[OK]Infecté par "Antivirus Pro 2010"

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[OK]Infecté par "Antivirus Pro 2010"

Messagede Valérie » 30 Sep 2009, 21:29

Bonsoir à tous,

Le faux programme de sécurité "Antivirus Pro 2010" s'est installé ce soir sur mon PC.
De multiples alertes aussi fantaisistes qu'intempestives me mangeant toute la puissance processeur.
J'ai lancé une analyse par le biais de mon antivirus qui a rapidement détecté un souci.. que je n'ai pas eu le temps de voir car tout a planté.
Au redémarrage, Antivirus Pro machin était bien entendu toujours là mais Norton n'apparaissait plus dans la barre de lancement rapide et ne se lançait pas non plus par le menu des programmes.
J'ai désinstallé le faux antivirus par le panneau de config tout en sachant très bien que cela ne suffirait pas.

Norton semble bien actif dans le gestionnaire de tâches mais par sécurité je me suis physiquement déconnectée du Net.
Je ne peux plus cependant lancer mon antivirus et donc faire d'analyses.
Par ailleurs un processus inconnu se multiplie dans mon gestionnaire : pjmrflwpah.exe.
Je subis également de gros ralentissements.

Je vous remercie d'avance pour l'aide que vous saurez m'apporter.

P.S. : J'ai posté ma config Ici

Le log Malwarebytes'

Précision : je n'ai pas pu faire de mise à jour comme indiqué dans votre procédure, j'avais constamment une erreur (tentatives effectuées avant de me déconnecter du Net, 'videmment :D)

Malwarebytes' Anti-Malware 1.41
Version de la base de donnÈes: 2775
Windows 5.1.2600 Service Pack 2

30-sept-2009 22:08:58
mbam-log-2009-09-30 (22-07-41).txt

Type de recherche: Examen rapide
ElÈments examinÈs: 103579
Temps ÈcoulÈ: 5 minute(s), 41 second(s)

Processus mÈmoire infectÈ(s): 0
Module(s) mÈmoire infectÈ(s): 0
ClÈ(s) du Registre infectÈe(s): 1
Valeur(s) du Registre infectÈe(s): 1
ElÈment(s) de donnÈes du Registre infectÈ(s): 4
Dossier(s) infectÈ(s): 0
Fichier(s) infectÈ(s): 9

Processus mÈmoire infectÈ(s):
(Aucun ÈlÈment nuisible dÈtectÈ)

Module(s) mÈmoire infectÈ(s):
(Aucun ÈlÈment nuisible dÈtectÈ)

ClÈ(s) du Registre infectÈe(s):
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AlerterALG (Trojan.Downloader) -> No action taken.

Valeur(s) du Registre infectÈe(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Antivirus Pro 2010 (Rogue.AntiVirusPro2010) -> No action taken.

ElÈment(s) de donnÈes du Registre infectÈ(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infectÈ(s):
(Aucun ÈlÈment nuisible dÈtectÈ)

Fichier(s) infectÈ(s):
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Val\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\rotscxbsldfemv.dll (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\rotscxeyaaccdu.dat (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\rotscxqhdtcdol.dat (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\rotscxsvulqmyt.dll (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\rotscxxyoqrusq.dll (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\drivers\rotscxirlnnbqt.sys (Rootkit.TDSS) -> No action taken.
Valérie
 
Messages: 41
Inscription: 13 Sep 2005, 14:26
Localisation: Région Centre

Messagede Valérie » 30 Sep 2009, 21:30

Log otl.txt

OTL logfile created on: 30-sept.-2009 22:09:59 - Run 1
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Documents and Settings\Val\Bureau
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd-MMM-yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228,13 Gb Total Space | 151,68 Gb Free Space | 66,49% Space Free | Partition Type: NTFS
Drive D: | 327,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3,84 Gb Total Space | 3,05 Gb Free Space | 79,53% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TRUQUINOU
Current User Name: Val
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009-05-01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2007-06-13 15:22:28 | 01,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005-03-22 17:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2008-08-14 17:11:48 | 00,565,008 | ---- | M] () -- C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2005-09-08 06:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2009-07-13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2007-04-23 04:00:00 | 00,692,224 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2004-11-17 15:48:40 | 00,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
PRC - [2007-04-11 15:32:22 | 00,056,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
PRC - [2009-09-30 21:19:48 | 00,031,232 | ---- | M] () -- C:\WINDOWS\TEMP\pjmrflwpah.exe
PRC - [2009-06-05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008-12-12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2006-10-09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005-08-05 16:38:38 | 00,103,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2003-11-12 02:05:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
PRC - [2008-07-26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008-07-26 08:25:36 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2009-09-17 01:19:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
PRC - [2005-08-05 14:16:40 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2009-09-17 01:19:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
PRC - [2009-09-17 01:19:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
PRC - [2009-07-13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008-07-26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2009-09-30 21:19:48 | 00,031,232 | ---- | M] () -- C:\WINDOWS\TEMP\pjmrflwpah.exe
PRC - [2009-09-28 00:36:20 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Val\Bureau\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009-09-30 21:19:48 | 00,031,232 | ---- | M] () -- C:\WINDOWS\TEMP\pjmrflwpah.exe -- (AlerterALG [Auto | Start_Pending])
SRV - [2009-06-05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008-07-25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005-08-03 22:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2008-12-12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008-07-25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006-10-09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005-08-05 16:38:38 | 00,103,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2004-11-17 15:48:40 | 00,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService [Auto | Running])
SRV - [2003-11-12 02:05:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2 [Auto | Running])
SRV - [2008-07-29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004-08-10 13:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007-06-04 23:14:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007-06-04 23:14:50 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008-07-29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009-07-13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - File not found -- -- (LBTServ [On_Demand | Stopped])
SRV - [2008-07-26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Running])
SRV - [2008-07-26 08:25:36 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2005-08-05 14:16:40 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004-08-10 08:30:26 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2009-09-17 01:19:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe -- (N360 [Auto | Running])
SRV - [2006-10-31 14:56:24 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2004-11-19 12:26:40 | 00,147,456 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008-07-29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009-05-01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (nvsvc [Auto | Running])
SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006-10-31 14:56:28 | 00,052,736 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2006-11-03 10:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001-08-17 22:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2004-08-04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001-08-17 22:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001-08-17 22:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2005-08-03 22:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
DRV - [2008-07-01 21:59:08 | 00,278,984 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2009-09-17 01:19:19 | 00,259,632 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\BHDrvx86.sys -- (BHDrvx86 [System | Running])
DRV - [2009-09-17 01:19:20 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\ccHPx86.sys -- (ccHP [System | Running])
DRV - [2001-08-23 18:04:44 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001-08-17 22:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2005-09-08 06:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005-08-25 13:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005-09-08 06:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005-09-08 06:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005-09-08 06:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005-09-08 06:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005-08-25 13:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005-09-08 06:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005-09-08 06:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005-09-12 04:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005-08-12 06:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2005-06-13 13:58:04 | 00,162,816 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2009-09-16 19:56:54 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009-09-16 19:56:54 | 00,102,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2009-09-17 01:19:20 | 00,026,600 | R--- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004-08-12 18:45:54 | 00,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007-03-08 06:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2007-03-08 06:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2007-03-08 06:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2009-09-10 22:10:19 | 00,329,080 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090916.003\IDSxpx86.sys -- (IDSxpx86 [System | Running])
DRV - [2007-04-11 15:32:52 | 00,034,832 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2007-05-05 13:45:51 | 00,018,048 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2008-05-25 14:20:31 | 00,137,344 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\litsgt.sys -- (litsgt [Auto | Running])
DRV - [2007-04-11 15:32:58 | 00,036,112 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2007-04-11 15:33:14 | 00,028,688 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LUsbFilt.Sys -- (LUsbFilt [On_Demand | Running])
DRV - [2008-07-26 08:25:02 | 00,025,624 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
DRV - [2008-07-26 17:25:46 | 00,627,864 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\lvrs.sys -- (LVRS [On_Demand | Stopped])
DRV - [2008-07-26 17:26:20 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
DRV - [2001-08-17 22:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2009-09-16 19:56:54 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090930.002\NAVENG.SYS -- (NAVENG [On_Demand | Stopped])
DRV - [2009-09-16 19:56:54 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090930.002\NAVEX15.SYS -- (NAVEX15 [On_Demand | Stopped])
DRV - [2009-04-30 22:02:00 | 08,055,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2008-07-26 17:22:20 | 00,013,848 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\lv302af.sys -- (pepifilter [On_Demand | Stopped])
DRV - [2008-07-26 17:22:32 | 02,570,520 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\LV302V32.SYS -- (PID_PEPI [On_Demand | Stopped])
DRV - [2004-08-10 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005-04-25 03:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001-08-17 22:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001-08-17 22:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001-08-17 22:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007-11-13 12:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2006-03-26 14:22:14 | 00,051,200 | ---- | M] (Protection Technology (StarForce)) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
DRV - [2006-03-13 11:38:23 | 00,006,656 | ---- | M] (Protection Technology (StarForce)) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2004-12-03 12:20:41 | 00,020,544 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
DRV - [2006-03-24 18:27:01 | 00,050,176 | ---- | M] (Protection Technology (StarForce)) -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04 [Boot | Running])
DRV - [2005-11-03 16:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02 [Boot | Running])
DRV - [2004-08-04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001-08-17 23:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2008-02-24 12:46:02 | 00,715,248 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009-09-17 01:19:20 | 00,308,272 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SRTSP.SYS -- (SRTSP [On_Demand | Stopped])
DRV - [2009-09-17 01:19:20 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2005-11-16 15:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001-08-17 23:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001-08-17 23:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2009-09-17 01:19:20 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMEFA.SYS -- (SymEFA [Boot | Running])
DRV - [2009-09-17 01:19:43 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009-09-17 01:19:20 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2009-09-17 01:19:20 | 00,033,072 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2009-09-17 01:19:20 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM [On_Demand | Stopped])
DRV - [2009-09-17 01:19:20 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP [On_Demand | Running])
DRV - [2009-09-17 01:19:20 | 00,036,400 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2009-09-17 01:19:20 | 00,217,136 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2001-08-17 23:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001-08-17 23:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2008-05-25 14:20:31 | 00,012,032 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\tansgt.sys -- (tansgt [Auto | Running])
DRV - [2001-08-17 22:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2004-06-11 01:31:20 | 00,135,168 | R--- | M] () -- C:\WINDOWS\UNDPX2A.exe -- (UNDPX2A [On_Demand | Stopped])
DRV - [2004-08-03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2004-06-26 16:22:00 | 00,006,016 | ---- | M] (RDV Soft) -- C:\WINDOWS\System32\Drivers\vnccom.SYS -- (vnccom [Auto | Running])
DRV - [2004-06-26 16:22:00 | 00,004,736 | ---- | M] (RDV Soft) -- C:\WINDOWS\System32\DRIVERS\vncdrv.sys -- (vncdrv [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.fr/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.fr/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-413838125-2170784474-235814362-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-413838125-2170784474-235814362-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-413838125-2170784474-235814362-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-413838125-2170784474-235814362-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-413838125-2170784474-235814362-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-413838125-2170784474-235814362-1005\S-1-5-21-413838125-2170784474-235814362-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-413838125-2170784474-235814362-1005\S-1-5-21-413838125-2170784474-235814362-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-07-01 20:12:06 | 00,000,000 | ---D | M]

[2007-01-26 14:45:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Val\Application Data\mozilla\Firefox\Profiles\3bbamqx1.default\extensions
[2008-03-06 01:57:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008-01-08 20:56:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008-02-27 01:07:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2007-07-27 01:03:34 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2003-07-15 06:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2007-05-10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2006-10-07 05:18:48 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2006-10-07 05:01:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2005-08-09 20:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll

O1 HOSTS File: (965 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-413838125-2170784474-235814362-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-413838125-2170784474-235814362-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Antivirus Pro 2010] C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe File not found
O4 - HKLM..\Run: [calc] C:\WINDOWS\System32\calc.DLL (Microsoft)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\.DEFAULT..\Run: [calc] C:\WINDOWS\system32\config\systemprofile\ntuser.dll (Microsoft)
O4 - HKU\.DEFAULT..\Run: [mserv] C:\WINDOWS\System32\config\systemprofile\Application Data\seres.exe File not found
O4 - HKU\.DEFAULT..\Run: [svchost] C:\WINDOWS\System32\config\systemprofile\Application Data\svcst.exe File not found
O4 - HKU\.DEFAULT..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe File not found
O4 - HKU\S-1-5-18..\Run: [calc] C:\WINDOWS\system32\config\systemprofile\ntuser.dll (Microsoft)
O4 - HKU\S-1-5-18..\Run: [mserv] C:\WINDOWS\System32\config\systemprofile\Application Data\seres.exe File not found
O4 - HKU\S-1-5-18..\Run: [svchost] C:\WINDOWS\System32\config\systemprofile\Application Data\svcst.exe File not found
O4 - HKU\S-1-5-18..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe File not found
O4 - HKU\S-1-5-21-413838125-2170784474-235814362-1005..\Run: [calc] C:\DOCUME~1\NETWOR~1\ntuser.DLL File not found
O4 - HKU\S-1-5-21-413838125-2170784474-235814362-1005..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\System32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-413838125-2170784474-235814362-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-413838125-2170784474-235814362-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-413838125-2170784474-235814362-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-413838125-2170784474-235814362-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-413838125-2170784474-235814362-1005\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/Shar ... vSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} http://www.symantec.com/techsupp/active ... rdtinf.cab (AxProdInfoCtl Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/fl ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/rel/41/ins ... downde.cab (Dell PC Checkup Installer Control)
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} http://update.hpphoto.com/download/HPSWUpdate.ocx (CUpdateCtl Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll - c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005-09-01 07:17:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999-09-26 02:30:52 | 00,000,980 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{36343c9e-57ca-11dd-85f9-001372d65a8d}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{556166ec-7f51-11de-8696-001372e694ac}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
O33 - MountPoints2\{556166ec-7f51-11de-8696-001372e694ac}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009-09-30 22:00:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Application Data\Malwarebytes
[2009-09-30 22:00:06 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009-09-30 22:00:03 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-09-30 22:00:02 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-09-30 22:00:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009-09-30 22:00:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009-09-30 21:59:42 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Val\Bureau\mbam-setup.exe
[2009-09-30 21:59:40 | 00,518,144 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Val\Bureau\OTL.exe
[2009-09-30 21:19:30 | 00,019,295 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ubukeg.bat
[2009-09-30 21:19:30 | 00,019,120 | ---- | C] () -- C:\WINDOWS\pecuxydy.reg
[2009-09-30 21:19:30 | 00,018,384 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uqyjin.bin
[2009-09-30 21:19:30 | 00,017,289 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bohi.bat
[2009-09-30 21:19:30 | 00,016,429 | ---- | C] () -- C:\Program Files\Fichiers communs\oloxoqyty.bin
[2009-09-30 21:19:30 | 00,016,370 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\izeritaguz.com
[2009-09-30 21:19:30 | 00,014,110 | ---- | C] () -- C:\WINDOWS\lixewew._sy
[2009-09-30 21:19:30 | 00,013,891 | ---- | C] () -- C:\WINDOWS\adaze.bat
[2009-09-30 21:19:30 | 00,013,369 | ---- | C] () -- C:\WINDOWS\xuxik.dll
[2009-09-30 21:19:30 | 00,013,086 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hipiq.dat
[2009-09-30 21:19:30 | 00,012,648 | ---- | C] () -- C:\WINDOWS\ijoweje.bat
[2009-09-30 21:19:30 | 00,012,447 | ---- | C] () -- C:\WINDOWS\System32\acosiki.sys
[2009-09-30 21:19:30 | 00,011,342 | ---- | C] () -- C:\WINDOWS\System32\nyne.vbs
[2009-09-30 21:19:30 | 00,010,311 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\geqyfuhal.dat
[2009-09-30 21:19:05 | 00,167,424 | ---- | C] (Legal Corporation) -- C:\WINDOWS\System32\_scui.cpl
[2009-09-30 16:23:30 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\mail calamo2.doc
[2009-09-30 11:19:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Mes documents\sauvegarde
[2009-09-30 11:10:56 | 85,457,223 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\grappe.c4d
[2009-09-30 11:10:16 | 07,695,365 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\grappe.rar
[2009-09-29 20:07:58 | 00,001,955 | ---- | C] () -- C:\Documents and Settings\Val\Bureau\Azada 2 Ancient Magic .lnk
[2009-09-28 14:43:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Mes documents\SMC Zogolo
[2009-09-27 12:01:35 | 00,000,000 | ---D | C] -- C:\Program Files\Games
[2009-09-27 12:00:57 | 38,874,337 | ---- | C] (Games ) -- C:\Documents and Settings\Val\Bureau\Dream Chronicles 2 The Eternal Maze.exe
[2009-09-27 11:36:13 | 00,429,192 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\ss454.jpg
[2009-09-26 19:03:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009-09-26 19:01:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Application Data\PlayFirst
[2009-09-25 23:12:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Bureau\sauvegarde
[2009-09-25 23:02:48 | 00,306,126 | ---- | C] () -- C:\Documents and Settings\Val\Bureau\casier.c4d
[2009-09-25 22:39:13 | 00,606,577 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\Image4.jpg
[2009-09-25 22:31:13 | 00,496,035 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\Image3.jpg
[2009-09-25 22:10:05 | 00,128,711 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\SelecAretes.jpg
[2009-09-25 21:57:46 | 00,270,704 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\creationPoly.jpg
[2009-09-25 17:54:08 | 00,218,887 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\BPCube.jpg
[2009-09-23 22:20:34 | 04,401,164 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\12-%20Ouf%20le%20processeur%20rentre%20bien.jpg
[2009-09-23 21:51:29 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\Trad Mails ArtsversusCalamo.doc
[2009-09-23 15:05:35 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\Codes.xls
[2009-09-21 19:32:48 | 01,046,495 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\tut_bp3_part_04.pdf
[2009-09-21 19:02:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Mes documents\radio
[2009-09-21 19:00:00 | 00,531,179 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\radio.zip
[2009-09-21 16:03:31 | 00,150,120 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\Signure.pspimage
[2009-09-20 19:13:56 | 00,110,847 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\Image2.jpg
[2009-09-20 19:12:52 | 00,081,557 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\Image1.jpg
[2009-09-20 15:00:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Mes documents\Dame à la capuche
[2009-09-17 20:22:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2009-09-17 19:39:45 | 00,006,844 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\CourSMCThumb.jpg
[2009-09-17 19:33:32 | 00,095,000 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\CourSMC.jpg
[2009-09-17 01:21:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Mes documents\Symantec
[2009-09-17 01:20:22 | 00,690,626 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\Cat.DB
[2009-09-17 01:19:54 | 00,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009-09-17 01:19:43 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009-09-17 01:19:43 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009-09-17 01:19:43 | 00,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009-09-17 01:19:43 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009-09-17 01:19:43 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009-09-17 01:19:20 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.sys
[2009-09-17 01:19:20 | 00,308,272 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.sys
[2009-09-17 01:19:20 | 00,217,136 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symtdi.sys
[2009-09-17 01:19:20 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symfw.sys
[2009-09-17 01:19:20 | 00,048,688 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndisv.sys
[2009-09-17 01:19:20 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.sys
[2009-09-17 01:19:20 | 00,036,400 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndis.sys
[2009-09-17 01:19:20 | 00,033,072 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symids.sys
[2009-09-17 01:19:19 | 00,482,432 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\cchpx86.sys
[2009-09-17 01:19:19 | 00,259,632 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.sys
[2009-09-17 01:18:50 | 00,001,562 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNetV.inf
[2009-09-17 01:18:50 | 00,001,561 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.inf
[2009-09-17 01:18:50 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\isolate.ini
[2009-09-17 01:18:49 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.inf
[2009-09-17 01:18:49 | 00,001,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.inf
[2009-09-17 01:18:49 | 00,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.inf
[2009-09-17 01:18:49 | 00,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.inf
[2009-09-17 01:18:49 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.inf
[2009-09-17 01:18:22 | 00,009,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symnetv.cat
[2009-09-17 01:18:22 | 00,009,402 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.cat
[2009-09-17 01:18:22 | 00,007,431 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.cat
[2009-09-17 01:18:22 | 00,007,429 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.cat
[2009-09-17 01:18:22 | 00,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.cat
[2009-09-17 01:18:20 | 00,007,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\bhdrvx86.cat
[2009-09-17 01:18:20 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.cat
[2009-09-17 01:18:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0305020.00B
[2009-09-17 01:18:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2009-09-17 01:18:09 | 00,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2009-09-16 23:16:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009-09-16 23:16:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009-09-16 23:16:18 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009-09-16 23:16:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009-09-14 20:13:58 | 05,250,445 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\ChataigierBump.jpg
[2009-09-14 20:10:34 | 06,497,334 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\ChataignierBlanc.jpg
[2009-09-14 20:06:44 | 07,526,123 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\ChataignierGris.jpg
[2009-09-14 20:06:30 | 07,526,123 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\ChataigierGris.jpg
[2009-09-14 19:19:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Mes documents\Théière & Tasses
[2009-09-14 18:02:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Mes documents\Théière
[2009-09-10 22:18:54 | 00,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2009-09-09 10:22:41 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009-07-23 17:44:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SetPointInstall.ini
[2009-05-01 00:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-05-01 00:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009-05-01 00:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-05-01 00:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009-01-16 15:59:56 | 00,000,362 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008-07-26 08:25:02 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008-05-25 14:20:31 | 00,137,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\litsgt.sys
[2008-05-25 14:20:31 | 00,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\tansgt.sys
[2008-03-06 12:53:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008-02-25 17:00:33 | 00,000,023 | -HS- | C] () -- C:\WINDOWS\System32\ddaeedb0_d.dll
[2008-02-17 11:49:06 | 00,000,235 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008-02-04 21:20:23 | 00,000,039 | ---- | C] () -- C:\WINDOWS\System32\CielComponent.ini
[2008-02-04 21:16:45 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\xxxprogress.dll
[2007-12-10 21:09:18 | 00,715,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007-11-09 22:10:17 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2007-09-09 22:25:05 | 00,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2007-07-29 21:30:47 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2007-07-24 22:29:55 | 00,000,054 | ---- | C] () -- C:\WINDOWS\CmdFile.INI
[2007-05-05 13:45:51 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007-05-05 13:45:51 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007-03-25 13:59:36 | 00,558,592 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2007-03-25 13:59:35 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007-03-25 13:59:35 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007-03-25 13:59:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007-03-25 13:59:33 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007-03-25 13:59:32 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007-03-13 21:23:51 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007-02-06 21:08:33 | 00,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007-02-06 20:55:06 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006-12-16 13:59:53 | 00,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys
[2006-12-10 20:53:41 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006-09-28 15:55:34 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2006-09-26 15:01:40 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006-09-23 21:08:30 | 00,000,041 | ---- | C] () -- C:\WINDOWS\System32\dbbdafddc_d.dll
[2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006-07-28 23:55:25 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006-07-14 14:30:21 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-07-13 00:38:38 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\72CC8C18CD.sys
[2006-07-13 00:38:23 | 00,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006-07-11 21:42:18 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006-07-11 20:52:48 | 00,000,504 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006-07-05 19:41:43 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006-07-05 19:36:28 | 00,000,415 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006-07-05 19:10:07 | 00,000,537 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005-11-10 02:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005-09-01 07:12:11 | 00,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005-09-01 06:53:38 | 00,001,071 | ---- | C] () -- C:\WINDOWS\win.ini
[2005-09-01 06:53:35 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005-08-05 16:38:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[1997-06-14 12:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
Valérie
 
Messages: 41
Inscription: 13 Sep 2005, 14:26
Localisation: Région Centre

Messagede Valérie » 30 Sep 2009, 21:33

suite du log otl.txt

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009-09-30 22:00:06 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009-09-30 21:51:39 | 00,229,488 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009-09-30 21:51:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-09-30 21:51:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-09-30 21:51:22 | 32,192,79872 | -HS- | M] () -- C:\hiberfil.sys
[2009-09-30 21:19:30 | 00,019,295 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ubukeg.bat
[2009-09-30 21:19:30 | 00,019,120 | ---- | M] () -- C:\WINDOWS\pecuxydy.reg
[2009-09-30 21:19:30 | 00,018,384 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\uqyjin.bin
[2009-09-30 21:19:30 | 00,017,289 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bohi.bat
[2009-09-30 21:19:30 | 00,016,429 | ---- | M] () -- C:\Program Files\Fichiers communs\oloxoqyty.bin
[2009-09-30 21:19:30 | 00,016,370 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\izeritaguz.com
[2009-09-30 21:19:30 | 00,014,110 | ---- | M] () -- C:\WINDOWS\lixewew._sy
[2009-09-30 21:19:30 | 00,013,891 | ---- | M] () -- C:\WINDOWS\adaze.bat
[2009-09-30 21:19:30 | 00,013,369 | ---- | M] () -- C:\WINDOWS\xuxik.dll
[2009-09-30 21:19:30 | 00,013,086 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hipiq.dat
[2009-09-30 21:19:30 | 00,012,648 | ---- | M] () -- C:\WINDOWS\ijoweje.bat
[2009-09-30 21:19:30 | 00,012,447 | ---- | M] () -- C:\WINDOWS\System32\acosiki.sys
[2009-09-30 21:19:30 | 00,011,342 | ---- | M] () -- C:\WINDOWS\System32\nyne.vbs
[2009-09-30 21:19:30 | 00,010,311 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\geqyfuhal.dat
[2009-09-30 16:23:30 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\mail calamo2.doc
[2009-09-30 15:57:47 | 00,001,071 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-09-30 15:57:47 | 00,000,322 | ---- | M] () -- C:\WINDOWS\System32\CRUNX.BIN
[2009-09-30 11:10:16 | 07,695,365 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\grappe.rar
[2009-09-30 10:59:34 | 85,457,223 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\grappe.c4d
[2009-09-29 20:50:00 | 00,167,424 | ---- | M] (Legal Corporation) -- C:\WINDOWS\System32\_scui.cpl
[2009-09-29 20:07:58 | 00,001,955 | ---- | M] () -- C:\Documents and Settings\Val\Bureau\Azada 2 Ancient Magic .lnk
[2009-09-29 08:49:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-09-28 00:36:20 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Val\Bureau\OTL.exe
[2009-09-27 11:59:38 | 38,874,337 | ---- | M] (Games ) -- C:\Documents and Settings\Val\Bureau\Dream Chronicles 2 The Eternal Maze.exe
[2009-09-27 11:36:01 | 00,429,192 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\ss454.jpg
[2009-09-25 23:44:48 | 00,306,126 | ---- | M] () -- C:\Documents and Settings\Val\Bureau\casier.c4d
[2009-09-25 22:39:13 | 00,606,577 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\Image4.jpg
[2009-09-25 22:31:13 | 00,496,035 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\Image3.jpg
[2009-09-25 22:10:05 | 00,128,711 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\SelecAretes.jpg
[2009-09-25 21:57:46 | 00,270,704 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\creationPoly.jpg
[2009-09-25 17:54:08 | 00,218,887 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\BPCube.jpg
[2009-09-23 22:33:47 | 00,150,120 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\Signure.pspimage
[2009-09-23 22:20:30 | 04,401,164 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\12-%20Ouf%20le%20processeur%20rentre%20bien.jpg
[2009-09-23 21:51:29 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\Trad Mails ArtsversusCalamo.doc
[2009-09-23 15:05:36 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\Codes.xls
[2009-09-22 17:36:16 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-09-21 19:32:48 | 01,046,495 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\tut_bp3_part_04.pdf
[2009-09-21 19:00:01 | 00,531,179 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\radio.zip
[2009-09-21 14:45:56 | 00,000,177 | ---- | M] () -- C:\CielVideo.ini
[2009-09-21 01:47:31 | 02,107,536 | -H-- | M] () -- C:\Documents and Settings\Val\Local Settings\Application Data\IconCache.db
[2009-09-20 19:13:56 | 00,110,847 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\Image2.jpg
[2009-09-20 19:12:52 | 00,081,557 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\Image1.jpg
[2009-09-17 19:39:45 | 00,006,844 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\CourSMCThumb.jpg
[2009-09-17 19:34:25 | 00,095,000 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\CourSMC.jpg
[2009-09-17 19:33:30 | 00,000,054 | ---- | M] () -- C:\WINDOWS\CmdFile.INI
[2009-09-17 01:20:47 | 00,690,626 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\Cat.DB
[2009-09-17 01:19:43 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009-09-17 01:19:43 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009-09-17 01:19:43 | 00,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009-09-17 01:19:43 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009-09-17 01:19:20 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\cchpx86.sys
[2009-09-17 01:19:20 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.sys
[2009-09-17 01:19:20 | 00,308,272 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.sys
[2009-09-17 01:19:20 | 00,217,136 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symtdi.sys
[2009-09-17 01:19:20 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symfw.sys
[2009-09-17 01:19:20 | 00,048,688 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndisv.sys
[2009-09-17 01:19:20 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.sys
[2009-09-17 01:19:20 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009-09-17 01:19:20 | 00,036,400 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndis.sys
[2009-09-17 01:19:20 | 00,033,072 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symids.sys
[2009-09-17 01:19:20 | 00,026,600 | R--- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2009-09-17 01:19:19 | 00,259,632 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.sys
[2009-09-17 01:19:07 | 00,107,368 | R--- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2009-09-17 01:18:50 | 00,001,562 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNetV.inf
[2009-09-17 01:18:50 | 00,001,561 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.inf
[2009-09-17 01:18:50 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\isolate.ini
[2009-09-17 01:18:49 | 00,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.inf
[2009-09-17 01:18:49 | 00,001,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.inf
[2009-09-17 01:18:49 | 00,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.inf
[2009-09-17 01:18:49 | 00,001,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.inf
[2009-09-17 01:18:49 | 00,000,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.inf
[2009-09-17 01:18:22 | 00,009,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symnetv.cat
[2009-09-17 01:18:22 | 00,009,402 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.cat
[2009-09-17 01:18:22 | 00,007,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.cat
[2009-09-17 01:18:22 | 00,007,429 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.cat
[2009-09-17 01:18:22 | 00,007,425 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.cat
[2009-09-17 01:18:20 | 00,007,400 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\bhdrvx86.cat
[2009-09-17 01:18:20 | 00,007,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.cat
[2009-09-14 20:13:59 | 05,250,445 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\ChataigierBump.jpg
[2009-09-14 20:10:35 | 06,497,334 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\ChataignierBlanc.jpg
[2009-09-14 20:06:46 | 07,526,123 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\ChataignierGris.jpg
[2009-09-14 20:06:32 | 07,526,123 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\ChataigierGris.jpg
[2009-09-10 22:57:58 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Val\Bureau\mbam-setup.exe
[2009-09-10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-09-10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-09-09 13:00:17 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
<End>
Valérie
 
Messages: 41
Inscription: 13 Sep 2005, 14:26
Localisation: Région Centre

Messagede Valérie » 30 Sep 2009, 21:34

Log extras.txt

OTL Extras logfile created on: 30-sept.-2009 22:09:59 - Run 1
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Documents and Settings\Val\Bureau
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd-MMM-yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228,13 Gb Total Space | 151,68 Gb Free Space | 66,49% Space Free | Partition Type: NTFS
Drive D: | 327,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3,84 Gb Total Space | 3,05 Gb Free Space | 79,53% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TRUQUINOU
Current User Name: Val
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Documents and Settings\Val\Mes documents\Téléchargements\myie20927\MyIE.exe File not found
.url [@ = InternetShortcut] -- C:\Documents and Settings\Val\Mes documents\Téléchargements\myie20927\MyIE.exe File not found

[HKEY_USERS\S-1-5-21-413838125-2170784474-235814362-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Maxthon2\Maxthon.exe (Maxthon International ltd.)
.url [@ = InternetShortcut] -- C:\Program Files\Maxthon2\Maxthon.exe (Maxthon International ltd.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Documents and Settings\Val\Mes documents\Téléchargements\myie20927\MyIE.exe" "%1" File not found
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Documents and Settings\Val\Mes documents\Téléchargements\myie20927\MyIE.exe" "%1" File not found
https [open] -- "C:\Documents and Settings\Val\Mes documents\Téléchargements\myie20927\MyIE.exe" "%1" File not found
InternetShortcut [open] -- "C:\Documents and Settings\Val\Mes documents\Téléchargements\myie20927\MyIE.exe" "%1" File not found
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe" = C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Fichiers communs\AOL\1196189961\ee\aolsoftware.exe" = C:\Program Files\Fichiers communs\AOL\1196189961\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Fichiers communs\AOL\1196189961\ee\aim6.exe" = C:\Program Files\Fichiers communs\AOL\1196189961\ee\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{04EC275A-F4B0-44F5-936A-4994E20A054F}" = Schizm II
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1D13221B-42DE-4B3C-A43F-0F6AF3CF3DA2}" = Client Windows Rights Management avec Service Pack 2
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Camera Support Core Library
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{582876EC-A178-44D4-9823-C10D6C62EAFF}" = AGEIA PhysX v2.6.0
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6901DD22-527A-41EF-9059-E81FEDE9E494}" = Windows Presentation Foundation Language Pack (FRA)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{9111040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A73ACE08-4CA7-4d08-912E-EFE4DF521B39}" = c7200_Help
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.4 - Français
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Camera Window
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7FB6B99-C93C-4818-825B-37EF4B64C80C}" = PS_AIO_02_Software
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0F1DFFB-F3B1-4B6A-A7F2-1117B6712201}_is1" = Orisha 1.0
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBF7A3DA-880B-4747-AB57-D74A4EBAC69E}" = Ciel eSauvegarde V2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4888DB-CE49-485b-AA3A-A9E0F361B277}" = C7200
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D25BDCF5-19F6-4d9e-B9C9-273FE81446C4}" = PS_AIO_02_ProductContext
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D64BC2CF-0F12-47d7-B412-B4F3FD684253}" = HP Photosmart All-In-One Software 9.0
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}" = Microsoft .NET Framework 3.0 French Language Pack
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EC905264-BCFE-423B-9C42-C3A106266790}" = SP2 de compatibilité descendante du client Windows Rights Management
"{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F619E2AF-677D-49bc-9618-D60BDFB925DB}" = C7200_doccd
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF0B0792-F6E7-4627-B820-EA50617E223B}" = QuarkXPress 6.0
"0D20D36D-A11C-444c-9AF7-70CBFED42ECF" = Otto
"1947ed9c549f680a9ed3f1fdbb9337a4" = Myst V End Of Ages
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II : The Conquerors Expansion
"AIM_6" = AIM 6
"Alhomepage_is1" = Alhomepage 1.0
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Azada 2 Ancient Magic v 1.0.4 FINAL 1.0.4" = Azada 2 Ancient Magic v 1.0.4 FINAL 1.0.4
"CCleaner" = CCleaner (remove only)
"DivX Codec" = DivX Codec
"DivX Player" = DivX Player
"Dream Chronicles 2 The Eternal Maze 1.00" = Dream Chronicles 2 The Eternal Maze 1.00
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"GTK 2.0" = Bibliothèques GTK+ 2.14.7 rev a (supprimer uniquement)
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Canon Camera Support Core Library
"InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"Jasc Paint Shop Pro 8.06 Update Patch" = Jasc Paint Shop Pro 8.06 Update Patch
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.67
"La boite a couleurs_is1" = La boite a couleurs version 1.6.15
"legacyqcam_11.10" = Coffret de pilotes Logitech Legacy USB Camera
"LucasArts' Curse of Monkey Island" = LucasArts' Curse of Monkey Island
"lvdrivers_11.80" = Coffret de pilotes Logitech QuickCam
"Mahjong Epic" = Mahjong Epic
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maxthon2" = Maxthon2 Browser (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0 French Language Pack" = Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton 360
"NET Render Release 10" = NET Render Release 10
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Perry Rhodan_is1" = Perry Rhodan
"Pidgin" = Pidgin
"PROSet" = Intel(R) PRO Network Connections Drivers
"QuickTime 3.0" = QuickTime 3.0
"Tarobot" = Tarobot (Enlever seulement)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 4" = TeamViewer 4
"Uru - Ages Beyond Myst" = Uru - Ages Beyond Myst
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6
"Vue 7 Infinite RenderCow" = Vue 7 Infinite RenderCow
"Vue 7 xStream 32bit" = Vue 7 xStream 32bit
"WCPTADeinstKey" = Ciel Compta pour Windows
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"WinRAR archiver" = Archiveur WinRAR
"winscp3_is1" = WinSCP 3.8.2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zork NemesisDeinstKey" = Zork Nemesis

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26-août-2009 08:59:15 | Computer Name = TRUQUINOU | Source = Application Hang | ID = 1002
Description = Application bloquée Paint Shop Pro X.exe, version 10.0.3.0, module
bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 26-août-2009 10:36:13 | Computer Name = TRUQUINOU | Source = Application Error | ID = 1000
Description = Application défaillante paint shop pro x.exe, version 10.0.3.0, module
défaillant mfc71.dll, version 7.10.3077.0, adresse de défaillance 0x0002a3a3.

Error - 26-août-2009 10:36:25 | Computer Name = TRUQUINOU | Source = Application Error | ID = 1000
Description = Application défaillante paint shop pro x.exe, version 10.0.3.0, module
défaillant mfc71.dll, version 7.10.3077.0, adresse de défaillance 0x0002a3a3.

Error - 26-août-2009 10:36:58 | Computer Name = TRUQUINOU | Source = Application Hang | ID = 1002
Description = Application bloquée Paint Shop Pro X.exe, version 10.0.3.0, module
bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 02-sept.-2009 03:30:06 | Computer Name = TRUQUINOU | Source = Application Hang | ID = 1002
Description = Application bloquée CINEMA 4D.exe, version 10.5.0.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 07-sept.-2009 09:40:09 | Computer Name = TRUQUINOU | Source = Application Hang | ID = 1002
Description = Application bloquée Maxthon.exe, version 2.1.5.1869, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 30-sept.-2009 15:39:03 | Computer Name = TRUQUINOU | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : A connection with the server could not be established

Error - 30-sept.-2009 15:40:07 | Computer Name = TRUQUINOU | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : A connection with the server could not be established

Error - 30-sept.-2009 15:52:50 | Computer Name = TRUQUINOU | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : A connection with the server could not be established

Error - 30-sept.-2009 15:54:10 | Computer Name = TRUQUINOU | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : A connection with the server could not be established
<End>
Valérie
 
Messages: 41
Inscription: 13 Sep 2005, 14:26
Localisation: Région Centre

Messagede nickW » 02 Oct 2009, 00:35

Bonsoir,


Premiers nettoyages, recherche de processus cachés (alias rootkits)

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec).
Sous Windows XP, pour vérifier si un compte a les droits "Administrateur":
Démarrer---->Paramètres---->Panneau de configuration---->Comptes d'utilisateurs
A côté de l'icône représentant certains comptes (hormis celui nommé "Administrateur"), il est indiqué "Administrateur de l'ordinateur"
C'est l'un de ces comptes qu'il faudra utiliser.



Étape 1: RootRepeal (de AD)
Télécharger RootRepeal via un clic droit sur l'un des liens ci-dessous:
http://ad13.geekstogo.com/RootRepeal.zip
http://rootrepeal.googlepages.com/RootRepeal.zip
http://rootrepeal.psikotick.com/RootRepeal.zip
Enregistrer le fichier sur le Bureau.
Créer un nouveau dossier nommé RootRepeal à la racine du disque système (dans ton cas, C:\)

Décompresser l'archive téléchargée dans ce nouveau dossier RootRepeal


Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Norton 360
*- Faire un clic droit sur l'icône Norton 360 norton360 dans la SysBarre (à coté de l'horloge)
*- Cliquer sur Ouvrir la fenêtre des tâches et des paramètres
*- Dans la partie droite, dans la paragraphe Paramètres, cliquer sur Modifier les paramètres avancés
*- Cliquer sur Paramètres de protection contre les virus et les logiciels espions
*- Décocher la case située devant Activer Auto-Protect, puis cliquer sur le bouton Appliquer
*- Dans la fenêtre d'Alerte, choisir la durée de désactivation: En permanence, puis cliquer sur OK



Étape 3: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection"
Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 4: RootRepeal (de AD)
Dans l'Explorateur, ouvrir le dossier RootRepeal
Faire un double clic sur RootRepeal.exe pour lancer l'outil.

Cliquer sur l'onglet Report (en bas de la fenêtre) comme ceci:
Image

Cliquer sur le bouton Scan
Image

Dans la nouvelle fenêtre Select Scan, cocher:
+ Drivers
+ Files
+ Processes
+ SSDT
+ Stealth Objects
+ Hidden Services
+ Shadow SSDT

Image

Cliquer sur le bouton OK
Dans la nouvelle fenêtre Select Drives, cocher le lecteur système (dans ton cas, C:\)
Image

Cliquer sur le bouton OK pour lancer l'analyse

Note: Cette analyse prend un certain temps. NE PAS LANCER d'autres programmes tant qu'elle est active.

Lorsque l'analyse est terminée, le bouton Save Report sera disponible.
Image

Cliquer sur ce bouton Save Report et enregistrer le fichier rapport dans le dossier RootRepeal sous le nom RootRepeal-091001.txt

Ouvrir le menu File, cliquer sur Exit pour fermer le programme.


Étape 5: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 6: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cocher (en haut) la case située devant Scan All Users:
Image

Puis cliquer sur le bouton Run Scan:
Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 7: Résultats
Envoyer en réponse:
*- le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-*-**-**** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs / *-**-**** (**-**-**) représente la date [mois-jour-année] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de RootRepeal (contenu du fichier RootRepeal-091001.txt)
Ce rapport peut être très long. Bien vérifier qu'il est complet dans le message envoyé. Si nécessaire, le découper en plusieurs messages.

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede Valérie » 02 Oct 2009, 08:58

Bonjour nickW et merci de ton intervention Image

Je m'apprête à effectuer les manips demandées mais il ne m'est pas possible de suivre cette étape :
nickW a écrit:Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Norton 360
*- Faire un clic droit sur l'icône Norton 360 norton360 dans la SysBarre (à coté de l'horloge)
*- Cliquer sur Ouvrir la fenêtre des tâches et des paramètres
*- Dans la partie droite, dans la paragraphe Paramètres, cliquer sur Modifier les paramètres avancés
*- Cliquer sur Paramètres de protection contre les virus et les logiciels espions
*- Décocher la case située devant Activer Auto-Protect, puis cliquer sur le bouton Appliquer
*- Dans la fenêtre d'Alerte, choisir la durée de désactivation: En permanence, puis cliquer sur OK


En effet,
- l'icône de Norton 360 a disparu de la SysBarre depuis le plantage de mon PC
- l'icône de Norton 360 dans les programmes récemment utilisées du menu démarrer ne réagit pas (pas d'ouverture de la fenêtre principale de N360)
- idem en passant par "tous les programmes", impossible d'ouvrir N360
- le fichier .exe qui lui est associé dans le dossier d'installation de N360 ne réagit pas non plus

En bref, je ne peux plus ouvrir N360 et ne peux donc pas désactiver la protection.
Cependant, je ne suis pas certaine que N360 soit toujours actif car je ne vois aucun des processus qui lui sont habituellement associé dans mon gestionnaire de tâche.

Je vais donc appliquer les diverses manips demandées en espérant que cela fonctionne tout de même.
Valérie
 
Messages: 41
Inscription: 13 Sep 2005, 14:26
Localisation: Région Centre

Messagede Valérie » 02 Oct 2009, 09:54

Re-bonjour M'ame nickw Image

Voici les résultats après les premiers nettoyages :

Au terme de la suppression de la sélection, Malwarebytes m'informe que certains fichiers ne seront supprimés qu'au reboot, je redémarre donc.

Log Malwarebytes

Malwarebytes' Anti-Malware 1.41
Version de la base de donnÈes: 2775
Windows 5.1.2600 Service Pack 2

02-oct-2009 10:14:31
mbam-log-2009-10-02 (10-14-31).txt

Type de recherche: Examen rapide
ElÈments examinÈs: 103335
Temps ÈcoulÈ: 5 minute(s), 1 second(s)

Processus mÈmoire infectÈ(s): 0
Module(s) mÈmoire infectÈ(s): 0
ClÈ(s) du Registre infectÈe(s): 1
Valeur(s) du Registre infectÈe(s): 1
ElÈment(s) de donnÈes du Registre infectÈ(s): 4
Dossier(s) infectÈ(s): 0
Fichier(s) infectÈ(s): 9

Processus mÈmoire infectÈ(s):
(Aucun ÈlÈment nuisible dÈtectÈ)

Module(s) mÈmoire infectÈ(s):
(Aucun ÈlÈment nuisible dÈtectÈ)

ClÈ(s) du Registre infectÈe(s):
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AlerterALG (Trojan.Downloader) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectÈe(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Antivirus Pro 2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.

ElÈment(s) de donnÈes du Registre infectÈ(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infectÈ(s):
(Aucun ÈlÈment nuisible dÈtectÈ)

Fichier(s) infectÈ(s):
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Val\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\rotscxbsldfemv.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\rotscxeyaaccdu.dat (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\rotscxqhdtcdol.dat (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\rotscxsvulqmyt.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\rotscxxyoqrusq.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\rotscxirlnnbqt.sys (Rootkit.TDSS) -> Delete on reboot.
Valérie
 
Messages: 41
Inscription: 13 Sep 2005, 14:26
Localisation: Région Centre

Messagede Valérie » 02 Oct 2009, 10:01

Après redémarrage, Windows m'informe qu'il a récupéré d'une erreur sérieuse.
L'icône de Norton 360 est toujours absente de la SysBarre et la fenêtre principale ne s'ouvre toujours pas malgré mes divers essais.

Je lance RootRepeal. Je me suis permise d'inclure le volume G: dans le scan car ce disque dur externe était connecté (en USB) au PC lorsque les ennuis ont commencés.

Pendant le scan de RootRepeal et après 5 mn une fenêtre Norton s'ouvre finalement en m'informant que le produit ne peut pas être démarré et que je dois redémarrer l'ordinateur.

Log RootRepeal :

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/02 10:20
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB429A000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xB85B8000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP2484
Image Path: \Driver\PCI_PNP2484
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB3B23000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spnj.sys
Image Path: spnj.sys
Address: 0xB7EA9000 Size: 1040384 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xB7D61000 Size: 323584 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Documents and Settings\LocalService\ntuser.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\NetworkService\ntuser.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Val\ntuser.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\calc.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\ntuser.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Val\Menu Démarrer\Programmes\Démarrage\scandisk.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Val\Menu Démarrer\Programmes\Démarrage\scandisk.lnk
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Démarrage\scandisk.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Démarrage\scandisk.lnk
Status: Invisible to the Windows API!

Path: Volume G:\
Status: MBR Rootkit Detected!

Path: Volume G:\, Sector 1
Status: Sector mismatch

Path: Volume G:\, Sector 2
Status: Sector mismatch

Path: Volume G:\, Sector 3
Status: Sector mismatch

Path: Volume G:\, Sector 4
Status: Sector mismatch

Path: Volume G:\, Sector 5
Status: Sector mismatch

Path: Volume G:\, Sector 6
Status: Sector mismatch

Path: Volume G:\, Sector 7
Status: Sector mismatch

Path: Volume G:\, Sector 8
Status: Sector mismatch

Path: Volume G:\, Sector 9
Status: Sector mismatch

Path: Volume G:\, Sector 10
Status: Sector mismatch

Path: Volume G:\, Sector 11
Status: Sector mismatch

Path: Volume G:\, Sector 12
Status: Sector mismatch

Path: Volume G:\, Sector 13
Status: Sector mismatch

Path: Volume G:\, Sector 14
Status: Sector mismatch

Path: Volume G:\, Sector 15
Status: Sector mismatch

Path: Volume G:\, Sector 16
Status: Sector mismatch

Path: Volume G:\, Sector 17
Status: Sector mismatch

Path: Volume G:\, Sector 18
Status: Sector mismatch

Path: Volume G:\, Sector 19
Status: Sector mismatch

Path: Volume G:\, Sector 20
Status: Sector mismatch

Path: Volume G:\, Sector 21
Status: Sector mismatch

Path: Volume G:\, Sector 22
Status: Sector mismatch

Path: Volume G:\, Sector 23
Status: Sector mismatch

Path: Volume G:\, Sector 24
Status: Sector mismatch

Path: Volume G:\, Sector 25
Status: Sector mismatch

Path: Volume G:\, Sector 26
Status: Sector mismatch

Path: Volume G:\, Sector 27
Status: Sector mismatch

Path: Volume G:\, Sector 28
Status: Sector mismatch

Path: Volume G:\, Sector 29
Status: Sector mismatch

Path: Volume G:\, Sector 30
Status: Sector mismatch

Path: Volume G:\, Sector 31
Status: Sector mismatch

Path: Volume G:\, Sector 32
Status: Sector mismatch

Path: Volume G:\, Sector 33
Status: Sector mismatch

Path: Volume G:\, Sector 34
Status: Sector mismatch

Path: Volume G:\, Sector 35
Status: Sector mismatch

Path: Volume G:\, Sector 36
Status: Sector mismatch

Path: Volume G:\, Sector 37
Status: Sector mismatch

Path: Volume G:\, Sector 38
Status: Sector mismatch

Path: Volume G:\, Sector 39
Status: Sector mismatch

Path: Volume G:\, Sector 40
Status: Sector mismatch

Path: Volume G:\, Sector 41
Status: Sector mismatch

Path: Volume G:\, Sector 42
Status: Sector mismatch

Path: Volume G:\, Sector 43
Status: Sector mismatch

Path: Volume G:\, Sector 44
Status: Sector mismatch

Path: Volume G:\, Sector 45
Status: Sector mismatch

Path: Volume G:\, Sector 46
Status: Sector mismatch

Path: Volume G:\, Sector 47
Status: Sector mismatch

Path: Volume G:\, Sector 48
Status: Sector mismatch

Path: Volume G:\, Sector 49
Status: Sector mismatch

Path: Volume G:\, Sector 50
Status: Sector mismatch

Path: Volume G:\, Sector 51
Status: Sector mismatch

Path: Volume G:\, Sector 52
Status: Sector mismatch

Path: Volume G:\, Sector 53
Status: Sector mismatch

Path: Volume G:\, Sector 54
Status: Sector mismatch

Path: Volume G:\, Sector 55
Status: Sector mismatch

Path: Volume G:\, Sector 56
Status: Sector mismatch

Path: Volume G:\, Sector 57
Status: Sector mismatch

Path: Volume G:\, Sector 58
Status: Sector mismatch

Path: Volume G:\, Sector 59
Status: Sector mismatch

Path: Volume G:\, Sector 60
Status: Sector mismatch

Path: Volume G:\, Sector 61
Status: Sector mismatch

Path: Volume G:\, Sector 62
Status: Sector mismatch

Path: G:\Base de données formation
Status: Visible to the Windows API, but not on disk.

Path: G:\ZbThumbnail.info
Status: Visible to the Windows API, but not on disk.

Path: G:\Base de données A & E
Status: Visible to the Windows API, but not on disk.

Path: G:\System Volume Information
Status: Visible to the Windows API, but not on disk.

Path: G:\Factures non parvenues 08-09.xls
Status: Visible to the Windows API, but not on disk.

Path: G:\Stock au 1er janvier 09.xls
Status: Visible to the Windows API, but not on disk.

Path: G:\âge MAien
Status: Visible to the Windows API, but not on disk.

Path: G:\Original Gradassi.bmp
Status: Visible to the Windows API, but not on disk.

Path: G:\bureau
Status: Visible to the Windows API, but not on disk.

Path: G:\ST831899.JPG
Status: Visible to the Windows API, but not on disk.

Path: G:\3D
Status: Visible to the Windows API, but not on disk.

Path: G:\fourches.jpg
Status: Visible to the Windows API, but not on disk.

Path: G:\untitled.bmp
Status: Visible to the Windows API, but not on disk.

Path: G:\ST831897.JPG
Status: Visible to the Windows API, but not on disk.

Path: G:\ST831898.JPG
Status: Visible to the Windows API, but not on disk.

Path: G:\SerieScribeFourche.pspimage
Status: Visible to the Windows API, but not on disk.

Path: G:\Courrier SEDEX 1.doc
Status: Visible to the Windows API, but not on disk.

Path: G:\DESKTOP.INI
Status: Visible to the Windows API, but not on disk.

Path: G:\Courrier SEDEX 2.doc
Status: Visible to the Windows API, but not on disk.

Path: G:\points.jpg
Status: Visible to the Windows API, but not on disk.

Path: G:\serieScribePoints.pspimage
Status: Visible to the Windows API, but not on disk.

Path: G:\Lettre AC avec Ignace.doc
Status: Visible to the Windows API, but not on disk.

Path: G:\SerieScribeFourche.jpg
Status: Visible to the Windows API, but not on disk.

Path: G:\serieScribePoints.jpg
Status: Visible to the Windows API, but not on disk.

Path: G:\blocs.jpg
Status: Visible to the Windows API, but not on disk.

Path: G:\serieScribeBlocs.pspimage
Status: Visible to the Windows API, but not on disk.

Path: G:\Lettre AC sans Ignace.doc
Status: Visible to the Windows API, but not on disk.

Path: G:\RECYCLED
Status: Visible to the Windows API, but not on disk.

Path: G:\Valérie perso
Status: Visible to the Windows API, but not on disk.

Path: G:\Arts & Enluminures
Status: Visible to the Windows API, but not on disk.

Path: G:\Docs chef
Status: Visible to the Windows API, but not on disk.

Path: G:\Téléchargements
Status: Visible to the Windows API, but not on disk.

Path: G:\N360_BACKUP
Status: Visible to the Windows API, but not on disk.

Path: G:\Thumbs.db
Status: Visible to the Windows API, but not on disk.

Path: G:\modèle facture D.Pardo.doc
Status: Visible to the Windows API, but not on disk.

Path: G:\Decadry 105x39.doc
Status: Visible to the Windows API, but not on disk.

Path: G:\Facture DPardo Avril.doc
Status: Visible to the Windows API, but not on disk.

Path: G:\Facture DPardo Mai.doc
Status: Visible to the Windows API, but not on disk.

Path: G:\Facture DPardoMars.doc
Status: Visible to the Windows API, but not on disk.

Path: G:\lettre mederic.doc
Status: Visible to the Windows API, but not on disk.

Path: G:\Stocks au 31-12-08.xls
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x8a61b058

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x8a6d3058

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a6f9708

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x8a6fce08

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x8aa24d68

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb4668130

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x8a67a978

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x8a668ce8

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x8a74b038

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x8a86e070

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb46683b0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb4668910

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x8a86b0b8

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spnj.sys" at address 0xb7ec7ca2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spnj.sys" at address 0xb7ec8030

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a63c710

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x8a92b058

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x8aabdd50

#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x8aa67828

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x8a64e108

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x8a924238

#: 119 Function Name: NtOpenKey
Status: Hooked by "spnj.sys" at address 0xb7eaa0c0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x8a6a70b8

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x8a866058

#: 125 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x8a70f800

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x8a697708

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a62cda8

#: 160 Function Name: NtQueryKey
Status: Hooked by "spnj.sys" at address 0xb7ec8108

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spnj.sys" at address 0xb7ec7f88

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x8abea3a8

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8a72b0b8

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8a691530

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x8a77e298

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb4668b60

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8a787070

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8a9e1738

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x8a670058

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x8a707058

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x8a694058

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a6d69a0

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x89796500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x89796500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x89796500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x89796500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89796500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89796500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x89796500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x89796500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89796500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89796500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89796500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89796500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89796500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89796500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89796500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89796500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x89796500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x89796500 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x8ad471f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x8ad471f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ad471f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x8ad471f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ad471f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x8ad471f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8aae01f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8aae01f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8aae01f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8aae01f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8aae01f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8aae01f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8aae01f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8aae01f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8aae01f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8aae01f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8aae01f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x8982b1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x8982b1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x8982b1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x8982b1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8982b1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x8982b1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8982b1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x8982b1f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x8acd71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x8acd71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x8acd71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x8acd71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8acd71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8acd71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8acd71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8acd71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x8acd71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8acd71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x8acd71f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x8ab1c1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x8ab1c1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ab1c1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ab1c1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x8ab1c1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ab1c1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x8ab1c1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8ad481f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8ad481f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8ad481f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8ad481f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ad481f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ad481f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8ad481f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8ad481f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8ad481f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ad481f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8ad481f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8a784500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8a784500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a784500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a784500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8a784500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8a784500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8aaef1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8aaef1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8aaef1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8aaef1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8aaef1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8aaef1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8aaef1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x8a786500 Size: 121

Object: Hidden Code [Driver: Cdfs؅䵃؁ం䉂晤, IRP_MJ_CREATE]
Process: System Address: 0x8ab87500 Size: 121

Object: Hidden Code [Driver: Cdfs؅䵃؁ం䉂晤, IRP_MJ_CLOSE]
Process: System Address: 0x8ab87500 Size: 121

Object: Hidden Code [Driver: Cdfs؅䵃؁ం䉂晤, IRP_MJ_READ]
Process: System Address: 0x8ab87500 Size: 121

Object: Hidden Code [Driver: Cdfs؅䵃؁ం䉂晤, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8ab87500 Size: 121

Object: Hidden Code [Driver: Cdfs؅䵃؁ం䉂晤, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8ab87500 Size: 121

Object: Hidden Code [Driver: Cdfs؅䵃؁ం䉂晤, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8ab87500 Size: 121

Object: Hidden Code [Driver: Cdfs؅䵃؁ం䉂晤, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8ab87500 Size: 121

Object: Hidden Code [Driver: Cdfs؅䵃؁ం䉂晤, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ab87500 Size: 121

Object: Hidden Code [Driver: Cdfs؅䵃؁ం䉂晤, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8ab87500 Size: 121

Object: Hidden Code [Driver: Cdfs؅䵃؁ం䉂晤, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8ab87500 Size: 121

Object: Hidden Code [Driver: Cdfs؅䵃؁ం䉂晤, IRP_MJ_CLEANUP]
Process: System Address: 0x8ab87500 Size: 121

Object: Hidden Code [Driver: Cdfs؅䵃؁ం䉂晤, IRP_MJ_PNP]
Process: System Address: 0x8ab87500 Size: 121

Hidden Services
-------------------
Service Name: rotscxdqypwbhw
Image Path: C:\WINDOWS\system32\drivers\rotscxirlnnbqt.sys

Shadow SSDT
-------------------
#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "<unknown>" at address 0x8a985cb0

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0x8a98a048

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "<unknown>" at address 0x8a683998

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "<unknown>" at address 0x8a969110

#: 428 Function Name: NtUserGetRawInputData
Status: Hooked by "<unknown>" at address 0x8ab95ae8

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "<unknown>" at address 0x8ab8d5a8

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "<unknown>" at address 0x8ab95ef8

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "<unknown>" at address 0x8aba38a8

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "<unknown>" at address ==EOF==
Valérie
 
Messages: 41
Inscription: 13 Sep 2005, 14:26
Localisation: Région Centre

Messagede Valérie » 02 Oct 2009, 10:04

Après avoir enregistré le rapport de RootRepeal, je redémarre.
Norton réapparaît dans la SysBarre et est actif.
Je me reconnecte au Net et le mets à jour.

Je lance OTL.

Log OTL :

OTL logfile created on: 02-oct.-2009 10:41:58 - Run 2
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Documents and Settings\Val\Bureau
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd-MMM-yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228,13 Gb Total Space | 165,77 Gb Free Space | 72,66% Space Free | Partition Type: NTFS
Drive D: | 327,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 3,84 Gb Total Space | 3,05 Gb Free Space | 79,50% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
Drive G: | 37,30 Gb Total Space | 20,18 Gb Free Space | 54,12% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TRUQUINOU
Current User Name: Val
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009-05-01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2004-11-17 15:48:40 | 00,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
PRC - [2009-06-05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007-06-13 15:22:28 | 01,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006-10-09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005-08-05 16:38:38 | 00,103,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2003-11-12 02:05:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
PRC - [2008-07-26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008-07-26 08:25:36 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2009-09-17 01:19:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
PRC - [2005-08-05 14:16:40 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2008-07-26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2005-03-22 17:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2008-08-14 17:11:48 | 00,565,008 | ---- | M] () -- C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2005-09-08 06:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2009-07-13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009-07-13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007-04-23 04:00:00 | 00,692,224 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2007-04-11 15:32:22 | 00,056,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
PRC - [2009-09-17 01:19:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
PRC - [2009-02-06 11:41:05 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009-09-28 00:36:20 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Val\Bureau\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009-06-05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008-07-25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005-08-03 22:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2008-07-25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006-10-09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005-08-05 16:38:38 | 00,103,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2004-11-17 15:48:40 | 00,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService [Auto | Running])
SRV - [2003-11-12 02:05:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2 [Auto | Running])
SRV - [2008-07-29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004-08-10 13:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007-06-04 23:14:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007-06-04 23:14:50 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008-07-29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009-07-13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - File not found -- -- (LBTServ [On_Demand | Stopped])
SRV - [2008-07-26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Running])
SRV - [2008-07-26 08:25:36 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2005-08-05 14:16:40 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004-08-10 08:30:26 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2009-09-17 01:19:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe -- (N360 [Auto | Running])
SRV - [2006-10-31 14:56:24 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2004-11-19 12:26:40 | 00,147,456 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008-07-29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009-05-01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (nvsvc [Auto | Running])
SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006-10-31 14:56:28 | 00,052,736 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2006-11-03 10:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001-08-17 22:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2004-08-04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001-08-17 22:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001-08-17 22:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2005-08-03 22:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
DRV - [2008-07-01 21:59:08 | 00,278,984 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2009-09-17 01:19:19 | 00,259,632 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\BHDrvx86.sys -- (BHDrvx86 [System | Running])
DRV - [2009-09-17 01:19:20 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\ccHPx86.sys -- (ccHP [System | Running])
DRV - [2001-08-23 18:04:44 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001-08-17 22:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2005-09-08 06:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005-08-25 13:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005-09-08 06:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005-09-08 06:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005-09-08 06:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005-09-08 06:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005-08-25 13:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005-09-08 06:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005-09-08 06:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005-09-12 04:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005-08-12 06:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2005-06-13 13:58:04 | 00,162,816 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2009-09-16 19:56:54 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009-09-16 19:56:54 | 00,102,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2009-09-17 01:19:20 | 00,026,600 | R--- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004-08-12 18:45:54 | 00,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007-03-08 06:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2007-03-08 06:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2007-03-08 06:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2009-09-10 22:10:19 | 00,329,080 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090916.003\IDSxpx86.sys -- (IDSxpx86 [System | Running])
DRV - [2007-04-11 15:32:52 | 00,034,832 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2007-05-05 13:45:51 | 00,018,048 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2008-05-25 14:20:31 | 00,137,344 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\litsgt.sys -- (litsgt [Auto | Running])
DRV - [2007-04-11 15:32:58 | 00,036,112 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2007-04-11 15:33:14 | 00,028,688 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LUsbFilt.Sys -- (LUsbFilt [On_Demand | Running])
DRV - [2008-07-26 08:25:02 | 00,025,624 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
DRV - [2008-07-26 17:25:46 | 00,627,864 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\lvrs.sys -- (LVRS [On_Demand | Stopped])
DRV - [2008-07-26 17:26:20 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
DRV - [2001-08-17 22:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2009-09-16 19:56:54 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091001.037\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009-09-16 19:56:54 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091001.037\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2009-04-30 22:02:00 | 08,055,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2008-07-26 17:22:20 | 00,013,848 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\lv302af.sys -- (pepifilter [On_Demand | Stopped])
DRV - [2008-07-26 17:22:32 | 02,570,520 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\LV302V32.SYS -- (PID_PEPI [On_Demand | Stopped])
DRV - [2004-08-10 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005-04-25 03:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001-08-17 22:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001-08-17 22:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001-08-17 22:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007-11-13 12:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2006-03-26 14:22:14 | 00,051,200 | ---- | M] (Protection Technology (StarForce)) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
DRV - [2006-03-13 11:38:23 | 00,006,656 | ---- | M] (Protection Technology (StarForce)) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2004-12-03 12:20:41 | 00,020,544 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
DRV - [2006-03-24 18:27:01 | 00,050,176 | ---- | M] (Protection Technology (StarForce)) -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04 [Boot | Running])
DRV - [2005-11-03 16:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02 [Boot | Running])
DRV - [2004-08-04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001-08-17 23:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2008-02-24 12:46:02 | 00,715,248 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009-09-17 01:19:20 | 00,308,272 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SRTSP.SYS -- (SRTSP [On_Demand | Running])
DRV - [2009-09-17 01:19:20 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2005-11-16 15:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001-08-17 23:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001-08-17 23:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2009-09-17 01:19:20 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMEFA.SYS -- (SymEFA [Boot | Running])
DRV - [2009-09-17 01:19:43 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009-09-17 01:19:20 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2009-09-17 01:19:20 | 00,033,072 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2009-09-17 01:19:20 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM [On_Demand | Stopped])
DRV - [2009-09-17 01:19:20 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP [On_Demand | Running])
DRV - [2009-09-17 01:19:20 | 00,036,400 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2009-09-17 01:19:20 | 00,217,136 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2001-08-17 23:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001-08-17 23:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2008-05-25 14:20:31 | 00,012,032 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\tansgt.sys -- (tansgt [Auto | Running])
DRV - [2001-08-17 22:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2004-06-11 01:31:20 | 00,135,168 | R--- | M] () -- C:\WINDOWS\UNDPX2A.exe -- (UNDPX2A [On_Demand | Stopped])
DRV - [2004-08-03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2004-06-26 16:22:00 | 00,006,016 | ---- | M] (RDV Soft) -- C:\WINDOWS\System32\Drivers\vnccom.SYS -- (vnccom [Auto | Running])
DRV - [2004-06-26 16:22:00 | 00,004,736 | ---- | M] (RDV Soft) -- C:\WINDOWS\System32\DRIVERS\vncdrv.sys -- (vncdrv [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.fr/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.fr/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-413838125-2170784474-235814362-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-413838125-2170784474-235814362-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-413838125-2170784474-235814362-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-413838125-2170784474-235814362-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-413838125-2170784474-235814362-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-413838125-2170784474-235814362-1005\S-1-5-21-413838125-2170784474-235814362-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-413838125-2170784474-235814362-1005\S-1-5-21-413838125-2170784474-235814362-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-07-01 20:12:06 | 00,000,000 | ---D | M]

[2007-01-26 14:45:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Val\Application Data\mozilla\Firefox\Profiles\3bbamqx1.default\extensions

O1 HOSTS File: (965 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-413838125-2170784474-235814362-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-413838125-2170784474-235814362-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [calc] C:\WINDOWS\System32\calc.DLL (Microsoft)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\.DEFAULT..\Run: [calc] C:\WINDOWS\system32\config\systemprofile\ntuser.dll (Microsoft)
O4 - HKU\.DEFAULT..\Run: [mserv] C:\WINDOWS\System32\config\systemprofile\Application Data\seres.exe File not found
O4 - HKU\.DEFAULT..\Run: [svchost] C:\WINDOWS\System32\config\systemprofile\Application Data\svcst.exe File not found
O4 - HKU\.DEFAULT..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe File not found
O4 - HKU\S-1-5-18..\Run: [calc] C:\WINDOWS\system32\config\systemprofile\ntuser.dll (Microsoft)
O4 - HKU\S-1-5-18..\Run: [mserv] C:\WINDOWS\System32\config\systemprofile\Application Data\seres.exe File not found
O4 - HKU\S-1-5-18..\Run: [svchost] C:\WINDOWS\System32\config\systemprofile\Application Data\svcst.exe File not found
O4 - HKU\S-1-5-18..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe File not found
O4 - HKU\S-1-5-21-413838125-2170784474-235814362-1005..\Run: [calc] C:\Documents and Settings\NetworkService\ntuser.dll (Microsoft)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\System32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-413838125-2170784474-235814362-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-413838125-2170784474-235814362-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-413838125-2170784474-235814362-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-413838125-2170784474-235814362-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-413838125-2170784474-235814362-1005\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/Shar ... vSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} http://www.symantec.com/techsupp/active ... rdtinf.cab (AxProdInfoCtl Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/fl ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/rel/41/ins ... downde.cab (Dell PC Checkup Installer Control)
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} http://update.hpphoto.com/download/HPSWUpdate.ocx (CUpdateCtl Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll - c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005-09-01 07:17:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999-09-26 02:30:52 | 00,000,980 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{36343c9e-57ca-11dd-85f9-001372d65a8d}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{556166ec-7f51-11de-8696-001372e694ac}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
O33 - MountPoints2\{556166ec-7f51-11de-8696-001372e694ac}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009-10-02 10:20:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Local Settings\Application Data\Symantec
[2009-10-02 10:07:38 | 00,000,000 | ---D | C] -- C:\RootRepeal
[2009-10-01 10:23:37 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009-09-30 22:00:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Application Data\Malwarebytes
[2009-09-30 22:00:06 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009-09-30 22:00:03 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-09-30 22:00:02 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-09-30 22:00:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009-09-30 22:00:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009-09-30 21:59:42 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Val\Bureau\mbam-setup.exe
[2009-09-30 21:59:40 | 00,518,144 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Val\Bureau\OTL.exe
[2009-09-30 21:19:30 | 00,019,295 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ubukeg.bat
[2009-09-30 21:19:30 | 00,019,120 | ---- | C] () -- C:\WINDOWS\pecuxydy.reg
[2009-09-30 21:19:30 | 00,018,384 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uqyjin.bin
[2009-09-30 21:19:30 | 00,017,289 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bohi.bat
[2009-09-30 21:19:30 | 00,016,429 | ---- | C] () -- C:\Program Files\Fichiers communs\oloxoqyty.bin
[2009-09-30 21:19:30 | 00,016,370 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\izeritaguz.com
[2009-09-30 21:19:30 | 00,014,110 | ---- | C] () -- C:\WINDOWS\lixewew._sy
[2009-09-30 21:19:30 | 00,013,891 | ---- | C] () -- C:\WINDOWS\adaze.bat
[2009-09-30 21:19:30 | 00,013,369 | ---- | C] () -- C:\WINDOWS\xuxik.dll
[2009-09-30 21:19:30 | 00,013,086 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hipiq.dat
[2009-09-30 21:19:30 | 00,012,648 | ---- | C] () -- C:\WINDOWS\ijoweje.bat
[2009-09-30 21:19:30 | 00,012,447 | ---- | C] () -- C:\WINDOWS\System32\acosiki.sys
[2009-09-30 21:19:30 | 00,011,342 | ---- | C] () -- C:\WINDOWS\System32\nyne.vbs
[2009-09-30 21:19:30 | 00,010,311 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\geqyfuhal.dat
[2009-09-30 16:23:30 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\mail calamo2.doc
[2009-09-30 11:19:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Mes documents\sauvegarde
[2009-09-30 11:10:56 | 85,457,223 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\grappe.c4d
[2009-09-30 11:10:16 | 07,695,365 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\grappe.rar
[2009-09-28 14:43:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Mes documents\SMC Zogolo
[2009-09-27 11:36:13 | 00,429,192 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\ss454.jpg
[2009-09-26 19:03:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009-09-26 19:01:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Application Data\PlayFirst
[2009-09-25 22:39:13 | 00,606,577 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\Image4.jpg
[2009-09-25 22:31:13 | 00,496,035 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\Image3.jpg
[2009-09-25 22:10:05 | 00,128,711 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\SelecAretes.jpg
[2009-09-25 21:57:46 | 00,270,704 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\creationPoly.jpg
[2009-09-25 17:54:08 | 00,218,887 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\BPCube.jpg
[2009-09-23 22:20:34 | 04,401,164 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\12-%20Ouf%20le%20processeur%20rentre%20bien.jpg
[2009-09-23 21:51:29 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\Trad Mails ArtsversusCalamo.doc
[2009-09-23 15:05:35 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\Codes.xls
[2009-09-21 19:32:48 | 01,046,495 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\tut_bp3_part_04.pdf
[2009-09-21 19:02:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Mes documents\radio
[2009-09-21 19:00:00 | 00,531,179 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\radio.zip
[2009-09-21 16:03:31 | 00,150,120 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\Signure.pspimage
[2009-09-20 19:13:56 | 00,110,847 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\Image2.jpg
[2009-09-20 19:12:52 | 00,081,557 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\Image1.jpg
[2009-09-20 15:00:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Mes documents\Dame à la capuche
[2009-09-17 20:22:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2009-09-17 19:39:45 | 00,006,844 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\CourSMCThumb.jpg
[2009-09-17 19:33:32 | 00,095,000 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\CourSMC.jpg
[2009-09-17 01:21:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Mes documents\Symantec
[2009-09-17 01:20:22 | 00,690,626 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\Cat.DB
[2009-09-17 01:19:54 | 00,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009-09-17 01:19:43 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009-09-17 01:19:43 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009-09-17 01:19:43 | 00,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009-09-17 01:19:43 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009-09-17 01:19:43 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009-09-17 01:19:20 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.sys
[2009-09-17 01:19:20 | 00,308,272 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.sys
[2009-09-17 01:19:20 | 00,217,136 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symtdi.sys
[2009-09-17 01:19:20 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symfw.sys
[2009-09-17 01:19:20 | 00,048,688 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndisv.sys
[2009-09-17 01:19:20 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.sys
[2009-09-17 01:19:20 | 00,036,400 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndis.sys
[2009-09-17 01:19:20 | 00,033,072 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symids.sys
[2009-09-17 01:19:19 | 00,482,432 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\cchpx86.sys
[2009-09-17 01:19:19 | 00,259,632 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.sys
[2009-09-17 01:18:50 | 00,001,562 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNetV.inf
[2009-09-17 01:18:50 | 00,001,561 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.inf
[2009-09-17 01:18:50 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\isolate.ini
[2009-09-17 01:18:49 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.inf
[2009-09-17 01:18:49 | 00,001,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.inf
[2009-09-17 01:18:49 | 00,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.inf
[2009-09-17 01:18:49 | 00,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.inf
[2009-09-17 01:18:49 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.inf
[2009-09-17 01:18:22 | 00,009,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symnetv.cat
[2009-09-17 01:18:22 | 00,009,402 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.cat
[2009-09-17 01:18:22 | 00,007,431 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.cat
[2009-09-17 01:18:22 | 00,007,429 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.cat
[2009-09-17 01:18:22 | 00,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.cat
[2009-09-17 01:18:20 | 00,007,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\bhdrvx86.cat
[2009-09-17 01:18:20 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.cat
[2009-09-17 01:18:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0305020.00B
[2009-09-17 01:18:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2009-09-17 01:18:09 | 00,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2009-09-16 23:16:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009-09-16 23:16:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009-09-16 23:16:18 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009-09-16 23:16:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009-09-14 20:13:58 | 05,250,445 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\ChataigierBump.jpg
[2009-09-14 20:10:34 | 06,497,334 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\ChataignierBlanc.jpg
[2009-09-14 20:06:44 | 07,526,123 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\ChataignierGris.jpg
[2009-09-14 20:06:30 | 07,526,123 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\ChataigierGris.jpg
[2009-09-14 19:19:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Mes documents\Théière & Tasses
[2009-09-14 18:02:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Mes documents\Théière
[2009-09-10 22:18:54 | 00,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2009-09-09 10:22:41 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009-07-23 17:44:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SetPointInstall.ini
[2009-05-01 00:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-05-01 00:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009-05-01 00:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-05-01 00:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009-01-16 15:59:56 | 00,000,384 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008-07-26 08:25:02 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008-05-25 14:20:31 | 00,137,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\litsgt.sys
[2008-05-25 14:20:31 | 00,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\tansgt.sys
[2008-03-06 12:53:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008-02-25 17:00:33 | 00,000,023 | -HS- | C] () -- C:\WINDOWS\System32\ddaeedb0_d.dll
[2008-02-17 11:49:06 | 00,000,235 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008-02-04 21:20:23 | 00,000,039 | ---- | C] () -- C:\WINDOWS\System32\CielComponent.ini
[2008-02-04 21:16:45 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\xxxprogress.dll
[2007-12-10 21:09:18 | 00,715,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007-11-09 22:10:17 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2007-09-09 22:25:05 | 00,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2007-07-29 21:30:47 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2007-07-24 22:29:55 | 00,000,054 | ---- | C] () -- C:\WINDOWS\CmdFile.INI
[2007-05-05 13:45:51 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007-05-05 13:45:51 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007-03-25 13:59:36 | 00,558,592 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2007-03-25 13:59:35 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007-03-25 13:59:35 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007-03-25 13:59:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007-03-25 13:59:33 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007-03-25 13:59:32 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007-03-13 21:23:51 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007-02-06 21:08:33 | 00,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007-02-06 20:55:06 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006-12-16 13:59:53 | 00,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys
[2006-12-10 20:53:41 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006-09-28 15:55:34 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2006-09-26 15:01:40 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006-09-23 21:08:30 | 00,000,041 | ---- | C] () -- C:\WINDOWS\System32\dbbdafddc_d.dll
[2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006-07-28 23:55:25 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006-07-14 14:30:21 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-07-13 00:38:38 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\72CC8C18CD.sys
[2006-07-13 00:38:23 | 00,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006-07-11 21:42:18 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006-07-11 20:52:48 | 00,000,504 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006-07-05 19:41:43 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006-07-05 19:36:28 | 00,000,415 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006-07-05 19:10:07 | 00,000,537 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005-11-10 02:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005-09-01 07:12:11 | 00,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005-09-01 06:53:38 | 00,001,073 | ---- | C] () -- C:\WINDOWS\win.ini
[2005-09-01 06:53:35 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005-08-05 16:38:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[1997-06-14 12:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
Valérie
 
Messages: 41
Inscription: 13 Sep 2005, 14:26
Localisation: Région Centre

Messagede Valérie » 02 Oct 2009, 10:07

Suite du log OTL :

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009-10-02 10:35:15 | 00,229,488 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009-10-02 10:35:15 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-10-02 10:35:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-10-02 10:35:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-10-02 10:34:56 | 32,192,79872 | -HS- | M] () -- C:\hiberfil.sys
[2009-10-01 10:50:09 | 00,001,073 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-10-01 10:50:09 | 00,000,322 | ---- | M] () -- C:\WINDOWS\System32\CRUNX.BIN
[2009-10-01 10:25:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\vpd.properties
[2009-10-01 10:06:54 | 00,000,384 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2009-09-30 22:00:06 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009-09-30 21:19:30 | 00,019,295 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ubukeg.bat
[2009-09-30 21:19:30 | 00,019,120 | ---- | M] () -- C:\WINDOWS\pecuxydy.reg
[2009-09-30 21:19:30 | 00,018,384 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\uqyjin.bin
[2009-09-30 21:19:30 | 00,017,289 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bohi.bat
[2009-09-30 21:19:30 | 00,016,429 | ---- | M] () -- C:\Program Files\Fichiers communs\oloxoqyty.bin
[2009-09-30 21:19:30 | 00,016,370 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\izeritaguz.com
[2009-09-30 21:19:30 | 00,014,110 | ---- | M] () -- C:\WINDOWS\lixewew._sy
[2009-09-30 21:19:30 | 00,013,891 | ---- | M] () -- C:\WINDOWS\adaze.bat
[2009-09-30 21:19:30 | 00,013,369 | ---- | M] () -- C:\WINDOWS\xuxik.dll
[2009-09-30 21:19:30 | 00,013,086 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hipiq.dat
[2009-09-30 21:19:30 | 00,012,648 | ---- | M] () -- C:\WINDOWS\ijoweje.bat
[2009-09-30 21:19:30 | 00,012,447 | ---- | M] () -- C:\WINDOWS\System32\acosiki.sys
[2009-09-30 21:19:30 | 00,011,342 | ---- | M] () -- C:\WINDOWS\System32\nyne.vbs
[2009-09-30 21:19:30 | 00,010,311 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\geqyfuhal.dat
[2009-09-30 16:23:30 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\mail calamo2.doc
[2009-09-30 11:10:16 | 07,695,365 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\grappe.rar
[2009-09-30 10:59:34 | 85,457,223 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\grappe.c4d
[2009-09-29 08:49:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-09-28 00:36:20 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Val\Bureau\OTL.exe
[2009-09-27 11:36:01 | 00,429,192 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\ss454.jpg
[2009-09-25 22:39:13 | 00,606,577 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\Image4.jpg
[2009-09-25 22:31:13 | 00,496,035 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\Image3.jpg
[2009-09-25 22:10:05 | 00,128,711 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\SelecAretes.jpg
[2009-09-25 21:57:46 | 00,270,704 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\creationPoly.jpg
[2009-09-25 17:54:08 | 00,218,887 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\BPCube.jpg
[2009-09-23 22:33:47 | 00,150,120 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\Signure.pspimage
[2009-09-23 22:20:30 | 04,401,164 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\12-%20Ouf%20le%20processeur%20rentre%20bien.jpg
[2009-09-23 21:51:29 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\Trad Mails ArtsversusCalamo.doc
[2009-09-23 15:05:36 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\Codes.xls
[2009-09-21 19:32:48 | 01,046,495 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\tut_bp3_part_04.pdf
[2009-09-21 19:00:01 | 00,531,179 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\radio.zip
[2009-09-21 14:45:56 | 00,000,177 | ---- | M] () -- C:\CielVideo.ini
[2009-09-21 01:47:31 | 02,107,536 | -H-- | M] () -- C:\Documents and Settings\Val\Local Settings\Application Data\IconCache.db
[2009-09-20 19:13:56 | 00,110,847 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\Image2.jpg
[2009-09-20 19:12:52 | 00,081,557 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\Image1.jpg
[2009-09-17 19:39:45 | 00,006,844 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\CourSMCThumb.jpg
[2009-09-17 19:34:25 | 00,095,000 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\CourSMC.jpg
[2009-09-17 19:33:30 | 00,000,054 | ---- | M] () -- C:\WINDOWS\CmdFile.INI
[2009-09-17 01:20:47 | 00,690,626 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\Cat.DB
[2009-09-17 01:19:43 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009-09-17 01:19:43 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009-09-17 01:19:43 | 00,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009-09-17 01:19:43 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009-09-17 01:19:20 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\cchpx86.sys
[2009-09-17 01:19:20 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.sys
[2009-09-17 01:19:20 | 00,308,272 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.sys
[2009-09-17 01:19:20 | 00,217,136 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symtdi.sys
[2009-09-17 01:19:20 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symfw.sys
[2009-09-17 01:19:20 | 00,048,688 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndisv.sys
[2009-09-17 01:19:20 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.sys
[2009-09-17 01:19:20 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009-09-17 01:19:20 | 00,036,400 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndis.sys
[2009-09-17 01:19:20 | 00,033,072 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symids.sys
[2009-09-17 01:19:20 | 00,026,600 | R--- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2009-09-17 01:19:19 | 00,259,632 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.sys
[2009-09-17 01:19:07 | 00,107,368 | R--- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2009-09-17 01:18:50 | 00,001,562 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNetV.inf
[2009-09-17 01:18:50 | 00,001,561 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.inf
[2009-09-17 01:18:50 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\isolate.ini
[2009-09-17 01:18:49 | 00,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.inf
[2009-09-17 01:18:49 | 00,001,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.inf
[2009-09-17 01:18:49 | 00,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.inf
[2009-09-17 01:18:49 | 00,001,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.inf
[2009-09-17 01:18:49 | 00,000,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.inf
[2009-09-17 01:18:22 | 00,009,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symnetv.cat
[2009-09-17 01:18:22 | 00,009,402 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.cat
[2009-09-17 01:18:22 | 00,007,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.cat
[2009-09-17 01:18:22 | 00,007,429 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.cat
[2009-09-17 01:18:22 | 00,007,425 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.cat
[2009-09-17 01:18:20 | 00,007,400 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\bhdrvx86.cat
[2009-09-17 01:18:20 | 00,007,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.cat
[2009-09-14 20:13:59 | 05,250,445 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\ChataigierBump.jpg
[2009-09-14 20:10:35 | 06,497,334 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\ChataignierBlanc.jpg
[2009-09-14 20:06:46 | 07,526,123 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\ChataignierGris.jpg
[2009-09-14 20:06:32 | 07,526,123 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\ChataigierGris.jpg
[2009-09-10 22:57:58 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Val\Bureau\mbam-setup.exe
[2009-09-10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-09-10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-09-09 13:00:17 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
<End>
Valérie
 
Messages: 41
Inscription: 13 Sep 2005, 14:26
Localisation: Région Centre

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 28 invités