Virus win32 rootkit

briscard · le 16 Juin 2010 08:34

Salut,
Voila je me suis pris le virus win32 rootkit et depuis, c'est la galère il y en a pleins d'autres qui arrivent.
voici le rapport :

Code: Tout sélectionner: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:33:40, on 16/06/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18470) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Windows\RtHDVCpl.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Clément\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [userinit] C:\Users\Clément\AppData\Roaming\sdra64.exe O4 - HKCU\..\Run: [tutuvtdrv] rundll32.exe "c:\users\clment~1\appdata\local\temp\vttstt.dll",s O4 - HKCU\..\Run: [Halo2] rundll32.exe C:\Users\CLMENT~1\AppData\Local\Temp\sshnas21.dll,GetMainWnd O4 - HKCU\..\Run: [M5T8QL3YW3] C:\Users\Clément\AppData\Local\Temp\Yfl.exe O4 - HKCU\..\Run: [jkklihsys] rundll32.exe "c:\users\clment~1\appdata\local\temp\geedeb.dll",DllRegisterServer O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AD83399A-834A-4A76-962D-E24038866728}: NameServer = 192.168.1.1 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing) O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 7656 bytes

Merci a tous.

jeanmimigab · le 16 Juin 2010 08:58

hello et bienvenue sur PC Infopratique.... :wink:

effectivement tu as choper une belle sal****rie :-?

suis cette petite procédure et poste le rapport OTL demandé :wink:

viewtopic.php?f=19&t=51456

N'oublie pas d'indiquer les renseignements demandés à l'étape N°3

Si tu as un souci avec cette procédure, n'hésite pas à me le dire :wink:

@++

jeanmimigab · le 16 Juin 2010 09:17

EDIT:Ne cherche pas le rapport C:\USBFix.txt, il n'est pas généré sur l'option "Vaccination" :wink:

briscard · le 16 Juin 2010 09:58

Voila

Code: Tout sélectionner: OTL logfile created on: 16/06/2010 10:12:18 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Clément\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 141,04 Gb Total Space | 37,43 Gb Free Space | 26,54% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PC-DE-CLÉMENT Current User Name: Clément Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010/06/16 10:10:19 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Clément\Desktop\OTL.exe PRC - [2010/05/30 21:52:52 | 000,304,240 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2010/04/07 18:44:20 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009/03/09 23:40:47 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/05/16 01:19:31 | 000,079,224 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2008/05/16 01:19:24 | 000,144,760 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2008/05/16 01:19:00 | 000,247,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2008/05/16 01:16:59 | 000,349,560 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2008/05/16 01:06:57 | 000,017,272 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2008/01/19 09:33:12 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEUser.exe PRC - [2007/02/09 16:40:34 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe PRC - [2007/02/05 18:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe PRC - [2006/12/18 17:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe PRC - [2006/12/07 17:08:46 | 000,032,768 | ---- | M] () -- C:\PVSW\Bin\WGE_SRV.exe PRC - [2006/12/01 07:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006/11/02 11:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2004/07/22 14:40:00 | 000,106,546 | ---- | M] () -- C:\PVSW\Bin\w3dbsmgr.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010/06/16 10:10:19 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Clément\Desktop\OTL.exe MOD - [2008/01/19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2008/01/19 09:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0) SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService) SRV - [2008/05/16 01:19:24 | 000,144,760 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2008/05/16 01:19:00 | 000,247,160 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2008/05/16 01:16:59 | 000,349,560 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2008/05/16 01:06:57 | 000,017,272 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2008/01/19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008/01/19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc) SRV - [2007/05/25 10:09:04 | 000,081,408 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager) SRV - [2007/02/05 18:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2006/12/07 17:08:46 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\PVSW\Bin\WGE_SRV.exe -- (EBP Pervasive.SQL) SRV - [2006/10/23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS) SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009/04/19 17:14:37 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2008/11/04 14:13:32 | 000,952,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008/05/16 01:20:32 | 000,078,416 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2008/05/16 01:18:00 | 000,050,768 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2008/05/16 01:16:06 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2008/05/16 01:15:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2008/05/16 01:14:11 | 000,042,912 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2008/01/19 07:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM) DRV - [2008/01/19 07:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2007/02/02 16:09:40 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006/12/14 09:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006/12/01 07:38:00 | 001,655,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006/11/28 15:53:14 | 000,847,536 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D) DRV - [2006/11/22 07:48:54 | 000,181,304 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2006/11/06 04:01:20 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006/11/02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006/11/02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006/11/02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006/11/02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006/11/02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006/11/02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006/11/02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006/11/02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006/11/02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006/11/02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006/11/02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006/11/02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006/11/02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006/11/02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006/11/02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006/11/02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/11/02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006/11/01 22:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - [2006/10/30 11:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2004/01/28 16:03:26 | 000,021,456 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SilvrLnk.sys -- (SilverLink) Texas Instruments SilverLink (USB GraphLink) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.startup.homepage: "http://www.google.fr/webhp?sourceid=navclient-ff" FF - prefs.js..extensions.enabledItems: {53724739-8c9b-4b6d-904d-de60ae2a431c}:1.1.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/07 18:44:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/07 18:44:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/05/05 10:38:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/05/05 10:40:16 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\mozilla\Extensions [2010/05/05 10:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clément\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010/06/05 09:31:21 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\mozilla\Firefox\Profiles\jxh0fdpu.default\extensions [2010/02/27 23:57:51 | 000,000,000 | ---D | M] (Fbosf) -- C:\Users\Clément\AppData\Roaming\mozilla\Firefox\Profiles\jxh0fdpu.default\extensions\{53724739-8c9b-4b6d-904d-de60ae2a431c} [2009/04/19 17:29:37 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2007/05/25 10:00:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/12/22 15:54:15 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\packardbell@partners.mozilla.com [2008/12/22 15:54:16 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org [2010/03/12 12:46:00 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml [2010/03/12 12:46:00 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml [2010/03/12 12:46:01 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml [2008/12/22 15:54:05 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml [2010/03/12 12:46:01 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml [2010/03/24 20:01:12 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (Packard Bell) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002..\Run: [Halo2] C:\Users\CLMENT~1\AppData\Local\Temp\sshnas21.DLL File not found O4 - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002..\Run: [jkklihsys] c:\users\clment~1\appdata\local\temp\geedeb.DLL File not found O4 - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002..\Run: [M5T8QL3YW3] C:\Users\Clément\AppData\Local\Temp\Yfl.exe File not found O4 - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found O4 - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002..\Run: [tutuvtdrv] c:\Utilisateurs\Clément\AppData\Local\Temp\vttstt.dll File not found O4 - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002..\Run: [userinit] C:\Users\Clément\AppData\Roaming\sdra64.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.242 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Clément\Pictures\300_movie_wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Clément\Pictures\300_movie_wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{117f12ce-2cf5-11de-be32-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{117f12ce-2cf5-11de-be32-00038a000015}\Shell\AutoRun\command - "" = E:\start.exe -- File not found O33 - MountPoints2\{460dab52-8cc7-11de-91de-00038a000015}\Shell\Auto\command - "" = C:\Windows\System32\cmd.exe -- [2008/01/19 09:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{83b38e92-0597-11df-bb63-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{83b38e92-0597-11df-bb63-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{895a3834-d808-11dc-a41c-00038a000015}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found O33 - MountPoints2\{af8fe98e-0d62-11de-83ed-00038a000015}\Shell\Auto\command - "" = wscript "esta ig.vbs" O33 - MountPoints2\{eace66ec-d66d-11dd-8a74-00038a000015}\Shell\Auto\command - "" = wscript "esta ig.vbs" O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2009/02/20 22:55:36 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/06/16 10:10:04 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Clément\Desktop\OTL.exe [2010/06/16 09:15:55 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Clément\Desktop\HiJackThis.exe [2010/06/15 23:01:02 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2010/06/15 15:57:31 | 000,000,000 | ---D | C] -- C:\Users\Clément\Desktop\n64 [2010/06/12 18:30:21 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\Windows Server [2010/06/11 03:46:15 | 000,000,000 | -HSD | C] -- C:\Users\Clément\AppData\Roaming\lowsec [2010/06/11 03:34:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010/06/10 19:53:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010/06/10 19:53:39 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010/06/10 19:53:39 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010/06/10 19:53:17 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010/06/10 19:53:15 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010/06/10 19:53:15 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010/06/10 19:53:14 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010/06/10 19:53:14 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2010/06/10 19:53:14 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010/06/10 19:53:13 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010/06/10 19:53:13 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010/06/10 19:53:12 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010/06/10 19:53:11 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010/06/10 19:53:11 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010/06/10 19:52:57 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2010/06/10 19:51:34 | 002,036,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010/06/05 19:22:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010/06/05 19:21:05 | 003,387,040 | ---- | C] (Piriform Ltd) -- C:\Users\Clément\Desktop\ccsetup232.exe [2010/06/05 18:25:12 | 000,000,000 | ---D | C] -- C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP [2010/06/05 12:05:17 | 000,000,000 | ---D | C] -- C:\Users\Clément\DoctorWeb [2010/06/05 11:38:11 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8 [2010/06/04 18:45:03 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010/05/31 17:32:15 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\Iceni [2010/05/31 17:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Aspell [2010/05/31 17:31:53 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Roaming\Iceni [2010/05/31 17:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Iceni [2010/05/31 17:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Iceni [2010/05/31 17:31:37 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Roaming\Aspell [2010/05/26 15:31:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/06/16 10:16:05 | 000,000,296 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010/06/16 10:15:14 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D0517B46-930D-4C38-8694-14F1C9F1A157}.job [2010/06/16 10:13:15 | 004,194,304 | -HS- | M] () -- C:\Users\Clément\ntuser.dat [2010/06/16 10:10:19 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Clément\Desktop\OTL.exe [2010/06/16 10:06:06 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010/06/16 10:00:05 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator.job [2010/06/16 10:00:05 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\Extension de garantie.job [2010/06/16 10:00:05 | 000,000,296 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010/06/16 09:20:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/06/16 09:15:59 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Clément\Desktop\HiJackThis.exe [2010/06/16 09:12:55 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/06/16 09:12:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/06/16 09:12:29 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/06/16 09:12:28 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/06/16 09:11:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/06/16 09:11:42 | 1878,286,336 | -HS- | M] () -- C:\hiberfil.sys [2010/06/16 09:10:58 | 000,524,288 | -HS- | M] () -- C:\Users\Clément\NTUSER.DAT{54c6d7be-c405-11dc-80ec-00038a000015}.TMContainer00000000000000000001.regtrans-ms [2010/06/16 09:10:58 | 000,065,536 | -HS- | M] () -- C:\Users\Clément\NTUSER.DAT{54c6d7be-c405-11dc-80ec-00038a000015}.TM.blf [2010/06/16 09:09:20 | 001,762,528 | -H-- | M] () -- C:\Users\Clément\AppData\Local\IconCache.db [2010/06/15 07:31:56 | 001,497,408 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/06/15 07:31:56 | 000,678,956 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2010/06/15 07:31:56 | 000,595,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/06/15 07:31:56 | 000,128,004 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2010/06/15 07:31:56 | 000,104,940 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/06/14 15:15:53 | 000,096,256 | ---- | M] () -- C:\Users\Clément\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/12 17:41:50 | 000,000,001 | ---- | M] () -- C:\Users\Clément\oashdihasidhasuidhiasdhiashdiuasdhasd [2010/06/11 03:59:03 | 000,787,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/06/07 22:53:15 | 000,168,996 | ---- | M] () -- C:\Users\Clément\Desktop\Ti-89.rar [2010/06/07 22:48:22 | 000,041,379 | ---- | M] () -- C:\Users\Clément\Desktop\GESTION.rar [2010/06/06 17:30:24 | 000,000,764 | ---- | M] () -- C:\Users\Clément\Documents\Mes dossiers de partage.lnk [2010/06/05 19:22:07 | 003,387,040 | ---- | M] (Piriform Ltd) -- C:\Users\Clément\Desktop\ccsetup232.exe [2010/06/05 16:24:51 | 000,049,152 | ---- | M] () -- C:\Users\Clément\AppData\Roaming\alggui.exe [2010/05/31 17:32:08 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\Infix PDF Editor.lnk [2010/05/29 17:09:09 | 000,036,686 | ---- | M] () -- C:\Users\Clément\Documents\51C2E61BE68362CB119CE2D09237EB36.tomcat11.pdf [2010/05/26 18:16:50 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010/05/26 16:25:15 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/06/15 15:48:22 | 000,000,296 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010/06/12 17:41:50 | 000,000,001 | ---- | C] () -- C:\Users\Clément\oashdihasidhasuidhiasdhiashdiuasdhasd [2010/06/12 15:23:59 | 000,000,294 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010/06/07 22:52:51 | 000,168,996 | ---- | C] () -- C:\Users\Clément\Desktop\Ti-89.rar [2010/06/07 22:48:18 | 000,041,379 | ---- | C] () -- C:\Users\Clément\Desktop\GESTION.rar [2010/06/04 17:31:12 | 000,049,152 | ---- | C] () -- C:\Users\Clément\AppData\Roaming\alggui.exe [2010/06/04 17:30:29 | 000,000,296 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010/05/31 17:32:08 | 000,000,814 | ---- | C] () -- C:\Users\Public\Desktop\Infix PDF Editor.lnk [2010/05/29 17:09:09 | 000,036,686 | ---- | C] () -- C:\Users\Clément\Documents\51C2E61BE68362CB119CE2D09237EB36.tomcat11.pdf [2010/03/26 23:01:36 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009/11/22 18:58:20 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2009/11/22 18:46:00 | 000,000,025 | ---- | C] () -- C:\Windows\CDE SX200DEFGIPS.ini [2009/11/18 11:57:34 | 000,475,136 | ---- | C] () -- C:\Windows\System32\SAGEPERS.DLL [2009/11/13 15:07:28 | 000,000,040 | ---- | C] () -- C:\Windows\WIMMO.INI [2009/11/13 14:55:19 | 000,000,039 | ---- | C] () -- C:\Windows\System32\CielComponent.ini [2009/11/13 13:11:19 | 000,110,592 | ---- | C] () -- C:\Windows\System32\xxxprogress.dll [2009/10/28 14:29:40 | 000,000,940 | ---- | C] () -- C:\Windows\bdoscandellang.ini [2009/06/06 16:27:19 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2009/06/06 15:07:13 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini [2009/04/19 17:14:37 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008/07/04 23:13:17 | 000,000,073 | ---- | C] () -- C:\Windows\wininit.ini [2008/07/04 23:05:01 | 000,000,295 | ---- | C] () -- C:\Windows\SIERRA.INI [2008/06/25 02:10:38 | 000,000,026 | ---- | C] () -- C:\Windows\System32\satsukidecodersettings.ini [2007/09/28 18:07:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2007/09/28 18:05:50 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest [2007/09/28 18:05:50 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest [2007/09/28 18:05:08 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2007/05/25 19:22:55 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007/05/25 19:22:52 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007/05/25 19:22:45 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini [2007/05/25 10:24:09 | 000,016,384 | ---- | C] () -- C:\Windows\System32\DsrSleep.dll [2007/05/25 10:23:10 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2007/05/25 10:23:10 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2007/02/13 09:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/05/31 21:28:01 | 000,036,864 | ---- | C] () -- C:\Windows\System32\43332e14.dll [2006/05/31 21:27:58 | 000,008,192 | ---- | C] () -- C:\Windows\System32\f7058528.dll [2006/05/31 21:27:43 | 000,000,034 | ---- | C] () -- C:\Windows\System32\3b7a7ea3.dll [2006/02/24 19:28:16 | 000,006,144 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2005/11/05 18:46:26 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll [color=#E56717]========== LOP Check ==========[/color] [2009/11/13 12:58:20 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\DAEMON Tools [2009/04/19 17:21:43 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\DAEMON Tools Lite [2009/08/03 00:56:02 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\DAEMON Tools Pro [2009/11/06 18:38:27 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\EBP [2009/11/23 14:22:54 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\EPSON [2009/02/12 00:21:44 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\FileZilla [2010/05/31 17:31:53 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\Iceni [2010/06/16 09:49:22 | 000,000,000 | -HSD | M] -- C:\Users\Clément\AppData\Roaming\lowsec [2010/06/04 17:58:19 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\My Games [2007/09/26 19:14:27 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\OFFICE One v7 [2010/05/05 10:31:03 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\OFFICEOne7 [2007/09/26 20:48:24 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\Packard Bell [2008/06/07 22:19:59 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\SystemRequirementsLab [2009/03/18 22:27:22 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\Template [2010/05/05 10:40:13 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\Thunderbird [2010/06/16 10:00:05 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\Extension de garantie.job [2010/06/16 10:00:05 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\Recovery DVD Creator.job [2010/06/16 09:10:25 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010/06/16 10:15:14 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D0517B46-930D-4C38-8694-14F1C9F1A157}.job [2010/06/16 10:00:05 | 000,000,296 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010/06/16 10:16:05 | 000,000,296 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010/06/16 10:06:06 | 000,000,294 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008/01/19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008/01/19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008/01/19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008/01/19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008/01/19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008/02/14 04:05:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008/02/14 04:05:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008/02/14 04:05:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008/01/19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\drivers\cdrom.sys [2008/01/19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys [2008/01/19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys [2009/04/11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys [2006/11/02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys [color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color] [2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll [color=#A23BEC]< MD5 for: DISK.SYS >[/color] [2009/04/11 08:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys [2008/01/19 09:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\drivers\disk.sys [2008/01/19 09:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys [2008/01/19 09:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys [2006/11/02 11:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys [color=#A23BEC]< MD5 for: IASTORV.SYS >[/color] [2008/01/19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008/01/19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009/04/11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys [2006/11/02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys [2008/01/19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\System32\drivers\ndis.sys [2008/01/19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2006/11/02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008/01/19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008/01/19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll [color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color] [2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008/01/19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008/01/19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys [color=#A23BEC]< MD5 for: RASACD.SYS >[/color] [2008/01/19 07:56:31 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=147D7F9C556D259924351FEB0DE606C3 -- C:\Windows\System32\drivers\rasacd.sys [2008/01/19 07:56:31 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=147D7F9C556D259924351FEB0DE606C3 -- C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasacd.sys [2006/11/02 10:58:13 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=BD7B30F55B3649506DD8B3D38F571D2A -- C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6000.16386_none_0da33cba68680e8f\rasacd.sys [color=#A23BEC]< MD5 for: RDPWD.SYS >[/color] [2009/04/11 06:51:27 | 000,180,736 | ---- | M] (Microsoft Corporation) MD5=30BFBDFB7F95559EDE971F9DDB9A00BA -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.0.6002.18005_none_4d610153d22453a6\rdpwd.sys [2006/11/02 11:02:15 | 000,160,256 | ---- | M] (Microsoft Corporation) MD5=8830E790A74A96605FABA74F9665BB3C -- C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.0.6000.16386_none_493ec64bd8177786\rdpwd.sys [2008/01/19 08:01:21 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=E1C18F4097A5ABCEC941DC4B2F99DB7E -- C:\Windows\System32\drivers\rdpwd.sys [2008/01/19 08:01:21 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=E1C18F4097A5ABCEC941DC4B2F99DB7E -- C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.0.6001.18000_none_4b758847d502885a\rdpwd.sys [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2008/01/19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008/01/19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006/11/02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll [color=#A23BEC]< MD5 for: SFLOPPY.SYS >[/color] [2006/11/02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=46ED8E91793B2E6F848015445A0AC188 -- C:\Windows\System32\drivers\sfloppy.sys [2006/11/02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=46ED8E91793B2E6F848015445A0AC188 -- C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_7a4ca8e4\sfloppy.sys [2008/01/19 07:49:48 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=C33BFBD6E9E41FCD9FFEF9729E9FAED6 -- C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_36da1340\sfloppy.sys [2008/01/19 07:49:48 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=C33BFBD6E9E41FCD9FFEF9729E9FAED6 -- C:\Windows\winsxs\x86_flpydisk.inf_31bf3856ad364e35_6.0.6001.18000_none_e70a102d7a7bbf43\sfloppy.sys [color=#A23BEC]< MD5 for: TDPIPE.SYS >[/color] [2008/01/19 08:01:07 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=5DCF5E267BE67A1AE926F2DF77FBCC56 -- C:\Windows\System32\drivers\tdpipe.sys [2008/01/19 08:01:07 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=5DCF5E267BE67A1AE926F2DF77FBCC56 -- C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.0.6001.18000_none_dbac376c44b742d7\tdpipe.sys [2006/11/02 11:02:01 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=964248AEF49C31FA6A93201A73FFAF50 -- C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.0.6000.16386_none_d975757047cc3203\tdpipe.sys [color=#A23BEC]< MD5 for: TDTCP.SYS >[/color] [2008/01/19 08:01:08 | 000,029,184 | ---- | M] (Microsoft Corporation) MD5=389C63E32B3CEFED425B61ED92D3F021 -- C:\Windows\System32\drivers\tdtcp.sys [2008/01/19 08:01:08 | 000,029,184 | ---- | M] (Microsoft Corporation) MD5=389C63E32B3CEFED425B61ED92D3F021 -- C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.0.6001.18000_none_dbac376c44b742d7\tdtcp.sys [2006/11/02 11:02:01 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=7D2C1AE1648A60FCE4AA0F7982E419D3 -- C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.0.6000.16386_none_d975757047cc3203\tdtcp.sys [color=#A23BEC]< MD5 for: USBPRINT.SYS >[/color] [2006/11/02 11:14:58 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=B51E52ACF758BE00EF3A58EA452FE360 -- C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_35521f61\usbprint.sys [2008/01/19 08:14:40 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=E75C4B5269091D15A2E7DC0B6D35F2F5 -- C:\Windows\System32\drivers\usbprint.sys [2008/01/19 08:14:40 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=E75C4B5269091D15A2E7DC0B6D35F2F5 -- C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_29f90369\usbprint.sys [2008/01/19 08:14:40 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=E75C4B5269091D15A2E7DC0B6D35F2F5 -- C:\Windows\winsxs\x86_usbprint.inf_31bf3856ad364e35_6.0.6001.18000_none_32f9c26ac169fb1e\usbprint.sys [color=#A23BEC]< MD5 for: USBSCAN.SYS >[/color] [2008/01/19 08:14:09 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\System32\drivers\usbscan.sys [2008/01/19 08:14:09 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_67b3f94c\usbscan.sys [2008/01/19 08:14:09 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\winsxs\x86_sti.inf_31bf3856ad364e35_6.0.6001.18000_none_59ded168e0c6a0d3\usbscan.sys [2008/01/19 08:14:09 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\winsxs\x86_sti.inf_31bf3856ad364e35_6.0.6002.18005_none_5bca4a74dde86c1f\usbscan.sys [2006/11/02 11:14:17 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=B1F95285C08DDFE00C0B955462637EC7 -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_727905e0\usbscan.sys [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [2008/01/19 09:34:08 | 000,347,136 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\dxtmsft.dll [2008/01/19 09:34:08 | 000,214,528 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\dxtrans.dll [2008/01/19 09:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\rsaenh.dll [2008/01/19 09:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\SLC.dll [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 76 bytes -> C:\Users\Clément\Documents\Updater5:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Clément\Documents\Mes Google Gadgets:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Clément\Documents\Mes fichiers reçus:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Clément\Documents\F!LmS:Roxio EMC Stream < End of report >

Code: Tout sélectionner: OTL Extras logfile created on: 16/06/2010 10:12:18 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Clément\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 141,04 Gb Total Space | 37,43 Gb Free Space | 26,54% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PC-DE-CLÉMENT Current User Name: Clément Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1531188079-2321126841-1819239067-1002] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DisabledInterfaces" = {B6CBE910-CE21-4BE1-8F43-A8530E2C6F4F} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0E2A9575-4E04-411E-AC31-34D6A76F7943}" = lport=3852 | protocol=17 | dir=in | name=emuleudp | "{2F4B81C0-82A8-4FA0-A649-15F5F79033CE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{31AED77A-B919-445E-8D0F-AEF88B23039F}" = lport=2869 | protocol=6 | dir=in | app=system | "{88ED80A2-208D-44A2-87D4-23DA3351FD86}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{9DAD0C39-26A2-4653-9FFC-DEA6714665EC}" = lport=3842 | protocol=6 | dir=in | name=emuletcp | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02C402D3-DE77-414D-9B98-CF17E1C3AEF3}" = protocol=17 | dir=in | app=c:\pvsw\bin\w3dbsmgr.exe | "{0CDF1860-A8D4-4F81-95E5-3EF1125E476B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | "{188721B6-13B7-4BBA-8B0D-650A79180146}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | "{1F8701F1-315B-42CA-B0C4-B37FE6544667}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | "{1FE5D35C-9C13-4B75-A0BA-D4C81D9F036F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | "{2B2190A8-A403-4213-9A73-C8F8A12FD719}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | "{303B3242-521D-40D7-8BDF-5B239E96E882}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | "{5376456D-AF8C-402A-B116-4EF2E503AE7F}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | "{628164CA-2E88-4844-8D01-859B4AC63906}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe | "{63959D36-802F-4FC8-8FC2-5B3C5E22FD9C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | "{7970D3C2-D755-4583-82F2-7705B22DF56E}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | "{8F25E0B9-C67D-452C-BEAE-7EC45333A2C0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{9283C59E-D0F2-4599-8876-BF244423BC6A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9326C5BF-8C8C-4EC8-B713-3B61B34A0470}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | "{94F0DBCF-94DF-4C1B-B183-5B5CFAA3EB88}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe | "{99D6D150-8F89-4C0E-B60F-75EDEBAC7F2E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{B34BDF14-F939-44A7-BCF3-A194DB983887}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | "{BD31D11F-3BDA-4FED-8ABD-417C43F43D9D}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe | "{C6414C1C-DDFD-4978-AFD0-7DBC296A0D2D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | "{C7AA27BC-2810-4F0D-B2AD-39F416A4FD04}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | "{CA52C856-3EF1-456C-82AC-BF0EC34CFB8C}" = protocol=6 | dir=in | app=c:\pvsw\bin\w3dbsmgr.exe | "{D4E3C91C-BB13-4AAE-916D-05B20E29ABA8}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe | "{D7954799-BD06-478A-810D-A893A0BB3111}" = protocol=6 | dir=in | app=c:\pvsw\bin\w3dbsmgr.exe | "{DE8E36F3-713B-448B-8825-87DDBA50E5FE}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | "{E39AFDC4-965C-4431-AA6F-D48C24ACDE19}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | "{F1E3E6B5-FB80-478E-9FE5-AAD26BFF658F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{F6B7B6BE-FBBE-468D-8FE3-FD16D547F35B}" = protocol=17 | dir=in | app=c:\pvsw\bin\w3dbsmgr.exe | "{F7D176AF-1042-448A-AE2C-1BE2DC73CA5A}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | "{FD434251-8920-4B13-95BF-DE1593EDC056}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | "{FDA45DA4-AEEC-4CE8-8900-38E86CFCDC6B}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | "{FE58DC28-D176-462B-8B1E-2EB29910B88C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "TCP Query User{0071656A-D157-4992-BEDF-A2271C53E95C}C:\program files\freeplayer\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\freeplayer\vlc\vlc.exe | "TCP Query User{28724F29-ADBB-4363-AFC5-80EADF8D3B15}C:\pvsw\bin\w3dbsmgr.exe" = protocol=6 | dir=in | app=c:\pvsw\bin\w3dbsmgr.exe | "TCP Query User{37036D5F-065F-4D9A-B27E-20FCE961447C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{735CF30E-6CB2-444B-9DA5-9DECE62A56BB}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | "TCP Query User{8B6F4185-B405-4676-829B-820CCDD3F84F}C:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe | "TCP Query User{8EF11217-CAA0-4483-A0B0-E2A6D4A611FE}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | "TCP Query User{955812AA-8C23-42C5-9D15-DB63EA015AC0}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{AE9EA8A2-BA6E-4F7B-9031-83D11B74A505}C:\program files\ebp\compta13.1\compta.exe" = protocol=6 | dir=in | app=c:\program files\ebp\compta13.1\compta.exe | "TCP Query User{C83A6221-32B7-4EAD-9AA2-2EF124D1B094}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{D0667181-63E8-4BB8-8E53-23CCA5FE0BF4}C:\program files\emule2\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule2\emule.exe | "TCP Query User{D4579A0D-07A6-483A-BC83-04144F6ED91F}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{DB945C73-76E4-44E7-9292-3E2FB22AF956}C:\program files\emule2\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule2\emule.exe | "TCP Query User{DCECAA92-544A-45F7-B5AD-F504C8E4212C}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{F7EEB28F-23F5-4DC1-80A5-B7B015EB12D2}C:\program files\freeplayer\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\freeplayer\vlc\vlc.exe | "UDP Query User{01B4EE63-A788-4AD0-900D-32E36ED64DAA}C:\program files\freeplayer\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\freeplayer\vlc\vlc.exe | "UDP Query User{104FF6E1-3CC7-4790-B612-A13078B582A9}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{45F1FBAE-788D-473A-B23D-F3144D3BDC94}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | "UDP Query User{4F5436FB-1587-46B0-A76B-EDBDD5627540}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{6DE51462-D725-4503-BB54-7B60570CD125}C:\program files\ebp\compta13.1\compta.exe" = protocol=17 | dir=in | app=c:\program files\ebp\compta13.1\compta.exe | "UDP Query User{7DA55A26-0805-4908-A375-0AB4B23C12AE}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{872331B1-4730-4D7D-A699-8759CDBF1ADC}C:\program files\emule2\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule2\emule.exe | "UDP Query User{8BB011C3-5256-49D1-A6EE-B0FB427F4B26}C:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe | "UDP Query User{9AFEAAE0-CBAB-48AA-B939-EEBBC6BB2777}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{C4953DA9-AAA0-43D9-9D88-FD2C5C27DB88}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | "UDP Query User{C63965C0-273C-4AAF-A638-A73689324D52}C:\program files\freeplayer\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\freeplayer\vlc\vlc.exe | "UDP Query User{E2EA0C5A-FB08-4A7A-A5D4-45DF24C9CACC}C:\program files\emule2\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule2\emule.exe | "UDP Query User{E31ED875-1F7C-49DB-B934-89DCA1EDB72B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{F1878A3A-FDEF-4458-B904-D3DF83400C7B}C:\pvsw\bin\w3dbsmgr.exe" = protocol=17 | dir=in | app=c:\pvsw\bin\w3dbsmgr.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{053E4C51-9876-4F8E-874C-D77F559DAD5A}" = Ciel Compta 13.0 "{09E9F3B1-2965-3D8B-F624-2F44D99B53B0}" = Catalyst Control Center Graphics Light "{0ED40D2A-7131-4FE7-941E-5C329336F712}" = HDReg France "{14E10810-FC26-4707-AEBA-0CA5F6E6EE87}" = Ciel Immobilisations 13.0 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1EF377AC-035A-48BE-8EF7-D18D36308CE9}" = OFFICE One 7.0 "{1FDFE55F-D052-4CCF-9B03-3AC687B44DFA}" = Ciel Paye 13.00 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11 "{2EBC713F-3022-A21B-6266-376ED7C43C07}" = CCC Help French "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey "{3CE73C5D-D8F0-D6D0-E5AB-39A798BF4571}" = Skins "{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth "{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector "{414C215E-F8E2-4235-BE08-B3932F50246D}" = Ciel Gestion Commerciale 13.0 "{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager "{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2 "{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = USB2.0 350K WebCam "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5D2683BE-2C44-4DB5-BECD-87B324077A7F}" = OFFICE One Notes v7 "{6153EBDC-A52B-6B24-4A3C-5CC8F85BE0DF}" = Catalyst Control Center Graphics Full New "{6173A4FC-D42D-69A6-52CA-A30496389760}" = ccc-core-static "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}" = Microsoft Works "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{747D0A04-5BDA-478D-A010-68CCCBE4D15A}" = EBP Btrieve 8.6 "{7617FC2E-EA1B-4F07-A0F5-5D5F437CB32D}" = MioMore Desktop 2008 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7DFBD5A5-F88B-ED78-E5FD-FB994138BB25}" = ccc-utility "{85C5827E-106F-4497-8066-B7CFEBBEA91D}" = OFFICE One Menu v7 "{87DEF84E-51A5-4A0E-91C2-E012E92DE69B}" = OFFICE One QuickZip v7 "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007 "{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0015-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007 "{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007 "{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007 "{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007 "{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007 "{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007 "{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0401-0000-0000000FF1CE}_PROR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}_PROR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0413-0000-0000000FF1CE}_PROR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007 "{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007 "{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-040C-0000-0000000FF1CE}_PROR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007 "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{9EE7095B-F74E-4DC9-FAF7-75C940A1C3E9}" = Catalyst Control Center Localization French "{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom "{A70FA218-6598-4AC9-813D-63597C5DD068}" = Galerie de photos Windows Live "{A7DB362E-16DC-4E29-8A34-E74381E00B5B}" = Adobe Shockwave Player "{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1036-7B44-A80000000002}" = Adobe Reader 8 - Français "{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B243ABE9-57C2-4B97-BA6B-37DF6C0208ED}" = OFFICE One Safety-Box v7 "{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6 "{B5DCE5D7-6FDD-D5C2-C6B7-14E264E695C9}" = Catalyst Control Center Core Implementation "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Creator 9 LE "{B8F3555E-B918-445E-97D1-BC4861C4EF59}" = OFFICE One ClipArt v7 "{BA147801-8946-4BBE-BE17-A2199CE52C81}" = OFFICE One 150 Templates v7 "{C514C594-23AA-4F13-A070-DB8BDB27594F}" = Windows Live Mail "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC0C788C-7C68-47A9-BFBF-0DF7B205B4CC}" = OFFICE One Fonts v7 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live "{DCE907E3-4D72-4CD3-A08A-BEFC8C7A5869}" = Branding "{E1A7B28B-AA31-442C-A4FA-598B65A7F5DA}" = OFFICE One License v7 "{E8CD2C36-FABF-4277-A732-B978E20FB88F}" = directDeclaration "{ED8C5498-6C39-92E6-B17F-414BF1722E42}" = Catalyst Control Center Graphics Previews Vista "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F173C327-FAA5-D463-2CBD-A4818C7EDC8C}" = Catalyst Control Center Graphics Full Existing "{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}" = Windows Live installer "{FEC30F06-A382-47D1-B828-859AC641EB1D}" = OFFICE One Startup v7 "43442AE9-6512-4392-B5DD-9167BECD1114_is1" = Infix 4.11 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AdobeReader" = Adobe Reader 8 "avast!" = avast! Antivirus "AxCrypt" = AxCrypt (Désinstaller uniquement) "CCleaner" = CCleaner "CMOS" = Bison 11/28/2006,6.32.03.002 "CREATOR9" = Creator 9 "EBP Btrieve 8.6" = EBP Btrieve 8.6 "EPSON Scanner" = EPSON Scan "EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall "EPSON Stylus SX200_SX400_TX200_TX400 Guide d'utilisation" = EPSON Stylus SX200_SX400_TX200_TX400 Manuel "FileZilla Client" = FileZilla Client 3.1.2 "FirefoxFR" = Firefox "Flashplayer" = Flash Player 9 Internet Explorer "Freeplayer" = Freeplayer "Google Desktop" = Google Desktop "GOOGLE_EARTH" = Google Earth "GoogleBAE" = Google BAE "GoogleDesktop" = GoogleDesktop "GoogleToolbar" = GoogleToolbar "HijackThis" = HijackThis 2.0.2 "Infocentre" = Infocentre Rev. 2.0 "LCDTest" = Packard Bell LCD Test "METABOLI" = Metaboli "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4) "MSWorks85" = Microsoft Works 8.5 "OFFICE" = Office One "PB_DEMO" = Packard Bell Demo "Picasa2" = Picasa2 "Programme de désinstallation AOL" = AOL - Assistant de désinstallation "PROPLUS" = Microsoft Office Professional Plus 2007 "PROR" = Version d'évaluation de Microsoft Office Professional 2007 "Satsuki Decoder Pack" = Satsuki Decoder Pack "SETUPMYPC_FR" = SetUp My PC "Shockwave" = Shockwave player 10 "ShockwaveFlash" = Macromedia Flash Player 8 "SKYPE" = Skype 2.5.2.151 "SynTPDeinstKey" = Synaptics Pointing Device Driver "SystemRequirementsLab" = System Requirements Lab "TxtEdit" = TxtEdit "Ultravnc2_is1" = UltraVNC 1.0.5 "Updator" = Packard Bell Updator "Utilitaires Sierra" = Utilitaires Sierra "VIDEO_RIO" = Video ATI v8.332 "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VideoLAN VLC media player 0.8.6d "Winamp" = Winamp "Winamp Toolbar" = Winamp Toolbar for Internet Explorer "WinRAR archiver" = Archiveur WinRAR [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Antivirus Events ] Error - 11/01/2010 04:48:35 | Computer Name = PC-de-Clément | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Windows\System32\conime.exe failed, 00000005. Error - 18/01/2010 12:43:18 | Computer Name = PC-de-Clément | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Windows\System32\conime.exe failed, 00000005. Error - 10/02/2010 18:21:09 | Computer Name = PC-de-Clément | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Clément\AppData\Local\eMule\config\preferences.ini failed, 00000005. Error - 28/03/2010 05:29:44 | Computer Name = PC-de-Clément | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of F:\photo\SDC11310.JPG failed, 00000570. Error - 11/04/2010 11:56:20 | Computer Name = PC-de-Clément | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Clément\AppData\Local\eMule\config\preferences.ini failed, 00000005. Error - 20/04/2010 06:13:03 | Computer Name = PC-de-Clément | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Clément\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZHONGZFX\epson_fr[1].htm failed, 00000005. Error - 06/05/2010 11:25:05 | Computer Name = PC-de-Clément | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of F:\DCIM\100_PANA\P1000027.JPG failed, 00000005. Error - 01/06/2010 09:50:40 | Computer Name = PC-de-Clément | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Clément\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q2M7GPEB\epson_fr[1].htm failed, 00000005. Error - 06/06/2010 16:29:57 | Computer Name = PC-de-Clément | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Windows\System32\conime.exe failed, 00000005. Error - 12/06/2010 12:30:26 | Computer Name = PC-de-Clément | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Clément\AppData\Local\Temp\bmsaovlw.exe failed, 00000005. [ Application Events ] Error - 10/06/2010 13:17:32 | Computer Name = PC-de-Clément | Source = Application Error | ID = 1000 Description = Application défaillante Yfl.exe, version 0.0.0.0, horodatage 0x4c063e9b, module défaillant unknown, version 0.0.0.0, horodatage 0x00000000, code d’exception 0xc0000005, décalage d’erreur 0x3939044f, ID du processus 0xf9c, heure de début de l’application 0x01cb08be736393ff. Error - 10/06/2010 19:32:16 | Computer Name = PC-de-Clément | Source = Application Error | ID = 1000 Description = Application défaillante Yfl.exe, version 0.0.0.0, horodatage 0x4c063e9b, module défaillant unknown, version 0.0.0.0, horodatage 0x00000000, code d’exception 0xc0000005, décalage d’erreur 0x4f8b0eeb, ID du processus 0x1088, heure de début de l’application 0x01cb08f24f6b6be4. Error - 10/06/2010 20:11:39 | Computer Name = PC-de-Clément | Source = VSS | ID = 8194 Description = Error - 10/06/2010 21:09:56 | Computer Name = PC-de-Clément | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 10/06/2010 21:10:09 | Computer Name = PC-de-Clément | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 10/06/2010 21:15:24 | Computer Name = PC-de-Clément | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 10/06/2010 21:15:50 | Computer Name = PC-de-Clément | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 10/06/2010 21:15:53 | Computer Name = PC-de-Clément | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 10/06/2010 21:21:32 | Computer Name = PC-de-Clément | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 10/06/2010 21:45:47 | Computer Name = PC-de-Clément | Source = Application Error | ID = 1000 Description = Application défaillante AcroRd32.exe, version 8.0.0.456, horodatage 0x453c8fee, module défaillant unknown, version 0.0.0.0, horodatage 0x00000000, code d’exception 0xc0000005, décalage d’erreur 0x09090909, ID du processus 0xd00, heure de début de l’application 0x01cb08b8af210a8e. [ Media Center Events ] Error - 03/05/2010 04:23:24 | Computer Name = PC-de-Clément | Source = MCUpdate | ID = 0 Description = Échec de l'attente du mutex MCUpdate avec l'exception : « Attente terminée en raison d'un mutex abandonné. ». [ OSession Events ] Error - 10/07/2009 10:49:10 | Computer Name = PC-de-Clément | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1093 seconds with 720 seconds of active time. This session ended with a crash. Error - 02/12/2009 04:42:37 | Computer Name = PC-de-Clément | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1865 seconds with 1440 seconds of active time. This session ended with a crash. Error - 07/01/2010 19:56:35 | Computer Name = PC-de-Clément | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3573 seconds with 1440 seconds of active time. This session ended with a crash. Error - 10/01/2010 18:13:17 | Computer Name = PC-de-Clément | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27209 seconds with 120 seconds of active time. This session ended with a crash. [ System Events ] Error - 14/06/2010 13:42:11 | Computer Name = PC-de-Clément | Source = Dhcp | ID = 1000 Description = Votre ordinateur a perdu le bail de son adresse IP 78.251.44.29 sur la carte réseau d'adresse réseau 0015AF2B7489. Error - 14/06/2010 13:48:55 | Computer Name = PC-de-Clément | Source = Dhcp | ID = 1000 Description = Votre ordinateur a perdu le bail de son adresse IP 78.251.47.45 sur la carte réseau d'adresse réseau 0015AF2B7489. Error - 14/06/2010 13:55:26 | Computer Name = PC-de-Clément | Source = Dhcp | ID = 1000 Description = Votre ordinateur a perdu le bail de son adresse IP 78.251.47.45 sur la carte réseau d'adresse réseau 0015AF2B7489. Error - 14/06/2010 18:05:19 | Computer Name = PC-de-Clément | Source = DCOM | ID = 10010 Description = Error - 15/06/2010 01:24:11 | Computer Name = PC-de-Clément | Source = HTTP | ID = 15016 Description = Error - 15/06/2010 01:24:56 | Computer Name = PC-de-Clément | Source = Service Control Manager | ID = 7009 Description = Error - 15/06/2010 01:24:56 | Computer Name = PC-de-Clément | Source = Service Control Manager | ID = 7000 Description = Error - 16/06/2010 03:12:34 | Computer Name = PC-de-Clément | Source = HTTP | ID = 15016 Description = Error - 16/06/2010 03:13:21 | Computer Name = PC-de-Clément | Source = Service Control Manager | ID = 7009 Description = Error - 16/06/2010 03:13:21 | Computer Name = PC-de-Clément | Source = Service Control Manager | ID = 7000 Description = < End of report >

Etape numéro 3

ordinateur ralenti
avast s'ouvre sans arret
internet expolorer s'ouvre tout seul
sur google quand je clique sur un site je suis 1 fois sur 4 redirigé vers un autre site

Je n'ai pas le DVD de réinstallation windows je le fait ce WE normalement.

Merci merci

jeanmimigab · le 16 Juin 2010 10:27

Hummm,

Si avast t'indique cet élément infectieux "sdra64.exe" , n'essaie surtout pas de les supprimer car tu plantera le PC

indique moi la marque et le modèle de ton pc stp...

il faut que l'on soient sûre que tu puisse accéder au système de restauration usine de ton pc en l'absence de ces DVD de restauration car le rootkit a modifié la séquence de démarrage de Vista (winlogon et userinit) et un script le suppression des malwares devra réparer ces éléments de registre ce qui est bien maitrisé pas OTL mais jamais sans risque

il faut impérativement que tu me confirme que tu arrive à accéder au système de restauration du constructeur du PC.
Car si le pc plante après le l'exécution du script, on est mal... :-?

pour faire ces vérifications et si c'est un pc de marque genre HP, Packard Bell, Acer etc.....
Tu peux y accéder en redémarrant le PC et en tapotant la touche F10 ou F11 (suivant les PC)
Pour Acer c'est en général la combinaison ALT+F10 qui permet l'accès au système de restauration

Dit moi si tu as réussi a y accéder :wink:

par contre si c'est un PC monté par un assembleur tu n'y auras pas accès

briscard · le 16 Juin 2010 18:46

Salut je suis pris par le temps je fais tout ca ce WE.. Je te tiens au courant merci merci

jeanmimigab · le 16 Juin 2010 19:25

aucuns soucis, prend ton temps :wink:

briscard · le 17 Juin 2010 08:18

Bonjour,

C'est bon je peux faire une restauration sysytem sans problème, une restauration soit windows soit packard bell.

jeanmimigab · le 17 Juin 2010 09:41

Bonjour,

ok c'est cool, on va bosser plus sereinement :wink:

fais cela stp....

* Fais un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:Files
C:\Users\Clément\AppData\Roaming\sdra64.exe
C:\Users\Clément\AppData\Roaming\lowsec
C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\Users\Clément\oashdihasidhasuidhiasdhiashdiuasdhasd
C:\Users\Clément\AppData\Roaming\alggui.exe
C:\Windows\System32\43332e14.dll
C:\Windows\System32\f7058528.dll
C:\Windows\System32\3b7a7ea3.dll
C:\Windows\System32\Iticheck.dll

:OTL
IE - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
O4 - HKLM\..\Run: [] File not found
O4 - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\..\Run: [Halo2] C:\Users\CLMENT~1\AppData\Local\Temp\sshnas21.DLL File not found
O4 - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\..\Run: [jkklihsys] c:\users\clment~1\appdata\local\temp\geedeb.DLL File not found
O4 - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\..\Run: [M5T8QL3YW3] C:\Users\Clément\AppData\Local\Temp\Yfl.exe File not found
O4 - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\..\Run: [userinit] C:\Users\Clément\AppData\Roaming\sdra64.exe ()
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
[2010/06/16 10:06:06 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/06/16 10:00:05 | 000,000,296 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/06/12 17:41:50 | 000,000,001 | ---- | M] () -- C:\Users\Clément\oashdihasidhasuidhiasdhiashdiuasdhasd

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit"="C:\WINDOWS\system32\userinit.exe,"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-
"AppInit_DLLs"=""

:Commands
[EMPTYFLASH]
[resethosts]
[Emptytemp]

* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport va s'ouvrir "OTL.Txt"
* Copie et colle le rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

ensuite....juste après sans perdre de temps

télécharges >> Malwarebytes <<
Installes le et mets le à jours avant le scan
Choisis "exécuter un examen rapide" et à la fin du scan , coches tous les éléments trouvés,et cliques sur supprimer la sélection.
Postes moi le rapport stp.

Si tu as besoin, tu as un excellent tuto de Danakil ici
tutoriel-malwarebytes-anti-malware-vt-46564.html

@++

briscard · le 17 Juin 2010 10:20

Quand je lance OTL et je clique sur correction, le programe ne répond plus et je n'ai plus que l'écran de fond pas d'icone ni de barre windows. Je suis alors obligé de fermer ma session et de la réouvrire.
Voilà comment est config OTL
Proccessus liste blanche
module liste blanche
services liste blanche
pilotes liste blanche
standar liste blanche
approfondi aucun
age du fichier: 30 jours
fichier crée: age du fichier
fichier modifié:age du fichier
Rapport minimal

le rets n'est pas coché

Merci

jeanmimigab · le 17 Juin 2010 10:47

ont a a faire à un petit malin

c'est pas grave fais comme cela..

Télécharge Rkill COM: Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com
faire un clic droit sur le fichier rkill téléchargé puis choisir "Exécuter en tant qu'administrateur" pour lancer l'outil.
Cela va killer automatiquement les processus associés à l'outil de sécurité et autres programmes de Rogue.
Une fenêtre (très rapide) indiquera que tout s'est bien déroulé.
Ne redémarrez pas votre ordinateur après l'exécution de rkill car les processus malveillants se réactiveront.
Après avoir utilisé rkill (et seulement après)tu fais cela:

refait la manip avec OTL mais avec ce nouveau script:

:Files
C:\Users\Clément\AppData\Roaming\sdra64.exe
C:\Users\Clément\AppData\Roaming\lowsec
C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\Users\Clément\oashdihasidhasuidhiasdhiashdiuasdhasd
C:\Users\Clément\AppData\Roaming\alggui.exe
C:\Windows\System32\43332e14.dll
C:\Windows\System32\f7058528.dll
C:\Windows\System32\3b7a7ea3.dll
C:\Windows\System32\Iticheck.dll

:OTL
IE - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
O4 - HKLM\..\Run: [] File not found
O4 - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\..\Run: [Halo2] C:\Users\CLMENT~1\AppData\Local\Temp\sshnas21.DLL File not found
O4 - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\..\Run: [jkklihsys] c:\users\clment~1\appdata\local\temp\geedeb.DLL File not found
O4 - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\..\Run: [M5T8QL3YW3] C:\Users\Clément\AppData\Local\Temp\Yfl.exe File not found
O4 - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\..\Run: [userinit] C:\Users\Clément\AppData\Roaming\sdra64.exe ()
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
[2010/06/16 10:06:06 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/06/16 10:00:05 | 000,000,296 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/06/12 17:41:50 | 000,000,001 | ---- | M] () -- C:\Users\Clément\oashdihasidhasuidhiasdhiashdiuasdhasd

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit"="C:\WINDOWS\system32\userinit.exe,"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-
"AppInit_DLLs"=""

Laisse travailler OTL au moins deux minutes et redémarre ton pc quand il te le demande :wink:

Si cela ne va toujours pas, fais directement le scan Malwarebytes >> ne supprime pas ce qu'il trouve mais ne ferme pas malwarebytes >> poste moi le rapport et je te dirais si tu peux supprimer :wink:

briscard · le 17 Juin 2010 12:10

OTL plante toujours, mais cette fois je n'ai pas à fermer la session.

Pour malwarebytes, je le lance clik droit executer en tant qu'administrateur un message apparait de confirmation je met oui, ca charge mais rien ne se passe...

J'ai essayé plusieurs fois redémarrer l'ordi, réinstaller malwarebytes toujours la même chose...

Je vais travailler je reviens ce soir.

Merci encore

jeanmimigab · le 17 Juin 2010 15:20

re,

essais une dernière fois OTL avec ce script modifié, ça devrait passer...

PS, fais attention de bien cliquer sue "correction" et non pas sur "Analyse"

si ça va pas on utilisera un outil plus puissant 8)

:Processes
sdra64.exe
alggui.exe

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit"="C:\WINDOWS\system32\userinit.exe,"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-
"AppInit_DLLs"=""

:Files
C:\Users\Clément\AppData\Roaming\sdra64.exe
C:\Users\Clément\AppData\Roaming\lowsec
C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\Users\Clément\oashdihasidhasuidhiasdhiashdiuasdhasd
C:\Users\Clément\AppData\Roaming\alggui.exe
C:\Windows\System32\43332e14.dll
C:\Windows\System32\f7058528.dll
C:\Windows\System32\3b7a7ea3.dll
C:\Windows\System32\Iticheck.dll

:OTL
IE - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
O4 - HKLM\..\Run: [] File not found
O4 - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\..\Run: [Halo2] C:\Users\CLMENT~1\AppData\Local\Temp\sshnas21.DLL File not found
O4 - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\..\Run: [jkklihsys] c:\users\clment~1\appdata\local\temp\geedeb.DLL File not found
O4 - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\..\Run: [M5T8QL3YW3] C:\Users\Clément\AppData\Local\Temp\Yfl.exe File not found
O4 - HKU\S-1-5-21-1531188079-2321126841-1819239067-1002\..\Run: [userinit] C:\Users\Clément\AppData\Roaming\sdra64.exe ()
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
[2010/06/16 10:06:06 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/06/16 10:00:05 | 000,000,296 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/06/12 17:41:50 | 000,000,001 | ---- | M] () -- C:\Users\Clément\oashdihasidhasuidhiasdhiashdiuasdhasd

briscard · le 17 Juin 2010 19:40

Ca plante encore

jeanmimigab · le 17 Juin 2010 20:47

hello,

ont passent au plan B

Télécharge >> The Avenger <<< par Swandog46 sur votre Bureau.

Dézippe le dossier sur ton bureau, cela va créer un dossier "Avenger"

Ouvre le dossier "Avenger", fait un clic-droit sur l'icône de The Avenger et choisie exécuter en tant qu'administrateur".

une fois ouvert, copie le contenue de la citation ci-dessous et colle le dans la partie inférieure de Theavenger (en dessous de "Input Script here").

Files to delete:
C:\Users\Clément\AppData\Roaming\sdra64.exe
C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\Users\Clément\oashdihasidhasuidhiasdhiashdiuasdhasd
C:\Users\Clément\AppData\Roaming\alggui.exe
C:\Windows\System32\43332e14.dll
C:\Windows\System32\f7058528.dll
C:\Windows\System32\3b7a7ea3.dll
C:\Windows\System32\Iticheck.dll

Folders to delete:
C:\Users\Clément\AppData\Roaming\lowsec

Registry values to delete:
HKEY_USERS\S-1-5-21-1531188079-2321126841-1819239067-1002\Software\Microsoft\Windows\CurrentVersion\Run | userinit

/!\ décoche la case "scan for Rootkits" /!\

Clique sur "exécute" et si des invités de commande te demande de cliquer sur "YES" ou "NO", clique à chaque fois sur "YES".

Ton pc risque de redémarrer deux fois pendant l'exécution de "The avenger", c'est normal, laisse le scan allez jusqu'à son terme sans te servir du PC.

Ensuite poste le rapport qui s'ouvre sur ton bureau.

Au cas où, tu peux le retrouver ici >> C:\avenger.txt

@++

Virus win32 rootkit

Virus win32 rootkit

Re: Virus win32 rootkit

Re: Virus win32 rootkit

Re: Virus win32 rootkit

Re: Virus win32 rootkit

Re: Virus win32 rootkit

Re: Virus win32 rootkit

Re: Virus win32 rootkit

Re: Virus win32 rootkit

Re: Virus win32 rootkit

Re: Virus win32 rootkit

Re: Virus win32 rootkit

Re: Virus win32 rootkit

Re: Virus win32 rootkit

Re: Virus win32 rootkit

Sujets similaires

Qui est en ligne