Assiste.Forums

de **maller** » 05 Sep 2008, 23:18

Bonjour,
J'ai suivi les steps P.A.D tant bien que mal. rien à faire, aléatoirement lorsque je clique sur des liens depuis le résultat d'une recherche google, je suis redirigé vers des sites qui n'ont rien à voir.
J'ai passé spybot, defender, qui ont viré le fonds d'écran et le popup de démarrage. Par contre, toujours ce problème de surf.
J'ai fait le P.A.D, les 2 logs de HiJackThis sont identiques le 1 et le 2.
Virtumundo n'a rien trouvé.
Pas encore passé le navilog.

Je soupconne le google updater... (en rouge)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:55:39, on 05.09.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\MAX\Bureau\HiJackThis.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 3498 bytes

Merci pour votre aide.

de **maller** » 05 Sep 2008, 23:58

On peut clore, c'étais des Rootkit. (4 heures sur le problème :evil:

)

de **nickW** » 06 Sep 2008, 00:26

Bonsoir,

Quels outils as-tu utilisés?

Quels étaient les noms des nuisibles?

A suivre,

de **maller** » 06 Sep 2008, 17:04

J'ai utilisé SmitfraudFix.exe
et ensuite AVG Anti-Rootkit.
Les fichiers étaient des TDSSserv.sys et d'autres, tous commençant par TDSS*, apparemment localisés sous SYSTEM32, mais invisibles via l'explorateur (avec affichage fichiers cachés).
Il me semble que c'est OK, mais je constate que maintenant mon UC est en permanence à 100% !! bizarre
:shock:

[edit]
j'ai retrouvé le log :

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\tdssservers.dat détecté, utilisez un scanner de Rootkit
C:\WINDOWS\system32\tdssadw.dll détecté, utilisez un scanner de Rootkit
C:\WINDOWS\system32\tdssinit.dll détecté, utilisez un scanner de Rootkit
C:\WINDOWS\system32\tdssl.dll détecté, utilisez un scanner de Rootkit
C:\WINDOWS\system32\tdsslog.dll détecté, utilisez un scanner de Rootkit
C:\WINDOWS\system32\tdssmain.dll détecté, utilisez un scanner de Rootkit
C:\WINDOWS\system32\drivers\tdssserv.sys détecté, utilisez un scanner de Rootkit

de **nickW** » 07 Sep 2008, 01:34

Bonsoir,

Peux-tu faire ceci:

Au vu de la longueur de la procédure, je te conseille de l'imprimer, d'enregistrer la page dans un fichier HTML (c'est la meilleure solution), ou d'en sélectionner toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC (Note: tu n'auras pas accès à Internet et des redémarrages sont possibles).
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection.

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec).
Sous Windows XP, pour vérifier si un compte a les droits "Administrateur":
Démarrer---->Paramètres---->Panneau de configuration---->Comptes d'utilisateurs
A côté de l'icône représentant certains comptes (hormis celui nommé "Administrateur"), il est indiqué "Administrateur de l'ordinateur"
C'est l'un de ces comptes qu'il faudra utiliser en mode sans échec.

Étape 1: Affichage tous fichiers
Vérifier que ton PC affiche bien tous les fichiers
http://assiste.com.free.fr/p/comment/co ... aches.html

Étape 2: OTViewIt (de OldTimer), téléchargement
Télécharger OTViewIt.exe depuis http://oldtimer.geekstogo.com/OTViewIt.exe
Enregistrer ce fichier sur le Bureau.

Étape 3: SDFix (de Andy Manchesta)
Télécharger SDFix.exe depuis l'un des trois liens ci-dessous:
http://downloads.andymanchesta.com/Remo ... /SDFix.exe
http://download.bleepingcomputer.com/an ... /SDFix.exe
http://sdfix.net/SDFix.exe
Enregistrer ce fichier sur le Bureau.
Faire un double clic sur SDFix.exe pour lancer l'extraction de l'outil dans un dossier SDFix placé à la racine de la partition système (par défaut "C:\").

Étape 4: Mode sans échec
Faire redémarrer le PC en mode sans échec en utilisant la méthode F8 (F5 sur certains PCs). Impératif: ne pas utiliser la méthode "msconfig"!
Voir http://assiste.com.free.fr/p/comment/co ... echec.html
Fermer le plus possible de fenêtres.
Pas de connexion Internet ouverte, pas d'Internet Explorer ouvert.

Étape 5: SDFix
Ouvrir le dossier SDFix qui a été créé à la racine de la partition système, et faire un double clic sur RunThis.bat pour lancer l'outil.
Appuyer sur la touche Y pour lancer l'exécution.
Selon l'infection détectée, un redémarrage immédiat est parfois nécessaire. Accepter, et faire redémarrer le PC en mode sans échec.
L'outil va supprimer les services de certains trojans, effectuer aussi quelques réparations du Registre. Ensuite, il demandera d'appuyer sur une touche pour faire redémarrer le PC.
Appuyer sur n'importe quelle touche pour faire redémarrer le PC (en mode normal).
Le système va mettre plus de temps que d'habitude pour redémarrer car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil va terminer le nettoyage puis afficher Finished.
Appuyer sur n'importe quelle touche pour fermer l'outil et charger les icônes du Bureau.
Une fenêtre du Bloc-notes va s'ouvrir, affichant le rapport de SDFix.
Fermer cette fenêtre.

Étape 6: OTViewIt (de OldTimer)
Fermer toutes les fenêtres de programme ouvertes.
Faire un double clic sur OTViewIt.exe pour lancer l'outil.
Cliquer sur le bouton Run Scan et laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant l'un des deux rapports.
Fermer le Bloc-notes.
Le second rapport est visible dans la Barre des tâches. Le fermer également.
Fermer la fenêtre de OTViewIt.

Étape 7: Résultats
Envoyer en réponse
*- le rapport de SDFix (contenu du fichier Report.txt situé dans le dossier SDFix)

Envoyer ensuite en réponse dans deux messages distincts (à cause de la longueur des logs):
*- les deux rapports de OTViewIt (contenu des fichiers OTViewIt.txt et Extras.txt situés sur le Bureau).

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"

pour continuer dans ce fil de discussion.

A suivre,

de **maller** » 07 Sep 2008, 16:07

Juste une question avant de lancer la procédure, c'est pour effacer les fichiers tdsss* (en principe AVG Anti-Rootkit les à déjà virés) ou pour détecter pourquoi mon UC est à 100% ?
Merci de ta réponse.

de **maller** » 07 Sep 2008, 22:56

log SDfix -- l'UC est toujours à 100 % !!

SDFix: Version 1.222
Run by MAX on 07.09.2008 at 23:36

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Rootkit:
C:\WINDOWS\system32\drivers\tdssserv.sys - Rootkit.Win32.Agent.cku

Name :
tdssserv

Path :
\systemroot\system32\drivers\TDSSserv.sys

tdssserv - Deleted

Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\phcva8j0e77c.bmp - Deleted
C:\WINDOWS\system32\drivers\tdssserv.sys - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 23:46:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:20,0a,5e,a3,ae,0f,d9,22,76,71,f7,a5,d0,c7,95,2f,33,b3,84,27,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:8bda21bb
"s2"=dword:1666c21c
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:20,0a,5e,a3,ae,0f,d9,22,76,71,f7,a5,d0,c7,95,2f,33,b3,84,27,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:20,0a,5e,a3,ae,0f,d9,22,76,71,f7,a5,d0,c7,95,2f,33,b3,84,27,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:20,0a,5e,a3,ae,0f,d9,22,76,71,f7,a5,d0,c7,95,2f,33,b3,84,27,d2,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:Wolfenstein - Enemy Territory"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealOne Player"
"C:\\Program Files\\Cossacks - Back To War\\DMCR.EXE"="C:\\Program Files\\Cossacks - Back To War\\DMCR.EXE:*:Enabled:dmcr"
"C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"="C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\NetAppel\\netappel.exe"="C:\\Program Files\\NetAppel\\netappel.exe:*:Enabled:NetAppel"
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\voipbuster.exe"="C:\\Program Files\\VoipBuster.com\\VoipBuster\\voipbuster.exe:*:Enabled:VoipBuster"
"C:\\Program Files\\Picasa2\\Picasa2.exe"="C:\\Program Files\\Picasa2\\Picasa2.exe:*:Enabled:Picasa2"
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"="C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe:*:Enabled:VoipStunt"
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires 3"
"F:\\Program Files\\eMule\\emule.exe"="F:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"="C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"G:\\Program Files\\uTorrent\\utorrent.exe"="G:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\temp\\vlc\\vlc-0.8.4a-crazy\\vlc.exe"="C:\\temp\\vlc\\vlc-0.8.4a-crazy\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\adslTV\\adsltv.exe"="C:\\Program Files\\adslTV\\adsltv.exe:*:Enabled:adsltv"
"C:\\temp\\OGameAutomizerV0.54\\IeEmbed.exe"="C:\\temp\\OGameAutomizerV0.54\\IeEmbed.exe:*:Enabled:JDesktop Integration Components binary"
"C:\\temp\\OGameAutomizer\\IeEmbed.exe"="C:\\temp\\OGameAutomizer\\IeEmbed.exe:*:Enabled:JDesktop Integration Components binary"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Browser"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"="C:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"="C:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Steam\\SteamApps\\max_aller\\team fortress 2\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\max_aller\\team fortress 2\\hl2.exe:*:Enabled:hl2"
"C:\\WINDOWS\\SYSTEM32\\rundll32.exe"="C:\\WINDOWS\\SYSTEM32\\rundll32.exe:*:Disabled:Ex‚cuter une DLL en tant qu'application"
"C:\\Program Files\\Fichiers communs\\SafeNet Sentinel\\Sentinel RMS License Manager\\WinNT\\lservnt.exe"="C:\\Program Files\\Fichiers communs\\SafeNet Sentinel\\Sentinel RMS License Manager\\WinNT\\lservnt.exe:*:Enabled:Sentinel RMS License Manager"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\WINDOWS\\SYSTEM32\\DRIVERS\\svchost.exe"="C:\\WINDOWS\\SYSTEM32\\DRIVERS\\svchost.exe:*:Disabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 15 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat 3 Jun 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 7 Sep 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.key.bak"
Sun 17 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 13 Nov 2004 37,376 ...H. --- "C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe"
Sat 21 Jun 2003 377,344 A..H. --- "C:\Program Files\Smart Projects\IsoBuster\Help\AHlp.exe"

Finished!

de **maller** » 07 Sep 2008, 22:57

OTViewIt.txt

OTViewIt logfile created on: 07.09.2008 23:52:13 - Run 1
OTViewIt by OldTimer - Version 1.0.1.8 Folder = C:\Documents and Settings\MAX\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000100C | Country: Suisse | Language: FRS | Date Format: dd.MM.yyyy

1023.00 Mb Total Physical Memory | 617.54 Mb Available Physical Memory | 60.37% Memory free
2.41 Gb Paging File | 2.13 Gb Available in Paging File | 88.51% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 29.20 Gb Free Space | 26.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 149.05 Gb Total Space | 50.00 Gb Free Space | 33.55% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILLE
Current User Name: MAX
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

===== Processes - Non-Microsoft Only =====

[03.20.2006 04:40 PM | 00,304,640 | ---- | M] (XIMETA, Inc.) - C:\Program Files\NDAS\System\ndassvc.exe
[03.20.2006 04:40 PM | 00,220,160 | ---- | M] (XIMETA, Inc.) - C:\Program Files\NDAS\System\ndasmgmt.exe

===== Win32 Services - Non-Microsoft Only =====

(ATI Smart) ATI Smart [Auto | Stopped]
[12.20.2007 10:05 PM | 00,593,920 | ---- | M] () - C:\WINDOWS\SYSTEM32\ati2sgag.exe

(ndassvc) NDAS Service [Auto | Stop_Pending]
[03.20.2006 04:40 PM | 00,304,640 | ---- | M] (XIMETA, Inc.) - C:\Program Files\NDAS\System\ndassvc.exe

(PnkBstrA) PnkBstrA [Disabled | Stopped]
[09.11.2007 09:14 PM | 00,066,872 | ---- | M] () - C:\WINDOWS\SYSTEM32\PnkBstrA.exe

(PnkBstrB) PnkBstrB [Disabled | Stopped]
[07.02.2008 11:12 PM | 00,107,832 | ---- | M] () - C:\WINDOWS\SYSTEM32\PnkBstrB.exe

(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [On_Demand | Stopped]
[05.09.2006 06:24 PM | 00,086,016 | ---- | M] (CACE Technologies) - C:\Program Files\WinPcap\rpcapd.exe

(Sentinel RMS License Manager) Sentinel RMS License Manager [Disabled | Stopped]
[10.31.2007 08:10 AM | 00,782,336 | ---- | M] (SafeNet, Inc.) - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel RMS License Manager\WinNT\lservnt.exe

===== Driver Services - Non-Microsoft Only =====

(Amfilter) Trust Mouse Filter Driver [System | Running]
[03.16.2006 02:00 PM | 00,008,704 | R--- | M] ((Standard Mouse Types)) - C:\WINDOWS\SYSTEM32\DRIVERS\Amfilter.sys

(Amusbprt) Trust HID-compliant Mouse Driver [On_Demand | Running]
[05.09.2006 05:43 PM | 00,013,312 | R--- | M] ((Standard Mouse Types)) - C:\WINDOWS\SYSTEM32\DRIVERS\Amusbprt.sys

(BANTExt) Belarc SMBios Access [System | Running]
[03.06.2003 02:48 PM | 00,003,840 | ---- | M] () - C:\WINDOWS\SYSTEM32\DRIVERS\BANTExt.sys

(catchme) catchme [On_Demand | Running]
File not found - C:\DOCUME~1\MAX\LOCALS~1\Temp\catchme.sys

(driverhardwarev2) driverhardwarev2 [On_Demand | Stopped]
[06.14.2005 10:22 PM | 00,005,120 | ---- | M] () - C:\Program Files\hardwaredetection\driverhardwarev2.sys

(ElbyCDFL) ElbyCDFL [On_Demand | Running]
[12.12.2001 08:31 PM | 00,004,608 | ---- | M] (Elaborate Bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ElbyCDFL.sys

(ElbyCDIO) ElbyCDIO Driver [Auto | Running]
[01.02.2002 02:09 PM | 00,013,268 | ---- | M] (Elaborate Bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ElbyCDIO.sys

(giveio) giveio [Boot | Running]
[04.03.1996 09:33 PM | 00,005,248 | ---- | M] () - C:\WINDOWS\SYSTEM32\giveio.sys

(lfsfilt) Lean File Sharing [Boot | Running]
[03.20.2006 04:40 PM | 00,140,160 | ---- | M] (XIMETA, Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\lfsfilt.sys

(lpx) LPX Protocol [Boot | Running]
[03.20.2006 04:39 PM | 00,044,288 | ---- | M] (XIMETA, Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\lpx.sys

(mraid35x) mraid35x [Disabled | Stopped]
[08.17.2001 11:52 PM | 00,017,280 | ---- | M] (American Megatrends Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS

(ndasbus) NDAS Bus Driver [On_Demand | Running]
[03.20.2006 04:39 PM | 00,059,136 | ---- | M] (XIMETA, Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\ndasbus.sys

(ndasscsi) NDAS SCSI Miniport Driver [On_Demand | Stopped]
[03.20.2006 04:39 PM | 00,115,584 | ---- | M] (XIMETA, Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\ndasscsi.sys

(NPF) NetGroup Packet Filter Driver [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\drivers\npf.sys

(PalmUSBD) PalmUSBD [On_Demand | Stopped]
[11.29.2001 04:01 PM | 00,012,338 | ---- | M] (Palm, Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys

(PnkBstrK) PnkBstrK [On_Demand | Stopped]
[07.02.2008 11:13 PM | 00,023,352 | ---- | M] () - C:\WINDOWS\SYSTEM32\DRIVERS\PnkBstrK.sys

(prodrv06) StarForce Protection Environment Driver v6 [System | Running]
[05.13.2004 01:19 PM | 00,079,488 | ---- | M] (Protection Technology) - C:\WINDOWS\SYSTEM32\DRIVERS\prodrv06.sys

(prohlp02) StarForce Protection Helper Driver v2 [Boot | Running]
[05.13.2004 03:00 PM | 00,111,808 | ---- | M] (Protection Technology) - C:\WINDOWS\SYSTEM32\DRIVERS\prohlp02.sys

(prosync1) StarForce Protection Synchronization Driver v1 [Boot | Running]
[09.06.2003 02:22 PM | 00,006,944 | ---- | M] (Protection Technology) - C:\WINDOWS\SYSTEM32\DRIVERS\prosync1.sys

(Sentinel) Sentinel [Auto | Running]
[04.27.2007 07:40 AM | 00,090,688 | ---- | M] (SafeNet, Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\sentinel.sys

(sfdrv01) StarForce Protection Environment Driver (version 1.x) [Boot | Running]
[08.10.2005 02:44 PM | 00,050,688 | ---- | M] (Protection Technology) - C:\WINDOWS\SYSTEM32\DRIVERS\sfdrv01.sys

(sfhlp01) StarForce Protection Helper Driver [Boot | Running]
[12.01.2003 05:20 PM | 00,004,832 | ---- | M] (Protection Technology) - C:\WINDOWS\SYSTEM32\DRIVERS\sfhlp01.sys

(sfhlp02) StarForce Protection Helper Driver (version 2.x) [Boot | Running]
[05.16.2005 03:20 PM | 00,006,656 | ---- | M] (Protection Technology) - C:\WINDOWS\SYSTEM32\DRIVERS\sfhlp02.sys

(sfsync02) StarForce Protection Synchronization Driver (version 2.x) [Boot | Running]
[11.29.2004 08:14 PM | 00,019,648 | ---- | M] (Protection Technology) - C:\WINDOWS\SYSTEM32\DRIVERS\sfsync02.sys

(Sparrow) Sparrow [Disabled | Stopped]
[08.18.2001 12:07 AM | 00,019,072 | ---- | M] (Adaptec, Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS

(sptd) sptd [Boot | Running]
[10.12.2006 09:39 PM | 00,611,064 | ---- | M] () - C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys

(SVKP) SVKP [Auto | Running]
[01.05.2005 11:38 PM | 00,002,368 | ---- | M] (AntiCracking) - C:\WINDOWS\SYSTEM32\SVKP.sys

(vaxscsi) vaxscsi [On_Demand | Stopped]
[10.12.2006 09:41 PM | 00,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) - C:\WINDOWS\SYSTEM32\DRIVERS\vaxscsi.sys

(ZSMC301b) Philips SPC 300NC PC Camera [On_Demand | Running]
[01.26.2005 04:28 PM | 00,091,527 | ---- | M] (VM) - C:\WINDOWS\SYSTEM32\DRIVERS\usbVM31b.sys

========== Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC" = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP [06.17.2008 06:32 PM | 00,579,584 | ---- | M] (GRISOFT, s.r.o.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

========== Startup Folders ==========

[All Users Startup Folder - C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
[03.20.2006 04:40 PM | 00,220,160 | ---- | M] (XIMETA, Inc.) - C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe

========== BHO's ==========

========== Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - File not found Reg Error: Key does not exist or could not be opened.

========== AppInit_Dlls ==========

========== HKLM Security Providers ==========

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
= Explorer.exe
>Explorer.exe - [04.14.2008 04:34 AM | 01,037,824 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
= C:\WINDOWS\system32\userinit.exe,
>C:\WINDOWS\system32\userinit.exe - [04.14.2008 04:34 AM | 00,026,624 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SYSTEM32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
= logonui.exe
>logonui.exe - [04.14.2008 04:34 AM | 00,515,584 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SYSTEM32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
= rundll32 shell32,Control_RunDLL "sysdm.cpl"
>rundll32 shell32 - [04.14.2008 04:33 AM | 08,517,632 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SYSTEM32\shell32.dll
>Control_RunDLL "sysdm.cpl" - [04.14.2008 04:34 AM | 00,307,200 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SYSTEM32\sysdm.cpl

========== User's Winlogon Settings ==========

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DllName" = C:\WINDOWS\SYSTEM32\ati2evxx.dll [12.21.2007 04:58 AM | 00,122,880 | ---- | M] (ATI Technologies Inc.)

========== Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"" =
"NoDriveTypeAutoRun" = _ [binary data]
"NoCDBurning" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 91 00 00 00 [binary data]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

========== Lsa Authentication Packages ==========

========== Lsa Security Packages ==========

========== Desktop Components ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "Ma page d'accueil"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

========== Safeboot Options ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

========== Disabled MsConfig Items ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin.lnk]
"path" = C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin.lnk File not found
"backup" = C:\WINDOWS\pss\TrayMin.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Philips\SPC 300NC PC Camera\TrayMin.exe [02.04.2005 02:57 PM | 00,282,624 | ---- | M] ()
"item" = TrayMin

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^MAX^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
"path" = C:\Documents and Settings\MAX\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk File not found
"backup" = C:\WINDOWS\pss\OpenOffice.org File not found
"location" = Startup
"command" = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [12.14.2005 06:01 PM | 00,061,440 | ---- | M] ()
"item" = OpenOffice.org 2.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BigDogPath]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\VM_STI.EXE [06.09.2004 04:37 PM | 00,040,960 | ---- | M] (BIGDOG)
"hkey" = HKLM
"command" = C:\WINDOWS\VM_STI.EXE [06.09.2004 04:37 PM | 00,040,960 | ---- | M] (BIGDOG)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\SYSTEM32\ctfmon.exe [04.14.2008 04:33 AM | 00,015,360 | ---- | M] (Microsoft Corporation)
"hkey" = HKCU
"command" = C:\WINDOWS\SYSTEM32\ctfmon.exe [04.14.2008 04:33 AM | 00,015,360 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dla]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = tfswctrl
"hkey" = HKLM
"command" = C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe [08.06.2003 03:04 AM | 00,114,741 | ---- | M] (Sonic Solutions)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = iTunesHelper
"hkey" = HKLM
"command" = C:\Program Files\iTunes\iTunesHelper.exe [09.25.2006 02:54 PM | 00,229,952 | ---- | M] (Apple Computer, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lexmark X1100 Series]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = lxbkbmgr
"hkey" = HKLM
"command" = C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [08.19.2003 11:48 AM | 00,057,344 | ---- | M] (Lexmark International, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OrderReminder]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = OrderReminder
"hkey" = HKLM
"command" = C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = TeaTimer
"hkey" = HKCU
"command" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [08.18.2008 06:41 PM | 01,832,272 | RHS- | M] (Safer Networking Limited)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = CLIStart
"hkey" = HKLM
"command" = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [11.10.2006 01:35 PM | 00,090,112 | ---- | M] ()
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = jusched
"hkey" = HKLM
"command" = C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [06.10.2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = realsched
"hkey" = HKLM
"command" = C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [11.27.2004 02:45 AM | 00,180,269 | ---- | M] (RealNetworks, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WheelMouse]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = Amoumain
"hkey" = HKLM
"command" = C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe [09.29.2006 11:00 AM | 00,163,840 | ---- | M] ()
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 0
"startup" = 2

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[09.18.2002 01:35 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

autorun []
[05.02.2003 03:47 PM | RH-D | M] G:\autorun [ NTFS ]

autorun.inf [[autorun] | ICON=AUTORUN\WDLOGO.ICO | ]
[10.17.2002 09:56 AM | 00,000,036 | RH-- | M] () G:\autorun.inf [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{686036b8-24f2-11dc-a31e-000cf1a3f9a0}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6e86d6e-5a29-11db-a1b8-000cf1a3f9a0}\Shell]
"" = None

========== DNS Name Servers ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{4A1278ED-8945-4325-944C-C9E44C3BFD8D}]
Servers: 212.27.40.240,212.27.40.241 | Description: Intel(R) PRO/100 VE Network Connection

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{905AE6BE-70F0-424C-8C60-6F5B5076356F}]
Servers: | Description:

========== Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== Files/Folders - Created Within 30 days ==========

[09.05.2008 11:56 PM | ---D | C] - C:\VundoFix Backups
[09.06.2008 04:41 PM | RH-D | C] - C:\AHCache
[09.07.2008 11:10 PM | ---D | C] - C:\SDFix
[09.07.2008 11:43 PM | 10,727,62880 | -HS- | C] () - C:\hiberfil.sys
[09.05.2008 04:06 PM | 00,000,174 | ---- | C] () - C:\WINDOWS\System32\tdssservers.da_
[09.05.2008 04:06 PM | 00,012,288 | ---- | C] () - C:\WINDOWS\System32\tdssserf.dl_
[09.05.2008 04:06 PM | 00,032,768 | ---- | C] () - C:\WINDOWS\System32\tdssadw.dl_
[09.05.2008 04:06 PM | 00,058,689 | ---- | C] () - C:\WINDOWS\System32\tdssinit.dl_
[09.06.2008 04:59 PM | 00,000,216 | ---- | C] () - C:\WINDOWS\System32\spupdsvc.inf
[09.06.2008 12:31 AM | 00,000,344 | ---- | C] () - C:\WINDOWS\System32\tmp.reg
[2 C:\WINDOWS\*.tmp files]
[09.07.2008 11:32 PM | ---D | C] - C:\WINDOWS\ERUNT
[09.05.2008 06:56 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[09.06.2008 05:13 PM | ---D | C] - C:\Documents and Settings\MAX\Application Data\uniblue
[09.05.2008 11:30 PM | 00,198,561 | ---- | C] () - C:\Documents and Settings\MAX\Mes documents\cc_20080905_2330.reg
[09.06.2008 12:43 AM | 00,000,828 | ---- | C] () - C:\Documents and Settings\All Users\Bureau\AVG Anti-Rootkit Free.lnk
[09.03.2008 12:05 PM | 00,200,631 | ---- | C] () - C:\Documents and Settings\MAX\Bureau\scoala_vic.jpg
[09.03.2008 12:06 PM | 00,361,493 | ---- | C] () - C:\Documents and Settings\MAX\Bureau\scoala_vic1.jpg
[09.05.2008 06:32 PM | 00,040,599 | ---- | C] () - C:\Documents and Settings\MAX\Bureau\spybotsd_includes.exe
[09.05.2008 06:56 PM | 00,000,933 | ---- | C] () - C:\Documents and Settings\MAX\Bureau\Spybot - Search & Destroy.lnk
[09.05.2008 09:01 PM | ---D | C] - C:\Documents and Settings\MAX\Bureau\backups
[09.05.2008 09:40 PM | 01,445,888 | ---- | C] (Option^Explicit Software Solutions) - C:\Documents and Settings\MAX\Bureau\WinsockxpFix.exe
[09.05.2008 11:14 PM | 00,066,228 | ---- | C] () - C:\Documents and Settings\MAX\Bureau\assiste.htm
[09.05.2008 11:14 PM | ---D | C] - C:\Documents and Settings\MAX\Bureau\assiste_fichiers
[09.05.2008 11:35 PM | 00,096,978 | ---- | C] (Business Information Solutions) - C:\Documents and Settings\MAX\Bureau\VirtumundoBeGone.exe
[09.05.2008 11:36 PM | 01,576,605 | ---- | C] () - C:\Documents and Settings\MAX\Bureau\SmitfraudFix.exe
[09.05.2008 11:37 PM | 00,571,505 | ---- | C] (IL-MAFIOSO ) - C:\Documents and Settings\MAX\Bureau\Navilog1.exe
[09.06.2008 12:30 AM | ---D | C] - C:\Documents and Settings\MAX\Bureau\SmitfraudFix
[09.06.2008 12:43 AM | 00,423,736 | ---- | C] () - C:\Documents and Settings\MAX\Bureau\avgarkt-setup-1.1.0.42.exe
[09.07.2008 11:07 PM | 01,422,029 | ---- | C] () - C:\Documents and Settings\MAX\Bureau\SDFix.exe
[09.06.2008 05:48 PM | 00,001,821 | ---- | C] () - C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NDAS Device Management.lnk
[09.05.2008 06:56 PM | ---D | C] - C:\Program Files\Spybot - Search & Destroy
[09.06.2008 05:11 PM | ---D | C] - C:\Program Files\Uniblue

========== Files - Modified Within 30 days ==========

[09.06.2008 05:48 PM | 00,000,216 | -HS- | M] () - C:\BOOT.INI
[09.07.2008 11:43 PM | 10,727,62880 | -HS- | M] () - C:\hiberfil.sys
[09.05.2008 09:01 PM | 00,000,790 | ---- | M] () - C:\WINDOWS\System32\drivers\ETC\hosts.bak
[09.07.2008 11:36 PM | 00,000,686 | ---- | M] () - C:\WINDOWS\System32\drivers\ETC\HOSTS
[3 C:\WINDOWS\System32\*.tmp files]
[09.05.2008 04:06 PM | 00,000,174 | ---- | M] () - C:\WINDOWS\System32\tdssservers.da_
[09.05.2008 04:06 PM | 00,012,288 | ---- | M] () - C:\WINDOWS\System32\tdssserf.dl_
[09.05.2008 04:06 PM | 00,032,768 | ---- | M] () - C:\WINDOWS\System32\tdssadw.dl_
[09.06.2008 04:56 PM | 00,071,060 | ---- | M] () - C:\WINDOWS\System32\PERFC009.DAT
[09.06.2008 04:56 PM | 00,084,526 | ---- | M] () - C:\WINDOWS\System32\perfc00C.dat
[09.06.2008 04:56 PM | 00,441,124 | ---- | M] () - C:\WINDOWS\System32\PERFH009.DAT
[09.06.2008 04:56 PM | 00,510,324 | ---- | M] () - C:\WINDOWS\System32\perfh00C.dat
[09.06.2008 04:56 PM | 01,076,352 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[09.06.2008 04:59 PM | 00,000,216 | ---- | M] () - C:\WINDOWS\System32\spupdsvc.inf
[09.06.2008 05:06 PM | 00,151,584 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[09.06.2008 12:46 AM | 00,058,689 | ---- | M] () - C:\WINDOWS\System32\tdssinit.dl_
[09.06.2008 12:50 AM | 00,000,344 | ---- | M] () - C:\WINDOWS\System32\tmp.reg
[09.07.2008 11:45 PM | 00,001,170 | ---- | M] () - C:\WINDOWS\System32\WPA.DBL
[2 C:\WINDOWS\*.tmp files]
[08.25.2008 11:59 PM | 00,000,125 | ---- | M] () - C:\WINDOWS\combit.ini
[08.25.2008 11:59 PM | 00,000,840 | ---- | M] () - C:\WINDOWS\CCWINPAY.INI
[08.25.2008 11:59 PM | 00,000,908 | ---- | M] () - C:\WINDOWS\CMBTLL.ini
[09.03.2008 12:06 PM | 00,001,594 | ---- | M] () - C:\WINDOWS\pstudio.ini
[09.06.2008 03:31 PM | 00,000,049 | ---- | M] () - C:\WINDOWS\NeroDigital.ini
[09.06.2008 05:48 PM | 00,000,254 | ---- | M] () - C:\WINDOWS\SYSTEM.INI
[09.06.2008 05:48 PM | 00,001,227 | ---- | M] () - C:\WINDOWS\WIN.INI
[09.07.2008 11:44 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\BOOTSTAT.DAT
[09.07.2008 11:44 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[09.07.2008 11:44 PM | 00,000,330 | -H-- | M] () - C:\WINDOWS\tasks\MP Scheduled Scan.job
[09.06.2008 03:36 PM | 00,008,704 | ---- | M] () - C:\Documents and Settings\MAX\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[09.06.2008 05:11 PM | 00,026,936 | ---- | M] () - C:\Documents and Settings\MAX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[09.05.2008 11:30 PM | 00,198,561 | ---- | M] () - C:\Documents and Settings\MAX\Mes documents\cc_20080905_2330.reg
[09.07.2008 09:29 PM | 00,000,569 | ---- | M] () - C:\Documents and Settings\MAX\Mes documents\Mes dossiers de partage.lnk
[09.06.2008 12:43 AM | 00,000,828 | ---- | M] () - C:\Documents and Settings\All Users\Bureau\AVG Anti-Rootkit Free.lnk
[09.03.2008 12:05 PM | 00,200,631 | ---- | M] () - C:\Documents and Settings\MAX\Bureau\scoala_vic.jpg
[09.03.2008 12:06 PM | 00,361,493 | ---- | M] () - C:\Documents and Settings\MAX\Bureau\scoala_vic1.jpg
[09.05.2008 06:34 PM | 00,040,599 | ---- | M] () - C:\Documents and Settings\MAX\Bureau\spybotsd_includes.exe
[09.05.2008 06:56 PM | 00,000,933 | ---- | M] () - C:\Documents and Settings\MAX\Bureau\Spybot - Search & Destroy.lnk
[09.05.2008 09:40 PM | 01,445,888 | ---- | M] (Option^Explicit Software Solutions) - C:\Documents and Settings\MAX\Bureau\WinsockxpFix.exe
[09.05.2008 11:37 PM | 00,096,978 | ---- | M] (Business Information Solutions) - C:\Documents and Settings\MAX\Bureau\VirtumundoBeGone.exe
[09.05.2008 11:37 PM | 00,571,505 | ---- | M] (IL-MAFIOSO ) - C:\Documents and Settings\MAX\Bureau\Navilog1.exe
[09.06.2008 12:29 AM | 01,576,605 | ---- | M] () - C:\Documents and Settings\MAX\Bureau\SmitfraudFix.exe
[09.06.2008 12:42 AM | 00,423,736 | ---- | M] () - C:\Documents and Settings\MAX\Bureau\avgarkt-setup-1.1.0.42.exe
[09.07.2008 11:09 PM | 01,422,029 | ---- | M] () - C:\Documents and Settings\MAX\Bureau\SDFix.exe
[09.07.2008 11:12 PM | 00,066,228 | ---- | M] () - C:\Documents and Settings\MAX\Bureau\assiste.htm

<End>

de **maller** » 07 Sep 2008, 22:58

Extras.txt

OTViewIt Extras logfile created on: 07.09.2008 23:52:13 - Run 1
OTViewIt by OldTimer - Version 1.0.1.8 Folder = C:\Documents and Settings\MAX\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000100C | Country: Suisse | Language: FRS | Date Format: dd.MM.yyyy

1023.00 Mb Total Physical Memory | 617.54 Mb Available Physical Memory | 60.37% Memory free
2.41 Gb Paging File | 2.13 Gb Available in Paging File | 88.51% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 29.20 Gb Free Space | 26.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 149.05 Gb Total Space | 50.00 Gb Free Space | 33.55% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[04.14.2008 04:34 AM | 00,142,848 | ---- | M] (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[04.13.2008 08:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[10.18.2007 11:34 AM | 05,724,184 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[10.02.2007 05:18 PM | 00,304,488 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[04.14.2008 04:34 AM | 00,142,848 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe" = C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:Wolfenstein - Enemy Territory
[05.08.2006 09:37 AM | 01,286,144 | ---- | M] ()

"C:\Program Files\Real\RealOne Player\realplay.exe" = C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealOne Player
[11.27.2004 02:45 AM | 00,204,845 | ---- | M] (RealNetworks, Inc.)

"C:\Program Files\Cossacks - Back To War\DMCR.EXE" = C:\Program Files\Cossacks - Back To War\DMCR.EXE:*:Enabled:dmcr
[09.13.2002 12:12 PM | 02,772,431 | ---- | M] (-GSC-)

"C:\WINDOWS\SYSTEM32\dpvsetup.exe" = C:\WINDOWS\SYSTEM32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[04.14.2008 04:34 AM | 00,083,456 | ---- | M] (Microsoft Corporation)

"C:\Program Files\NetAppel\netappel.exe" = C:\Program Files\NetAppel\netappel.exe:*:Enabled:NetAppel
File not found

"C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe" = C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe:*:Enabled:VoipBuster
File not found

"C:\Program Files\Picasa2\Picasa2.exe" = C:\Program Files\Picasa2\Picasa2.exe:*:Enabled:Picasa2
[09.28.2007 03:17 AM | 05,604,920 | ---- | M] (Google Inc.)

"C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" = C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:*:Enabled:VoipStunt
File not found

"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3
File not found

"F:\Program Files\eMule\emule.exe" = F:\Program Files\eMule\emule.exe:*:Enabled:eMule
File not found

"C:\Program Files\Grisoft\AVG Free\avginet.exe" = C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe
[06.17.2008 06:32 PM | 00,510,976 | ---- | M] (GRISOFT, s.r.o.)

"C:\Program Files\Grisoft\AVG Free\avgemc.exe" = C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe
[01.25.2008 09:48 PM | 00,406,528 | ---- | M] (GRISOFT, s.r.o.)

"C:\WINDOWS\SYSTEM32\LEXPPS.EXE" = C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE
[08.18.2003 11:32 AM | 00,174,592 | ---- | M] (Lexmark International, Inc.)

"C:\Program Files\Freeplayer\vlc\vlc.exe" = C:\Program Files\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player
[09.02.2005 09:24 PM | 06,415,360 | ---- | M] ()

"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player
File not found

"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player
[05.27.2008 10:50 AM | 07,677,232 | ---- | M] (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[09.25.2006 02:54 PM | 15,262,784 | ---- | M] (Apple Computer, Inc.)

"G:\Program Files\uTorrent\utorrent.exe" = G:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent
[09.03.2008 08:54 PM | 00,267,056 | ---- | M] (BitTorrent, Inc.)

"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe" = C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe
[12.13.2007 12:24 AM | 00,418,816 | ---- | M] (GRISOFT, s.r.o.)

"C:\Program Files\Grisoft\AVG Free\avgcc.exe" = C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe
[06.17.2008 06:32 PM | 00,579,584 | ---- | M] (GRISOFT, s.r.o.)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[04.13.2008 08:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)

"C:\temp\vlc\vlc-0.8.4a-crazy\vlc.exe" = C:\temp\vlc\vlc-0.8.4a-crazy\vlc.exe:*:Enabled:VLC media player
File not found

"C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire
[07.22.2008 02:42 AM | 03,050,832 | ---- | M] (Xfire Inc.)

"C:\Program Files\adslTV\adsltv.exe" = C:\Program Files\adslTV\adsltv.exe:*:Enabled:adsltv
File not found

"C:\temp\OGameAutomizerV0.54\IeEmbed.exe" = C:\temp\OGameAutomizerV0.54\IeEmbed.exe:*:Enabled:JDesktop Integration Components binary
File not found

"C:\temp\OGameAutomizer\IeEmbed.exe" = C:\temp\OGameAutomizer\IeEmbed.exe:*:Enabled:JDesktop Integration Components binary
File not found

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Browser
[07.19.2008 08:27 PM | 00,307,712 | ---- | M] (Mozilla Corporation)

"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
[06.23.2008 11:21 AM | 00,625,664 | ---- | M] (Microsoft Corporation)

"C:\WINDOWS\SYSTEM32\PnkBstrA.exe" = C:\WINDOWS\SYSTEM32\PnkBstrA.exe:*:Enabled:PnkBstrA
[09.11.2007 09:14 PM | 00,066,872 | ---- | M] ()

"C:\WINDOWS\SYSTEM32\PnkBstrB.exe" = C:\WINDOWS\SYSTEM32\PnkBstrB.exe:*:Enabled:PnkBstrB
[07.02.2008 11:12 PM | 00,107,832 | ---- | M] ()

"C:\Program Files\Steam\SteamApps\max_aller\team fortress 2\hl2.exe" = C:\Program Files\Steam\SteamApps\max_aller\team fortress 2\hl2.exe:*:Enabled:hl2
[02.04.2008 11:39 PM | 00,098,304 | ---- | M] ()

"C:\WINDOWS\SYSTEM32\rundll32.exe" = C:\WINDOWS\SYSTEM32\rundll32.exe:*:Disabled:Exécuter une DLL en tant qu'application
[04.14.2008 04:34 AM | 00,033,792 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel RMS License Manager\WinNT\lservnt.exe" = C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel RMS License Manager\WinNT\lservnt.exe:*:Enabled:Sentinel RMS License Manager
[10.31.2007 08:10 AM | 00,782,336 | ---- | M] (SafeNet, Inc.)

"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
File not found

"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
File not found

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[10.18.2007 11:34 AM | 05,724,184 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[10.02.2007 05:18 PM | 00,304,488 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[12.19.2005 06:09 PM | 19,446,312 | ---- | M] ()

"C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe" = C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe:*:Disabled:svchost
File not found

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - "%1" %*
.cmd [@ = cmdfile] - "%1" %*
.com [@ = comfile] - "%1" %*
.exe [@ = exefile] - "%1" %*
.html [@ = FirefoxHTML] - [07.19.2008 08:27 PM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
.pif [@ = piffile] - "%1" %*
.scr [@ = scrfile] - "%1" /S

========== Winsock2 Catalogs ==========

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========

========== HKEY_CURRENT_USER Protocol Defaults ==========

========== Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

belarc:{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} [HKLM - VoilaXctl Class]
[01.22.2004 07:44 PM | 00,033,280 | ---- | M] (Belarc, Inc.) C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

========== Protocol Filters ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0A06D517-BEE7-2D03-9792-CF1A30E29A70}" = Skins
"{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}" = MSXML 6.0 Parser (KB933579)
"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
"{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}" = Security Update for CAPICOM (KB931906)
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1481D8E3-EA17-7697-3738-F5AA7784C902}" = ccc-utility
"{1D643CD0-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{269A4095-DB55-4D35-8FD0-39957D26BEEC}" = Philips VLounge
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37477865-A3F1-4772-AD43-AAFC6BCFF99F}" = MSXML 4.0 SP2 (KB927978)
"{37546E1B-16D3-4531-A445-26B0250D25E1}" = Sentinel RMS License Manager 8.1.1
"{3869903C-0EF4-48D9-A12F-145AD549BA12}" = OpenOffice.org 2.0
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{410438A3-B591-4028-B70A-3CC0B33FBCD1}" =
"{4C0F15CA-2032-5D72-F209-A89E02A5FE0F}" = CCC Help English
"{5878FF02-3B8F-4309-B4E5-0D3DB6F2E8E6}" = iTunes
"{59A67AEF-CABF-32CA-5407-55049E899A11}" = Catalyst Control Center Graphics Light
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = Sonic MyDVD
"{64D114CE-4234-45C2-B60A-2B07D5A48F72}" = Microsoft Works 7.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
"{81D62C32-0984-11D3-86CD-00105AD33021}" = Caere Scan Manager 5.1
"{8C64E149-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{901A5511-070B-20DF-2F5A-5FA29C302C2A}" = Catalyst Control Center Graphics Full Existing
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{943803CB-20FA-F4EB-E4A6-A3B055A1DC2E}" = ccc-core-preinstall
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9EE5A621-A673-37C4-E31A-A7D5696B6F29}" = Catalyst Control Center Graphics Previews Common
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A12A36D3-ACB7-11D9-8E75-000D614181EB}" = NDAS Software 3.11.1327
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
"{AC76BA86-0000-7EC8-7489-000000000702}" = Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
"{AC76BA86-0000-7EC8-7489-000000000703}" = Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Assistant de connexion Windows Live
"{B2F6B336-798D-77C2-21C9-392D4B0188F9}" = Catalyst Control Center Core Implementation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B78EAA23-2D9B-CD91-6ABF-B96EC49BBA37}" = ccc-core-static
"{BA0F44C2-A883-11D1-AD0A-006097D15E2C}" = Palm Desktop
"{BADF6744-3787-48F6-B8C9-4C4995401D65}" = Windows Live Messenger
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595" = Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D9758C4B-CDD0-536F-D90E-9D74AFC3A35E}" = Catalyst Control Center Graphics Full New
"{E12A328A-7F9C-48FB-9E98-F51549FEC2B6}" = Philips SPC 300NC PC Camera
"{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}" = Windows Live installer
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"All ATI Software" = ATI - Software Uninstall Utility
"ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
"ATI Display Driver" = ATI Display Driver
"AVG7Uninstall" = AVG Free Edition
"AVGantiRootkit" = AVG Anti-Rootkit Free
"AVIcodec" = AVIcodec (remove only)
"Belarc Advisor 2.0" = Belarc Advisor 6.1
"CCleaner" = CCleaner (remove only)
"CDisplay_is1" = CDisplay 1.8
"CloneCD" = CloneCD
"Cosmic Switch" = Cosmic Switch
"Cossacks : Back To War" = Cossacks - Back To War
"Cossacks II" = Cossacks II
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"eMule" = eMule
"EW : Cossacks" = EW : Cossacks
"Freeplayer" = Freeplayer
"GeTax PP 2007" = GeTax PP 2007
"GeTax2005" = GeTax2005
"GeTax2006" = GeTax2006
"HijackThis" = HijackThis 2.0.2
"ie7" = Windows Internet Explorer 7
"IsoBuster_is1" = IsoBuster 1.5
"iWizz 1.0b1" = iWizz
"KB870669" = Microsoft Data Access Components KB870669
"KB923723" = Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)
"KB928090-IE7" = Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB929969" = Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
"KB931768-IE7" = Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
"KB931906" = Security Update for CAPICOM (KB931906)
"KB933566-IE7" = Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
"KB936782_WMP11" = Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
"KB937143-IE7" = Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
"KB938127-IE7" = Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
"KB939653-IE7" = Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
"KB939683" = Correctif pour Lecteur Windows Media 11 (KB939683)
"KB941569" = Mise à jour de sécurité pour Windows XP (KB941569)
"KB942615-IE7" = Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
"KB944533-IE7" = Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
"KB946648" = Mise à jour de sécurité pour Windows XP (KB946648)
"KB947864-IE7" = Correctif pour Windows Internet Explorer 7 (KB947864)
"KB950759-IE7" = Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
"KB950760" = Mise à jour de sécurité pour Windows XP (KB950760)
"KB950762" = Mise à jour de sécurité pour Windows XP (KB950762)
"KB950974" = Mise à jour de sécurité pour Windows XP (KB950974)
"KB951066" = Mise à jour de sécurité pour Windows XP (KB951066)
"KB951072-v2" = Mise à jour pour Windows XP (KB951072-v2)
"KB951376" = Mise à jour de sécurité pour Windows XP (KB951376)
"KB951376-v2" = Mise à jour de sécurité pour Windows XP (KB951376-v2)
"KB951698" = Mise à jour de sécurité pour Windows XP (KB951698)
"KB951748" = Mise à jour de sécurité pour Windows XP (KB951748)
"KB951978" = Mise à jour pour Windows XP (KB951978)
"KB952287" = Correctif pour Windows XP (KB952287)
"KB952954" = Mise à jour de sécurité pour Windows XP (KB952954)
"KB953838-IE7" = Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
"KB953839" = Mise à jour de sécurité pour Windows XP (KB953839)
"KB954550-v5" = Hotfix for Windows XP (KB954550-v5)
"Lexmark X1100 Series" = Lexmark X1100 Series
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"MWSnap 3" = MWSnap 3
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"OmniPagePro9.0DeinstKey" = OmniPage Pro 9.0
"Picasa2" = Picasa 2
"PrintFolder_is1" = PrintFolder 1.2
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer
"Skype_is1" = Skype (BETA)
"sl.GameLauncher" = sl.GameLauncher
"SLD Codec Pack" = SLD Codec Pack
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = Micro Scrabble
"ST6UNST #2" = SubSync
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TellmeMoreV50" = TeLL me More
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WgaNotify" = Windows Genuine Advantage Notifications (KB905474)
"WheelMouse" = Trust GM-4600 Gamer Mouse
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = The GIMP 2.2.8
"WinGTK-2_is1" = GTK+ 2.6.8-1 runtime environment
"WinPcapInst" = WinPcap 4.0 alpha1
"WinRAR archiver" = Archiveur WinRAR
"WinZip" = WinZip
"wmp11" = Windows Media Player 11
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

========== Last 10 Event Log Errors ==========

[ ACEEventLog Events ]

[ Application Events ]
Error - 29.03.2008 14:36:07 - Computer Name = FAMILLE - User Name = User SID not found - Source = Application Error
Description = Application défaillante realplay.exe, version 6.0.12.1056, module
défaillant rjbdll.dll, version 1.0.4.2002, adresse de défaillance 0x000755d6.

Error - 03.05.2008 20:18:57 - Computer Name = FAMILLE - User Name = User SID not found - Source = Application Error
Description = Application défaillante firefox.exe, version 1.8.20080.40413, module
défaillant firefox.exe, version 1.8.20080.40413, adresse de défaillance 0x00664f8f.

Error - 29.05.2008 21:41:58 - Computer Name = FAMILLE - User Name = User SID not found - Source = Application Error
Description = Application défaillante skype.exe, version 2.0.0.63, module défaillant
skype.exe, version 2.0.0.63, adresse de défaillance 0x00320966.

Error - 15.06.2008 15:28:35 - Computer Name = FAMILLE - User Name = User SID not found - Source = Application Error
Description = Application défaillante explorer.exe, version 6.0.2900.3156, module
défaillant arcspl.ax, version 2.4.1.12, adresse de défaillance 0x00019d13.

Error - 24.06.2008 20:25:04 - Computer Name = FAMILLE - User Name = User SID not found - Source = MPSampleSubmission
Description =

Error - 23.08.2008 12:50:55 - Computer Name = FAMILLE - User Name = User SID not found - Source = MPSampleSubmission
Description =

Error - 05.09.2008 19:45:10 - Computer Name = FAMILLE - User Name = User SID not found - Source = Application Error
Description = Application défaillante teatimer.exe, version 1.6.2.23, module défaillant
kernel32.dll, version 5.1.2600.5512, adresse de défaillance 0x00012aeb.

Error - 05.09.2008 22:47:19 - Computer Name = FAMILLE - User Name = User SID not found - Source = Application Error
Description = Application défaillante teatimer.exe, version 1.6.2.23, module défaillant
kernel32.dll, version 5.1.2600.5512, adresse de défaillance 0x00012aeb.

[ Internet Explorer Events ]

[ Security Events ]

[ System Events ]
Error - 07.09.2008 21:27:58 - Computer Name = FAMILLE - User Name = AUTORITE NT\SYSTEM - Source = DCOM
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 07.09.2008 21:29:36 - Computer Name = FAMILLE - User Name = User SID not found - Source = sfsync02
Description =

Error - 07.09.2008 21:29:59 - Computer Name = FAMILLE - User Name = AUTORITE NT\SYSTEM - Source = DCOM
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 07.09.2008 21:30:31 - Computer Name = FAMILLE - User Name = User SID not found - Source = Service Control Manager
Description = Le service Client DHCP dépend du service NetBT qui n'a pas pu démarrer
en raison de l'erreur : %%31

Error - 07.09.2008 21:30:31 - Computer Name = FAMILLE - User Name = User SID not found - Source = Service Control Manager
Description = Le service Client DNS dépend du service Pilote du protocole TCP/IP
qui n'a pas pu démarrer en raison de l'erreur : %%31

Error - 07.09.2008 21:30:31 - Computer Name = FAMILLE - User Name = User SID not found - Source = Service Control Manager
Description = Le service Services IPSEC dépend du service Pilote IPSEC qui n'a pas
pu démarrer en raison de l'erreur : %%31

Error - 07.09.2008 21:30:31 - Computer Name = FAMILLE - User Name = User SID not found - Source = Service Control Manager
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : AFD Avg7Core Avg7RsW Avg7RsXP BANTExt Fips intelppm IPSec MRxSmb NetBIOS NetBT prodrv06
RasAcd
Rdbss
Tcpip
WS2IFSL

Error - 07.09.2008 21:31:33 - Computer Name = FAMILLE - User Name = FAMILLE\MAX - Source = DCOM
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc
avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 07.09.2008 21:44:18 - Computer Name = FAMILLE - User Name = User SID not found - Source = Service Control Manager
Description = Le service Accès du périphérique d'interface utilisateur s'est arrêté
avec l'erreur : %%2

Error - 07.09.2008 21:44:24 - Computer Name = FAMILLE - User Name = User SID not found - Source = Service Control Manager
Description = Le service Routage et accès distant s'est arrêté avec l'erreur service
particulière 340 (0x154).

<End>

de **nickW** » 08 Sep 2008, 16:27

Bonjour,

l'UC est toujours à 100 % !!

C'est en contradiction avec ce qu'affiche OTViewIt:

1023.00 Mb Total Physical Memory | 617.54 Mb Available Physical Memory | 60.37% Memory free
2.41 Gb Paging File | 2.13 Gb Available in Paging File | 88.51% Paging File free

TeaTimer de Spybot-S&D n'arrive pas à se lancer, bien qu'il soit en démarrage automatique.
As-tu cherché à désinstaller Spybot-S&D? Comment?

Nouvelles manips:

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec)

Étape 1: Malwarebytes' Anti-Malware, installation
Télécharger Malwarebytes' Anti-Malware depuis l'un des liens ci-dessous:
http://www.besttechie.net/tools/mbam-setup.exe
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Enregistrer ce fichier sur le Bureau.
Faire un double clic sur mbam-setup.exe pour lancer l'installation (Accepter le contrat de licence, puis valider les options par défaut).
Sur le dernier écran de la procédure d'installation, cocher la case située devant "Mettre à jour Malwarebytes' Anti-Malware", puis cliquer sur le bouton "Terminer".

Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus et celui de l'antispyware.

AVG: ouvrir AVG Control Center, double clic sur "AVG Resident Shield", décocher "Turn on AVG Resident Shield"

Windows Defender: Démarrer---->Tous les programmes---->Windows Defender; cliquer sur "Outils", puis sur "Options"; Sous "Options de protection en temps réel", désactiver la case à cocher "Utiliser la protection en temps réel (recommandé)", puis cliquer sur "Enregistrer"

Étape 3: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection"
Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.

Étape 4: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus et celui de l'antispyware.

Étape 5: Résultats
Envoyer en réponse:
*- le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-*-**-**** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs / *-**-**** (**-**-**) représente la date [mois-jour-année] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- un nouveau log HijackThis

A suivre,

Assiste.Forums

[OK] Analyse de log souhaitée

[OK] Analyse de log souhaitée

Qui est en ligne