PC Infecté, HELP je ne sais plus quoi faire....

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Messagede nickW » 04 Juin 2009, 20:29

Bonsoir,

RootRepeal a révélé le processus caché. :D
Nettoyage:

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec)


Étape 1: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"


Étape 2: RootRepeal (de AD)
Dans l'Explorateur, ouvrir le dossier RootRepeal
Faire un double clic sur RootRepeal.exe pour lancer l'outil.

Cliquer sur l'onglet Files (en bas de la fenêtre)
Dans la nouvelle fenêtre Select Drives, cocher:
C:\
puis cliquer sur OK

Note: Cette analyse prend un certain temps. NE PAS LANCER d'autres programmes tant qu'elle est active.

Lorsque l'analyse est terminée, une liste de fichiers sera affichée dans la fenêtre de RootRepeal.
Certains de ces fichiers sont légitimes, mais l'un d'entre eux appartient au processus "rootkitté" qui empêche le nettoyage.

Tu dois identifier ce fichier.
Cela n'est pas très compliqué:
*- il a une extension .sys
*- son nom est de la forme "préfixe" + "lettres aléatoires" + extension .sys
TDSS
Seneka
GAOPDX
UAC


Dans le log que tu as envoyé, le fichier se nomme UACaaanxossmkusoff.sys mais son nom peut avoir changé.

Lorsque tu as identifié le fichier, il faut avec la souris faire un clic droit dessus et choisir l'option wipe file. Important: ne pas choisir d'autre option!
Fermer RootRepeal (Ouvrir le menu File, cliquer sur Exit).

Faire immédiatement redémarrer le PC.


Étape 3: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection"
Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 4: RootRepeal (de AD)
Dans l'Explorateur, ouvrir le dossier RootRepeal
Faire un double clic sur RootRepeal.exe pour lancer l'outil.

Cliquer sur l'onglet Report (en bas de la fenêtre)
Cliquer sur le bouton Scan
Dans la nouvelle fenêtre Select Scan, cocher:
+ Drivers
+ Files
+ Processes
+ SSDT
+ Stealth Objects
+ Hidden Services

Cliquer sur le bouton OK
Dans la nouvelle fenêtre Select Drives, cocher le lecteur système (C:\).
Cliquer sur le bouton OK pour lancer l'analyse

Note: Cette analyse prend un certain temps. NE PAS LANCER d'autres programmes tant qu'elle est active.

Lorsque l'analyse est terminée, le bouton Save Report sera disponible
Cliquer sur ce bouton Save Report et enregistrer le fichier rapport dans le dossier RootRepeal sous le nom RootRepeal-090604.txt

Ouvrir le menu File, cliquer sur Exit pour fermer le programme.


Étape 5: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 6: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cocher (en haut) la case située devant Scan All Users:
Image

Puis cliquer sur le bouton Run Scan:
Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 7: Résultats
Envoyer en réponse:
*- le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-*-**-**** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs / *-**-**** (**-**-**) représente la date [mois-jour-année] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de RootRepeal (contenu du fichier RootRepeal-090604.txt)
Ce rapport peut être très long. Bien vérifier qu'il est complet dans le message envoyé. Si nécessaire, le découper en plusieurs messages.

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede maryruss » 05 Juin 2009, 15:20

Rebonjour,

Bon voilà les 3 rapports demandés:

Rapport MalwareByte's:

Malwarebytes' Anti-Malware 1.37
Version de la base de données: 2232
Windows 5.1.2600 Service Pack 2

2009-06-05 09:04:47
mbam-log-2009-06-05 (09-04-47).txt

Type de recherche: Examen rapide
Eléments examinés: 87818
Temps écoulé: 12 minute(s), 56 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 23
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\wininetapp.wininet (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wininetapp.wininet.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{941508f8-ccd9-44e0-ac29-4f1e141373f7} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{938a8a03-a938-4019-b764-03ff8d167d79} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{caca7731-9c77-464a-b1b7-462281dd8164} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{55db983c-bdbf-426f-86f0-187b02dda39b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cd3447d4-ca39-4377-8084-30e86331d74c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31cdfcb9-37d6-4c1d-a31d-aa2dd56f637b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4b646afb-9341-4330-8fd1-c32485aee619} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5adf3862-9e2e-4ad3-86f7-4510e6550cd0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e12bff69-38a7-406e-a8ef-2738107a7831} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WinPC Antivirus (Rogue.WinPCAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\synsend (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{31cdfcb9-37d6-4c1d-a31d-aa2dd56f637b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
c:\documents and settings\utilisateur\application data\_4707__ (Rogue.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\windows\system32\UACdpxcgmfoovrxcxk.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\windows\system32\UACwnirftmydruitmb.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\UAC7fd9.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\application data\_4707__\base.dat (Rogue.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\application data\_4707__\base2.dat (Rogue.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\application data\_4707__\Desc.dat (Rogue.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\application data\_4707__\spline.dat (Rogue.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Utilisateur\Application Data\asd.bat (Rogue.WinPCDefender) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\UACaaanxossmkusoff.sys (Trojan.Agent) -> Quarantined and deleted successfully.



================================================================================



Rapport RootRepeal:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Time: 2009/06/05 09:10
Program Version: Version 1.3.0.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: a28jzw9k.SYS
Image Path: C:\WINDOWS\System32\Drivers\a28jzw9k.SYS
Address: 0xF7538000 Size: 421888 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB2D5A000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8B73000 Size: 8192 File Visible: No Signed: -
Status: -

Name: hiuiioe.sys
Image Path: hiuiioe.sys
Address: 0xF861D000 Size: 61440 File Visible: No Signed: -
Status: -

Name: PCI_NTPNP8542
Image Path: \Driver\PCI_NTPNP8542
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB1E7E000 Size: 49152 File Visible: No Signed: -
Status: -

Name: uphcleanhlp.sys
Image Path: C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
Address: 0xB270C000 Size: 8960 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Microsoft\Messenger\marylenelemieux@msn.com\SharingMetadata\puce204@hotmail.com\DFSR\Staging\CS{A463D8F2-5324-FC32-C0CF-92FBD8B1DD09}\01\10-{A463D8F2-5324-FC32-C0CF-92FBD8B1DD09}-v1-{6AECBE35-FA91-4C5F-8C47-A0104C5DE2B2}-v10-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Utilisateur\Application Data\Macromedia\Flash Player\#SharedObjects\7SB5SVQN\include.classistatic.com\include\c3js\classifieds\rel1\FLASH\getMachId.swf\mach_data.sol:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xf8c2c6c6

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf8c2c6bc

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xf8c2c6cb

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xf8c2c6d5

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xf8518fb2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf8519340

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xf8c2c6da

#: 119 Function Name: NtOpenKey
Status: Hooked by "sptd.sys" at address 0xf85130b0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf8c2c6a8

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf8c2c6ad

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf8519418

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sptd.sys" at address 0xf8519298

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xf8c2c6e4

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xf8c2c6df

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xf8c2c6d0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xf8c2c6b7

#: 263 Function Name: NtUnloadKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\uphcleanhlp.sys" at address 0xb270c6d0

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x82f651e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x82f651e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x82f651e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x82f651e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x82f651e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x82f651e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x82f651e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x82f651e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x82f651e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x82f651e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x82f651e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x82f651e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x82f651e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82f651e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82f651e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x82f651e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x82f651e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x82f651e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x82f651e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x82f651e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x82f651e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x82f651e8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x82a8d568 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x82a8d568 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x82a8d568 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x82a8d568 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x82a8d568 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x82a8d568 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x82a8d568 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x82a8d568 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x82a8d568 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x82a8d568 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x82a8d568 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x82a8d568 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x82a8d568 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82a8d568 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82a8d568 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x82a8d568 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x82a8d568 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x82a8d568 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x82f661e8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x82f661e8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82f661e8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82f661e8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x82f661e8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82f661e8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x82f661e8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x82dd11e8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x82dd11e8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x82dd11e8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x82dd11e8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x82dd11e8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82dd11e8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82dd11e8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82dd11e8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x82dd11e8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82dd11e8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x82dd11e8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x82e0b4b0 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x82e0b4b0 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82e0b4b0 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82e0b4b0 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x82e0b4b0 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82e0b4b0 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x82e0b4b0 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x82fd81e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x82fd81e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x82fd81e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x82fd81e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82fd81e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82fd81e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82fd81e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x82fd81e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x82fd81e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82fd81e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x82fd81e8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x827241e8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x827241e8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x827241e8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x827241e8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x827241e8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x827241e8 Size: 121

Object: Hidden Code [Driver: a28jzw9kࠅ敓ࠁఈ噁朰퐨, IRP_MJ_CREATE]
Process: System Address: 0x82c77698 Size: 121

Object: Hidden Code [Driver: a28jzw9kࠅ敓ࠁఈ噁朰퐨, IRP_MJ_CLOSE]
Process: System Address: 0x82c77698 Size: 121

Object: Hidden Code [Driver: a28jzw9kࠅ敓ࠁఈ噁朰퐨, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82c77698 Size: 121

Object: Hidden Code [Driver: a28jzw9kࠅ敓ࠁఈ噁朰퐨, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82c77698 Size: 121

Object: Hidden Code [Driver: a28jzw9kࠅ敓ࠁఈ噁朰퐨, IRP_MJ_POWER]
Process: System Address: 0x82c77698 Size: 121

Object: Hidden Code [Driver: a28jzw9kࠅ敓ࠁఈ噁朰퐨, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82c77698 Size: 121

Object: Hidden Code [Driver: a28jzw9kࠅ敓ࠁఈ噁朰퐨, IRP_MJ_PNP]
Process: System Address: 0x82c77698 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x82d351e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x82d351e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82d351e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82d351e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x82d351e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82d351e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x82d351e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x8271d1e8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఅ䵃慖, IRP_MJ_CREATE]
Process: System Address: 0x82b961e8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఅ䵃慖, IRP_MJ_CLOSE]
Process: System Address: 0x82b961e8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఅ䵃慖, IRP_MJ_READ]
Process: System Address: 0x82b961e8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఅ䵃慖, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x82b961e8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఅ䵃慖, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x82b961e8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఅ䵃慖, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x82b961e8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఅ䵃慖, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x82b961e8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఅ䵃慖, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x82b961e8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఅ䵃慖, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82b961e8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఅ䵃慖, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82b961e8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఅ䵃慖, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x82b961e8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఅ䵃慖, IRP_MJ_CLEANUP]
Process: System Address: 0x82b961e8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఅ䵃慖, IRP_MJ_PNP]
Process: System Address: 0x82b961e8 Size: 121

Hidden Services
-------------------
Service Name: UACd.sys
Image Path: C:\WINDOWS\system32\drivers\UACaaanxossmkusoff.sys

==EOF==
maryruss
 
Messages: 9
Inscription: 29 Mai 2009, 14:17

Messagede maryruss » 05 Juin 2009, 15:21

Et maintenant le rapport OTL:

OTL logfile created on: 2009-06-05 10:00:21 - Run 2
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Utilisateur\Bureau\Logiciels de Scan pour PC
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

503,23 Mb Total Physical Memory | 175,11 Mb Available Physical Memory | 34,80% Memory free
1,20 Gb Paging File | 0,85 Gb Available in Paging File | 70,92% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 40,63 Gb Free Space | 54,52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARYLENE
Current User Name: Utilisateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006-11-03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005-07-08 18:24:46 | 00,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2008-03-10 12:32:58 | 00,303,344 | ---- | M] (Bell Sympatico) -- C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
PRC - [2009-04-01 15:46:23 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009-03-02 13:10:30 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2007-07-09 12:54:08 | 00,177,416 | R--- | M] (Authentium, Inc.) -- C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
PRC - [2007-04-10 14:41:48 | 00,284,176 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
PRC - [2007-03-02 12:24:42 | 00,407,056 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2002-09-20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2005-04-27 14:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2008-03-07 13:33:06 | 00,053,248 | ---- | M] (BELL) -- C:\Program Files\Personal Vault\VaultClientUpgrade.exe
PRC - [2007-01-31 15:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007-03-02 12:24:52 | 00,734,736 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
PRC - [2007-06-13 09:10:53 | 01,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006-11-03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2004-06-03 04:51:27 | 00,172,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\type32.exe
PRC - [2004-06-03 04:50:07 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2007-07-12 04:00:36 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
PRC - [2009-03-02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2007-01-19 13:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\MsnMsgr.Exe
PRC - [2009-01-16 11:30:40 | 04,519,832 | ---- | M] (MétéoMédia/The Weather Network) -- C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
PRC - [2007-01-23 09:06:06 | 00,143,401 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IMApp.exe
PRC - [2007-01-19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe
PRC - [2009-02-28 00:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009-05-29 08:59:46 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Utilisateur\Bureau\Logiciels de Scan pour PC\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (a2free [Auto | Stopped])
SRV - [2009-04-01 15:46:23 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009-03-02 13:10:30 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2007-04-13 03:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007-01-31 15:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
SRV - [2007-04-13 03:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007-07-09 12:54:08 | 00,177,416 | R--- | M] (Authentium, Inc.) -- C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe -- (dvpapi [Auto | Running])
SRV - [2006-06-07 13:46:42 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004-08-05 08:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006-06-08 04:19:14 | 00,696,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2005-07-08 18:24:46 | 00,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
SRV - File not found -- -- (iPod Service [On_Demand | Stopped])
SRV - [2007-04-10 14:41:48 | 00,284,176 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC [Auto | Running])
SRV - [2006-06-08 04:19:18 | 00,118,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007-03-02 12:24:42 | 00,407,056 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent [Auto | Running])
SRV - [2007-03-02 12:24:52 | 00,734,736 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine [On_Demand | Running])
SRV - [2003-03-09 00:31:02 | 00,065,795 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2008-03-10 12:33:22 | 00,067,824 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe -- (Radialpoint Security Services [On_Demand | Stopped])
SRV - [2008-03-10 12:33:22 | 00,099,568 | ---- | M] (Bell Sympatico) -- C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe -- (RPSUpdaterR [On_Demand | Stopped])
SRV - [2008-03-10 12:32:58 | 00,303,344 | ---- | M] (Bell Sympatico) -- C:\Program Files\Bell\Gestionnaire de securite\Fws.exe -- (RP_FWS [Auto | Running])
SRV - [2002-09-20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2005-04-27 14:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean [Auto | Running])
SRV - [2007-01-19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
SRV - [2008-03-07 13:33:06 | 00,053,248 | ---- | M] (BELL) -- C:\Program Files\Personal Vault\VaultClientUpgrade.exe -- (VaultClientUpgrade [Auto | Running])
SRV - [2006-11-03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2006-11-03 10:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005-03-04 23:53:00 | 00,127,872 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2007-03-05 21:30:14 | 00,082,380 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
DRV - [2009-02-13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009-03-24 16:08:22 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009-03-30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2007-07-09 12:01:04 | 00,834,448 | ---- | M] (Authentium, Inc.) -- C:\WINDOWS\system32\DRIVERS\css-dvp.sys -- (CSS DVP [Auto | Running])
DRV - [2007-03-02 10:26:18 | 00,067,352 | ---- | M] (Raxco Software, Inc.) -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS [Boot | Running])
DRV - [2003-03-09 00:31:00 | 00,051,024 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2003-03-09 00:31:02 | 00,016,080 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2003-03-09 00:31:02 | 00,021,456 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005-09-20 12:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2005-07-08 18:17:54 | 00,099,584 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])
DRV - [2005-07-08 18:17:36 | 00,029,696 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys -- (InCDPass [System | Running])
DRV - [2006-07-12 05:58:02 | 00,028,672 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm [System | Running])
DRV - [2004-09-14 16:55:44 | 00,088,960 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn [On_Demand | Stopped])
DRV - [2008-06-19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
DRV - [2007-03-09 21:21:29 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2004-06-03 04:50:07 | 00,020,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running])
DRV - [2004-08-05 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007-04-19 11:36:50 | 00,048,384 | ---- | M] (Radialpoint, Inc.) -- C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys -- (RPPKT [On_Demand | Running])
DRV - [2008-01-09 10:35:54 | 00,055,296 | ---- | M] (Radialpoint, Inc.) -- C:\WINDOWS\system32\DRIVERS\rp_skt32.sys -- (RPSKT [Auto | Running])
DRV - [2007-11-13 06:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2005-03-01 16:01:40 | 00,392,704 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
DRV - [2005-03-28 10:19:38 | 00,220,992 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2007-09-24 20:54:36 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009-02-13 12:50:02 | 00,028,376 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2007-02-20 14:07:56 | 00,005,632 | R--- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
DRV - [2006-02-02 17:37:34 | 00,071,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\StMp3Rec.sys -- (StMp3Rec [On_Demand | Stopped])
DRV - [2009-05-27 21:34:50 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
DRV - [2005-09-19 09:41:00 | 00,241,280 | ---- | M] (Marvell) -- C:\WINDOWS\system32\DRIVERS\yk51x86.sys -- (yukonwxp [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-484763869-287218729-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default = FB CA ED 03 A7 9F 25 48 9A 3F 02 19 7E E0 EC 44 [binary data]
IE - HKU\S-1-5-21-484763869-287218729-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-484763869-287218729-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-484763869-287218729-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-484763869-287218729-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-484763869-287218729-839522115-1004\S-1-5-21-484763869-287218729-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (635 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {198285EE-1209-4839-B427-4EE81261C7E9} - Reg Error: Value error. File not found
O2 - BHO: (PopKill Class) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll (Radialpoint Inc.)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {be0dbc31-6656-477c-b5df-121d33e82324} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-484763869-287218729-839522115-1004\..\Toolbar\WebBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
O4 - HKU\S-1-5-21-484763869-287218729-839522115-1004..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-484763869-287218729-839522115-1004..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-484763869-287218729-839522115-1004..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe (MétéoMédia/The Weather Network)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-484763869-287218729-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-484763869-287218729-839522115-1004\..Trusted Domains: xperttesting.com ([www3] http in Sites de confiance)
O15 - HKU\S-1-5-21-484763869-287218729-839522115-1004\..Trusted Domains: 117 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/ ... ontrol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www1.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://design-concept.ca/Core/Player/20 ... _Win32.cab (20-20 3D Viewer)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan ... stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 2759665142 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Extermin ... iVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan ... asinst.cab (ActiveScan Installer Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v ... b56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-l ... cfscan.cab (McFreeScan Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\geBqRhGV: DllName - geBqRhGV.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\opnmNHbC) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-03-01 22:32:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\system32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009-06-04 22:57:25 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009-06-05 08:48:11 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009-06-04 13:13:29 | 00,000,000 | ---D | C] -- C:\RootRepeal
[2009-06-02 08:59:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Utilisateur\Application Data\Reflexive 3 Days Zoo Mystery
[2009-06-02 08:57:04 | 00,000,000 | ---D | C] -- C:\Program Files\3 Days Zoo Mystery
[2009-06-01 15:15:22 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009-05-29 22:44:25 | 00,104,630 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Bureau\Budman 2.jpg
[2009-05-29 22:42:35 | 00,078,108 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Bureau\Budman 1.jpg
[2009-05-29 05:42:34 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tasklist.exe
[2009-05-29 00:25:54 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009-05-28 16:57:26 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2009-05-28 16:57:03 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009-05-28 16:57:03 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009-05-28 16:57:03 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009-05-28 16:57:03 | 00,028,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009-05-28 16:57:03 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009-05-28 16:57:01 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009-05-28 16:57:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009-05-28 09:06:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009-05-27 21:43:23 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009-05-27 21:15:29 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009-05-27 21:15:17 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009-05-27 16:42:50 | 00,000,000 | ---D | C] -- C:\Program Files\Personal Vault
[2009-05-27 16:41:53 | 00,055,296 | ---- | C] (Radialpoint, Inc.) -- C:\WINDOWS\System32\drivers\rp_skt32.sys
[2009-05-27 16:41:16 | 00,048,384 | ---- | C] (Radialpoint, Inc.) -- C:\WINDOWS\System32\drivers\rp_pkt32.sys
[2009-05-27 16:40:12 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Authentium
[2009-05-27 16:39:51 | 00,000,000 | ---D | C] -- C:\Program Files\Raxco
[2009-05-27 16:39:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Raxco
[2009-05-27 16:39:35 | 00,000,000 | ---D | C] -- C:\Program Files\CA
[2009-05-27 16:39:20 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Scanner
[2009-05-27 16:38:48 | 00,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Gestionnaire de sécurité Sympatico.lnk
[2009-05-27 16:05:18 | 00,000,000 | ---D | C] -- C:\Program Files\Bell
[2009-05-27 16:02:47 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2009-05-27 16:02:38 | 00,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2009-05-26 22:13:51 | 01,338,384 | ---- | C] (Bell) -- C:\Documents and Settings\Utilisateur\Bureau\SympaticoSecurityAdvisor_setupSSM.exe
[2009-05-26 21:53:49 | 04,119,088 | ---- | C] (Radialpoint) -- C:\Documents and Settings\Utilisateur\Bureau\RpsUU.exe
[2009-05-26 09:55:17 | 00,000,224 | ---- | C] () -- C:\WINDOWS\System32\UACtcbgmdpaadflxop.dat
[2009-05-23 10:40:49 | 00,000,000 | ---D | C] -- C:\Program Files\Supermarket Mania
[2009-05-22 15:32:29 | 00,048,640 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Bureau\Qi120.xls
[2009-05-20 08:58:42 | 00,204,612 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Bureau\Pdfclefsamincissement.pdf
[2009-05-18 22:04:36 | 00,000,000 | ---D | C] -- C:\Program Files\Dream Chronicles The Chosen Child
[2009-05-14 18:45:34 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\DivX Shared
[2009-05-14 09:28:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Utilisateur\Application Data\SpinTop Games
[2009-05-14 09:26:08 | 00,000,000 | ---D | C] -- C:\Program Files\Amazing Adventures Special Edition Bundle
[2009-05-09 15:15:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Utilisateur\Application Data\RobinsonCrusoeREF
[2009-05-09 15:13:31 | 00,000,000 | ---D | C] -- C:\Program Files\Adventures of Robinson Crusoe
[2009-05-07 14:48:08 | 00,140,821 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Bureau\daisy 1sans titre1.jpg
[2009-05-07 14:17:02 | 00,019,431 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Bureau\grenouille marguerite2.jpg
[2009-05-07 14:13:56 | 00,027,424 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Bureau\grenouille marguerite.jpg
[2009-05-07 14:10:24 | 00,558,852 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Bureau\FrogDaisy2.jpg
[2009-05-07 13:59:45 | 01,070,634 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Mes documents\11-daisylesson.pdf
[2009-05-07 13:31:12 | 00,562,715 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Mes documents\pink_daisy_watering_can.pdf
[2009-05-07 08:46:10 | 00,392,396 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Mes documents\Les-Marguerites-de-Clara.pdf
[2009-02-21 08:25:20 | 00,691,592 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008-04-07 09:58:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WD.INI
[2007-07-10 13:34:20 | 00,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSWQDRV.SYS
[2007-07-05 10:54:54 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007-07-05 10:54:53 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007-05-10 15:20:10 | 00,000,070 | ---- | C] () -- C:\WINDOWS\GDINST.INI
[2007-05-10 15:08:11 | 00,000,092 | ---- | C] () -- C:\WINDOWS\HFREP.INI
[2007-05-08 14:58:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\LiveBilliards.INI
[2007-03-09 23:46:13 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007-03-05 21:21:13 | 00,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2007-03-03 23:23:31 | 00,000,057 | ---- | C] () -- C:\WINDOWS\System32\FISHIN~1.ini
[2007-03-03 22:41:55 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007-03-01 23:16:55 | 00,011,001 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007-03-01 23:16:49 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007-03-01 11:28:07 | 00,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-03-01 11:28:06 | 00,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007-03-01 11:28:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2007-02-20 14:07:56 | 00,005,632 | R--- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2005-03-01 15:30:20 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004-08-05 08:00:00 | 00,001,060 | ---- | C] () -- C:\WINDOWS\win.ini
[2004-08-05 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1999-01-22 14:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998-09-14 15:43:16 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TWAIN32d.dll
[1998-08-16 05:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2009-06-05 10:00:00 | 00,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{26B01E3C-CEF8-4EC0-A856-C564A4DF5ECD}.job
[2009-06-05 10:00:00 | 00,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\AE38119391FB82F7.job
[2009-06-05 09:10:13 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009-06-05 09:08:36 | 00,000,586 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Mes documents\Mes dossiers de partage.lnk
[2009-06-05 09:07:29 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-06-05 09:07:24 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Utilisateur\Local Settings\desktop.ini
[2009-06-05 09:07:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-06-05 09:07:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-06-05 08:48:11 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009-06-04 13:44:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-06-02 20:42:00 | 00,000,402 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1173145237.job
[2009-06-01 10:48:53 | 00,000,110 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Application Data\AVSDVDPlayer.m3u
[2009-06-01 09:24:38 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009-05-31 12:51:52 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-05-29 22:44:25 | 00,104,630 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Bureau\Budman 2.jpg
[2009-05-29 22:42:35 | 00,078,108 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Bureau\Budman 1.jpg
[2009-05-29 05:42:34 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tasklist.exe
[2009-05-28 16:57:26 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2009-05-27 21:52:11 | 00,000,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009-05-27 21:34:50 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009-05-27 16:38:48 | 00,001,890 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Gestionnaire de sécurité Sympatico.lnk
[2009-05-27 13:12:44 | 01,338,384 | ---- | M] (Bell) -- C:\Documents and Settings\Utilisateur\Bureau\SympaticoSecurityAdvisor_setupSSM.exe
[2009-05-26 21:53:58 | 04,119,088 | ---- | M] (Radialpoint) -- C:\Documents and Settings\Utilisateur\Bureau\RpsUU.exe
[2009-05-26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-05-26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-05-26 09:55:17 | 00,000,224 | ---- | M] () -- C:\WINDOWS\System32\UACtcbgmdpaadflxop.dat
[2009-05-22 15:32:29 | 00,048,640 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Bureau\Qi120.xls
[2009-05-16 11:29:06 | 00,172,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-05-16 11:18:16 | 00,000,523 | ---- | M] () -- C:\hpfr3420.xml
[2009-05-07 15:07:52 | 00,140,821 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Bureau\daisy 1sans titre1.jpg
[2009-05-07 14:17:03 | 00,019,431 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Bureau\grenouille marguerite2.jpg
[2009-05-07 14:13:56 | 00,027,424 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Bureau\grenouille marguerite.jpg
[2009-05-07 14:10:05 | 00,558,852 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Bureau\FrogDaisy2.jpg
[2009-05-07 13:59:45 | 01,070,634 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Mes documents\11-daisylesson.pdf
[2009-05-07 13:31:12 | 00,562,715 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Mes documents\pink_daisy_watering_can.pdf
[2009-05-07 08:46:10 | 00,392,396 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Mes documents\Les-Marguerites-de-Clara.pdf
[2009-05-07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
<End>






J'espère maintenant que je suis débarassée de mon problème !!!!
maryruss
 
Messages: 9
Inscription: 29 Mai 2009, 14:17

Messagede nickW » 06 Juin 2009, 22:03

Bonsoir,

Suite du nettoyage:

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec).

Au vu de la longueur de la procédure, je te conseille de l'imprimer, d'enregistrer la page dans un fichier HTML (c'est la meilleure solution), ou d'en sélectionner toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC (Note: tu n'auras pas accès à Internet et il y aura des redémarrages).
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection.



Étape 1: The Avenger (de Swandog46), téléchargement
Télécharger The Avenger en cliquant sur ce lien: http://swandog46.geekstogo.com/avenger2/download.php
Enregistrer ce fichier sur le Bureau.
Extraire de l'archive avenger.zip le fichier avenger.exe et le placer sur le Bureau.


Étape 2: Création du fichier aven1.txt
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK
Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
Begin copying here:

Drivers to delete:
UACd.sys
Service_UACd.sys

Files to delete:
C:\WINDOWS\system32\drivers\UACaaanxossmkusoff.sys
C:\WINDOWS\system32\UACcabivqelaaycwie.dll
C:\WINDOWS\system32\UACdjksxrthrprnjjs.dll
C:\WINDOWS\system32\UACdpxcgmfoovrxcxk.dll
C:\WINDOWS\system32\uacinit.dll
C:\WINDOWS\system32\UACtcbgmdpaadflxop.dat
C:\WINDOWS\system32\UACvcxwdcexsnawmut.dll
C:\WINDOWS\system32\UACwnirftmydruitmb.dll
C:\WINDOWS\system32\UACydqolruqvlmhvtn.log
C:\WINDOWS\Temp\UAC3090.tmp
C:\WINDOWS\Temp\UAC7fd9.tmp
C:\Documents and Settings\Utilisateur\Local Settings\Temp\UAC6912.tmp

Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {31CDFCB9-37D6-4C1D-A31D-AA2DD56F637B}

Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{198285EE-1209-4839-B427-4EE81261C7E9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{be0dbc31-6656-477c-b5df-121d33e82324}
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBqRhGV


Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom aven1.txt
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: maryruss.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 3: OTL (de OldTimer), nettoyage
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK
Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien
:Processes
explorer.exe

:otl
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\opnmNHbC) - File not found

:Commands
[start explorer]
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom OTL-1.txt
Fermer le Bloc-notes.
Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: maryruss.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 4: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"


Étape 5: The Avenger (de Swandog46), exécution
Fermer toutes les fenêtres de programme (il va y avoir redémarrage du PC).

Lancer The Avenger en cliquant sur son icône située sur le Bureau.

Cliquer sur OK sur le message d'avertissement.
Cliquer sur l'icône Image représentant un dossier jaune.

Il y a ouverture d'une nouvelle fenêtre "Open script file"
Dans cette fenêtre, naviguer jusqu'au Bureau et sélectionner (double clic) le fichier aven1.txt

Le contenu du fichier aven1.txt doit s'afficher dans la zone blanche (sous "Input script here:").

Ensuite cliquer sur le bouton Image "Execute" pour lancer l'exécution du script.

Cliquer sur "Oui" deux fois quand demandé (fenêtres "Confirm execution" et "First step completed").
Il va y avoir un ou deux redémarrages (avec une brève apparition d'une fenêtre de commande à fond noir).
En fin d'exécution, le rapport s'affichera dans le Bloc-notes.
Fermer le Bloc-notes.


Étape 6: OTL (de OldTimer), nettoyage
Faire un double clic sur OTL.exe pour lancer l'outil.
Ouvrir le fichier OTL-1.txt dans le Bloc-notes.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Sélectionner tout.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Copier.

Retourner dans la fenêtre de OTL, faire un clic droit dans la fenêtre située en bas nommée "Custom Scans/Fixes" Image et choisir Coller.

Cliquer sur le bouton Run Fix: Image

Note: Un redémarrage est parfois nécessaire. S'il est demandé, cliquer sur Oui/Yes

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Fix Complete! Click OK to open the fix log". Cliquer sur OK puis fermer OTL.


Étape 7: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 8: Résultats
Envoyer en réponse:
*- le rapport de The Avenger (contenu du fichier SystemDrive\avenger.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de correction de OTL (contenu du fichier SystemDrive\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Précédente

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 53 invités