version 1.9.0.3725, module défaillant
xul.dll, version 1.9.0.3725, adresse de défaillance 0x0032949a.
[ OSession Events ]
Error - 26/06/2010 20:20:44 | Computer Name = CHEF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23818
seconds with 2280 seconds of active time. This session ended with a crash.
Error - 28/06/2010 20:17:01 | Computer Name = CHEF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 51715
seconds with 7620 seconds of active time. This session ended with a crash.
Error - 26/07/2010 10:22:55 | Computer Name = CHEF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 814
seconds with 180 seconds of active time. This session ended with a crash.
Error - 11/08/2010 20:17:46 | Computer Name = CHEF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 48145
seconds with 3060 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 06/07/2010 03:04:38 | Computer Name = CHEF | Source = Cdrom | ID = 262159
Description = Le périphérique \Device\CdRom0 n'est pas encore prêt à être accédé.
Error - 06/07/2010 03:04:39 | Computer Name = CHEF | Source = Cdrom | ID = 262159
Description = Le périphérique \Device\CdRom0 n'est pas encore prêt à être accédé.
Error - 06/07/2010 03:04:40 | Computer Name = CHEF | Source = Cdrom | ID = 262159
Description = Le périphérique \Device\CdRom0 n'est pas encore prêt à être accédé.
Error - 06/07/2010 03:04:41 | Computer Name = CHEF | Source = Cdrom | ID = 262159
Description = Le périphérique \Device\CdRom0 n'est pas encore prêt à être accédé.
Error - 06/07/2010 03:04:42 | Computer Name = CHEF | Source = Cdrom | ID = 262159
Description = Le périphérique \Device\CdRom0 n'est pas encore prêt à être accédé.
Error - 06/07/2010 03:04:43 | Computer Name = CHEF | Source = Cdrom | ID = 262159
Description = Le périphérique \Device\CdRom0 n'est pas encore prêt à être accédé.
Error - 06/07/2010 03:04:44 | Computer Name = CHEF | Source = Cdrom | ID = 262159
Description = Le périphérique \Device\CdRom0 n'est pas encore prêt à être accédé.
Error - 06/07/2010 03:04:45 | Computer Name = CHEF | Source = Cdrom | ID = 262159
Description = Le périphérique \Device\CdRom0 n'est pas encore prêt à être accédé.
< End of report >
EDIT bis :
le rapport avira.effectivement il y a d'autres infections:
- Code: Tout sélectionner
Avira AntiVir Personal
Report file date: mercredi 1 septembre 2010 23:26
Scanning for 2765985 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : CHEF
Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 19/04/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 01/04/2010 10:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 10:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 07/03/2010 16:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 21:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 14:49:20
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 14:49:20
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 14:49:20
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 14:49:20
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 14:49:20
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 14:49:20
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 14:49:22
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 14:49:22
VBASE008.VDF : 7.10.9.166 2048 Bytes 23/07/2010 14:49:22
VBASE009.VDF : 7.10.9.167 2048 Bytes 23/07/2010 14:49:22
VBASE010.VDF : 7.10.9.168 2048 Bytes 23/07/2010 14:49:22
VBASE011.VDF : 7.10.9.169 2048 Bytes 23/07/2010 14:49:22
VBASE012.VDF : 7.10.9.170 2048 Bytes 23/07/2010 14:49:22
VBASE013.VDF : 7.10.9.198 157696 Bytes 26/07/2010 14:49:22
VBASE014.VDF : 7.10.9.255 997888 Bytes 29/07/2010 14:49:22
VBASE015.VDF : 7.10.10.28 139264 Bytes 02/08/2010 14:49:22
VBASE016.VDF : 7.10.10.52 127488 Bytes 03/08/2010 14:49:22
VBASE017.VDF : 7.10.10.84 137728 Bytes 06/08/2010 14:49:22
VBASE018.VDF : 7.10.10.107 176640 Bytes 09/08/2010 14:49:22
VBASE019.VDF : 7.10.10.130 132608 Bytes 10/08/2010 14:49:22
VBASE020.VDF : 7.10.10.158 131072 Bytes 12/08/2010 14:49:22
VBASE021.VDF : 7.10.10.190 136704 Bytes 16/08/2010 14:49:22
VBASE022.VDF : 7.10.10.217 118272 Bytes 19/08/2010 14:49:22
VBASE023.VDF : 7.10.10.246 130048 Bytes 23/08/2010 14:49:22
VBASE024.VDF : 7.10.11.11 144896 Bytes 25/08/2010 14:49:22
VBASE025.VDF : 7.10.11.33 135168 Bytes 27/08/2010 00:16:54
VBASE026.VDF : 7.10.11.34 2048 Bytes 27/08/2010 00:16:58
VBASE027.VDF : 7.10.11.35 2048 Bytes 27/08/2010 00:16:59
VBASE028.VDF : 7.10.11.36 2048 Bytes 27/08/2010 00:16:59
VBASE029.VDF : 7.10.11.37 2048 Bytes 27/08/2010 00:16:59
VBASE030.VDF : 7.10.11.38 2048 Bytes 27/08/2010 00:16:59
VBASE031.VDF : 7.10.11.50 145920 Bytes 30/08/2010 00:16:27
Engineversion : 8.2.4.46
AEVDF.DLL : 8.1.2.1 106868 Bytes 25/08/2010 14:49:16
AESCRIPT.DLL : 8.1.3.44 1364346 Bytes 29/08/2010 00:17:28
AESCN.DLL : 8.1.6.1 127347 Bytes 25/08/2010 14:49:16
AESBX.DLL : 8.1.3.1 254324 Bytes 25/08/2010 14:49:16
AERDL.DLL : 8.1.8.2 614772 Bytes 25/08/2010 14:49:16
AEPACK.DLL : 8.2.3.5 471412 Bytes 25/08/2010 14:49:16
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 25/08/2010 14:49:16
AEHEUR.DLL : 8.1.2.19 2867574 Bytes 29/08/2010 00:17:23
AEHELP.DLL : 8.1.13.3 242038 Bytes 29/08/2010 00:17:07
AEGEN.DLL : 8.1.3.20 397684 Bytes 29/08/2010 00:17:03
AEEMU.DLL : 8.1.2.0 393588 Bytes 25/08/2010 14:49:16
AECORE.DLL : 8.1.16.2 192887 Bytes 25/08/2010 14:49:16
AEBB.DLL : 8.1.1.0 53618 Bytes 25/08/2010 14:49:16
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/01/2010 10:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 14/01/2010 10:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 29/08/2010 00:17:29
AVREG.DLL : 10.0.3.0 53096 Bytes 01/04/2010 10:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01/04/2010 10:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 01/04/2010 10:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/01/2010 07:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/01/2010 10:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/03/2010 13:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 19/02/2010 12:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 11:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 09/04/2010 12:14:29
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:, F:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Optimised scan......................: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: mercredi 1 septembre 2010 23:26
Starting search for hidden objects.
c:\windows\explorer.exe
c:\WINDOWS\explorer.exe
[NOTE] The process is not visible.
The scan of running processes will be started
Scan process 'rsmsink.exe' - '28' Module(s) have been scanned
Scan process 'msdtc.exe' - '39' Module(s) have been scanned
Scan process 'dllhost.exe' - '57' Module(s) have been scanned
Scan process 'dllhost.exe' - '44' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'avscan.exe' - '68' Module(s) have been scanned
Scan process 'winmine.exe' - '21' Module(s) have been scanned
Scan process 'firefox.exe' - '85' Module(s) have been scanned
Scan process 'explorer.exe' - '103' Module(s) have been scanned
Scan process 'alg.exe' - '32' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '44' Module(s) have been scanned
Scan process 'CLSched.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'RichVideo.exe' - '21' Module(s) have been scanned
Scan process 'svchost.exe' - '29' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '29' Module(s) have been scanned
Scan process 'jqs.exe' - '85' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '22' Module(s) have been scanned
Scan process 'avshadow.exe' - '25' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '57' Module(s) have been scanned
Scan process 'btwdins.exe' - '25' Module(s) have been scanned
Scan process 'avguard.exe' - '53' Module(s) have been scanned
Scan process 'BTSTAC~1.EXE' - '47' Module(s) have been scanned
Scan process 'BTTray.exe' - '47' Module(s) have been scanned
Scan process 'Logi_MwX.Exe' - '14' Module(s) have been scanned
Scan process 'PCMService.exe' - '69' Module(s) have been scanned
Scan process 'jusched.exe' - '19' Module(s) have been scanned
Scan process 'avgnt.exe' - '47' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '34' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'sched.exe' - '43' Module(s) have been scanned
Scan process 'spoolsv.exe' - '66' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '164' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '50' Module(s) have been scanned
Scan process 'lsass.exe' - '57' Module(s) have been scanned
Scan process 'services.exe' - '26' Module(s) have been scanned
Scan process 'winlogon.exe' - '64' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '625' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\jvmhs.sys.vir
[DETECTION] Contains recognition pattern of the RKIT/Agent.biiu root kit
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\laqcau.sys.vir
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{2C20AC16-2C82-442F-9864-0995850C9CC3}\RP90\A0035219.sys
[DETECTION] Contains recognition pattern of the RKIT/Agent.biiu root kit
C:\System Volume Information\_restore{2C20AC16-2C82-442F-9864-0995850C9CC3}\RP90\A0035220.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
Begin scan in 'D:\' <Video>
Begin scan in 'E:\' <Audio>
Begin scan in 'F:\' <Data>
Beginning disinfection:
C:\System Volume Information\_restore{2C20AC16-2C82-442F-9864-0995850C9CC3}\RP90\A0035220.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4fe31a9b.qua'.
C:\System Volume Information\_restore{2C20AC16-2C82-442F-9864-0995850C9CC3}\RP90\A0035219.sys
[DETECTION] Contains recognition pattern of the RKIT/Agent.biiu root kit
[NOTE] The file was moved to the quarantine directory under the name '5774353c.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\laqcau.sys.vir
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '056a6fe5.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\jvmhs.sys.vir
[DETECTION] Contains recognition pattern of the RKIT/Agent.biiu root kit
[NOTE] The file was moved to the quarantine directory under the name '63592048.qua'.
End of the scan: mercredi 1 septembre 2010 23:55
Used time: 29:16 Minute(s)
The scan has been done completely.
7051 Scanned directories
399569 Files were scanned
4 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
4 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
399565 Files not concerned
3664 Archives were scanned
0 Warnings
4 Notes
322962 Objects were scanned with rootkit scan
1 Hidden objects were found
- zoriten
- Visiteur Confirmé
- Messages: 17
- Inscription: 31 Aoû 2010 20:33
.
Re: virus TR rootkit.gen
le 02 Sep 2010 09:01
Ok les détections sont bien dans le backup de combofix et dans le système de restauration.
fait donc ceci.
Cliquez sur Démarrer > Exécuter et copiez/collez le texte en gras ci-dessous dans la zone de saisie :
ComboFix /Uninstall
Puis cliquez sur OK
Ensuite pour la restauration ceci.
Maintenant on va mettre la restauration du système propre.
Cliquez avec le bouton droit sur l'icône Poste de travail, puis cliquez sur Propriétés
ou touche "Windows+Pause"
Cliquez sur l'onglet Restauration du système
Sélectionnez Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs.
Cliquez sur Appliquer puis OUI dans la fenêtre suivante.
Attendre quelques instants puis :
activer la restauration du système de nouveau.
Cliquez avec le bouton droit sur Poste de travail, puis cliquez sur Propriétés
ou touche "Windows+Pause"
Cliquez sur l'onglet Restauration du système
Désélectionnez Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs»
Maintenant on crée un nouveau point de restauration.
Démarrer—Exécuter—ou touche "Windows+R" et tapes:
Puis coche " Créer un point de restauration" que tu nommes PC- Clean. Valide.
Vous pouvez maintenant fermer toutes les fenêtres.
fait donc ceci.
Cliquez sur Démarrer > Exécuter et copiez/collez le texte en gras ci-dessous dans la zone de saisie :
ComboFix /Uninstall
Puis cliquez sur OK
Ensuite pour la restauration ceci.
Maintenant on va mettre la restauration du système propre.
Cliquez avec le bouton droit sur l'icône Poste de travail, puis cliquez sur Propriétés
ou touche "Windows+Pause"
Cliquez sur l'onglet Restauration du système
Sélectionnez Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs.
Cliquez sur Appliquer puis OUI dans la fenêtre suivante.
Attendre quelques instants puis :
activer la restauration du système de nouveau.
Cliquez avec le bouton droit sur Poste de travail, puis cliquez sur Propriétés
ou touche "Windows+Pause"
Cliquez sur l'onglet Restauration du système
Désélectionnez Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs»
Maintenant on crée un nouveau point de restauration.
Démarrer—Exécuter—ou touche "Windows+R" et tapes:
%SystemRoot%\System32\restore\rstrui.exe
Puis coche " Créer un point de restauration" que tu nommes PC- Clean. Valide.
Vous pouvez maintenant fermer toutes les fenêtres.
-
bernard53 - PC-Infopraticien
- Messages: 12778
- Inscription: 08 Déc 2009 19:51
19 messages
• Page 1 sur 2 • - 1, 2
Sujets similaires
[Réglé] android autoBonjour Je possede un tel. samsung S7 . Je viens d'intaller android auto et chaque fois que je branche mon tel. sur mon vehicule , mon telephone me dit de mettre android à jour. En fouillant un peu sur le net j'ai cru voir que samsung avait arreté les mises à jour sur les S7 . Est ce vrai , sinon co ...
Réponses: 3
[Réglé] Mauvaise performance SSD NVMEBonjour, j'ai un WDC PC SN530 SDBPNPZ-512G, et quand je fais des benchmark où je ne comprends rien, ils m'indiquent dès résultat pas terrible, y a t'il moyen d'arranger ça ?https://www.userbenchmark.com/UserRun/68904129Merci de votre aide.
Réponses: 5
[Réglè] HELPBonjour a tous,j'ai voulu désinstaller les pilotes AMD high définition audio device dans le gestionnaire croyant que les pilotes realtek prendraient la place j'ai redémarré mon PC et depuis je n'ai plus de son l?icône est affublée d'une belle croix rouge (aucun haut parleur ou casque n'est branché) ...
Réponses: 7
Son 5.1 [Réglé]Bonjour,J'ouvre un autre post concernant mon souci de sortie son qui est désespérément figé sur "Stéréo". Mon PC Assemblé par mes soins possède une Carte Mère Gigabyte B550M DS3H "affublée" d'une carte Graphique AMD RX6600 Pulse. Mon PC est relié de ma carte graphique à mon TV à ...
Réponses: 3
[Réglé] Fenêtre intempestive Powershell au démarrageBonjour,Je m'ajoute à la longue liste des victimes de la fenêtre pop-up bleue qui s'ouvre et qui se ferme à chaque connexion de session, et quelques fois après.J'ai passé les antimalware et ESET... mais rien à faire.Je possède un Lenovo TrigKey AZW S3 en AMD Ryzen 7 qui tourne sur W11 64bits.je vous ...
Réponses: 11
[Réglé] Suite de mon sujet Démarrage PC parfois difficileBonjour,j'avais ouvert un sujet suite au démarrage très lent de mon PC. Votre aide m'a permis d'améliorer la situation mais ce n'est pas parfait (plus de 2 minutes avant la fenêtre de saisie du code d'accès Windows).On m'a conseillé de demander une désinfection. J'ai suivi la procédure et je joins l ...
Réponses: 12
[Réglé] Démarrage PC parfois difficileBonjour à tous,Actuellement mon PC bloque parfois au démarrage sur l'écran où on peut choisir les options de boot. C'est un écran noir avec le logo Asrock et en bas à droite les possibilités offertes. Dans ce cas il ne se passe rien et je dois relancer le démarrage, parfois à plusieurs reprises.Ça n ...
Réponses: 14
Qui est en ligne
Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 13 invités
|
.: Nous contacter :: Flux RSS :: Données personnelles :. |