[OK] Demande étude log suite à virus lançant IE intempestive

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[OK] Demande étude log suite à virus lançant IE intempestive

Messagede marcus91 » 28 Aoû 2010, 16:56

Bonjours à tous,

Sur mon PC XP home edition SP3, bien que protégé par McAfee, j'ai attrapé un virus dont les symptômes sont les suivants:
- Internet Exporer se lance de façon aléatoire avec une url différente à chaque fois, et qui n'est pas connue de moi.
- Sous task Manager, la charge CPU et très forte en permanence, proche de 100%, même sans aucune application ouverte.
- Messages d'erreur sur le fichier 5F44K5ou.exe: "5F44K5ou.exe a rencontré un problème et doit fermer. Nous vous prions de nous excuser pour le désagrément encouru".

J'ai suivi la procédure décrite sure ce forum pour fournir les logs OTL et Malwarebytes que je joins dans les messages suivants.

D'avance grand merci de votre aide pour m'aider à résoudre ce problème.
marcus91
 
Messages: 50
Inscription: 28 Aoû 2010, 16:44
Localisation: Essonne

Messagede marcus91 » 28 Aoû 2010, 16:58

LOG MALWAREBYTES:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4493

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

28/08/2010 17:00:26
mbam-log-2010-08-28 (17-00-26).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 180704
Temps écoulé: 17 minute(s), 13 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 21

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Documents and Settings\All Users\Documents\Settings\cbss.dll (Trojan.Agent) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xbv6rd5szf (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> No action taken.

Dossier(s) infecté(s):
C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.

Fichier(s) infecté(s):
C:\Documents and Settings\Marc\Local Settings\Temp\Gxn .exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marc\Local Settings\Temp\Gxt.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marc\Local Settings\Temp\Gxx.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marc\Local Settings\Temp\Gxy.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Marc\Local Settings\Temp\mkcxhunr.exe (Rogue.SecuritySuite) -> No action taken.
C:\Documents and Settings\Marc\Local Settings\Temp\3B0.tmp (Rootkit.Dropper) -> No action taken.
C:\Documents and Settings\Marc\Local Settings\Temp\3B2.tmp (Rootkit.Dropper) -> No action taken.
C:\Documents and Settings\Marc\Local Settings\Temp\3B4.tmp (Rootkit.Dropper) -> No action taken.
C:\Documents and Settings\Marc\Local Settings\Temporary Internet Files\Content.IE5\SYDWHU97\newsecureapp70700[1].exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> No action taken.
C:\Documents and Settings\Marc\Local Settings\Temp\Gxn .exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Marc\Bureau\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\Documents and Settings\All Users\Documents\Settings\cbss.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\Documents and Settings\Marc\Menu Démarrer\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\Documents and Settings\Marc\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> No action taken.
C:\Documents and Settings\Marc\Local Settings\Temp\sshnas21.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Fonts\k62B7kcr0.com (Malware.Generic) -> No action taken.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.

END
marcus91
 
Messages: 50
Inscription: 28 Aoû 2010, 16:44
Localisation: Essonne

Messagede marcus91 » 28 Aoû 2010, 16:59

LOG OTL TXT:

OTL logfile created on: 28/08/2010 17:04:21 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Marc\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 33,00% Memory free
3,00 Gb Paging File | 1,00 Gb Available in Paging File | 53,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 13,80 Gb Free Space | 14,13% Space Free | Partition Type: NTFS
Drive D: | 209,96 Gb Total Space | 6,46 Gb Free Space | 3,08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MEZZO-719C8ECD8
Current User Name: Marc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/28 17:02:12 | 000,035,852 | ---- | M] () -- C:\Program Files\QuickTime\QTTask .exe
PRC - [2010/08/28 17:01:54 | 000,035,860 | ---- | M] () -- C:\Program Files\QuickTime\QTTask .exe
PRC - [2010/08/28 17:01:32 | 000,035,852 | ---- | M] () -- C:\Program Files\QuickTime\QTTask .exe
PRC - [2010/08/28 17:00:35 | 000,035,852 | ---- | M] () -- C:\Program Files\QuickTime\QTTask .exe
PRC - [2010/08/28 16:13:14 | 000,072,706 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\5F44K5ou.exe
PRC - [2010/08/28 12:00:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marc\Bureau\OTL.exe
PRC - [2010/08/28 10:11:59 | 000,035,856 | ---- | M] () -- C:\Documents and Settings\Marc\Local Settings\Temp\Gxn .exe
PRC - [2010/08/28 09:44:47 | 000,035,852 | ---- | M] () -- C:\Documents and Settings\Marc\Local Settings\Temp\Gxn .exe
PRC - [2010/08/27 23:41:02 | 000,035,848 | ---- | M] () -- C:\Documents and Settings\Marc\Local Settings\Temp\Gxn.exe
PRC - [2010/08/27 23:40:59 | 000,035,848 | ---- | M] () -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/08/27 14:32:28 | 000,194,048 | ---- | M] (ApexDC++ Development Team) -- C:\WINDOWS\Gqifaf.exe
PRC - [2010/06/24 22:32:44 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent .exe
PRC - [2010/06/15 19:58:18 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/15 16:33:44 | 000,141,624 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper .exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Fichiers communs\Mcafee\SystemCore\mfefire.exe
PRC - [2010/04/27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Fichiers communs\Mcafee\SystemCore\mfevtps.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/02/04 22:21:15 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/30 16:21:31 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/05 19:04:02 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Fichiers communs\Mcafee\SystemCore\mcshield.exe
PRC - [2009/07/27 04:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/06/27 15:52:06 | 000,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched .exe
PRC - [2009/06/27 15:52:05 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/06/03 14:46:36 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/06/03 14:46:34 | 000,251,240 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner .exe
PRC - [2009/04/23 06:48:56 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 06:48:54 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/14 15:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp .exe
PRC - [2004/10/12 16:54:30 | 000,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
PRC - [2003/02/11 09:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE


========== Modules (SafeList) ==========

MOD - [2010/08/28 12:00:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marc\Bureau\OTL.exe
MOD - [2008/04/14 04:32:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/27 14:32:11 | 000,243,200 | ---- | M] (ApexDC++ Development Team) [Auto | Running] -- C:\Documents and Settings\Marc\Local Settings\Temp\sshnas21.dll -- (SSHNAS)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/04/27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Fichiers communs\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/02/04 22:21:15 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/05 19:04:02 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Fichiers communs\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2009/12/18 19:20:28 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009/12/17 17:37:52 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/06/03 14:46:36 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)


========== Driver Services (SafeList) ==========

DRV - [2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/23 14:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/25 14:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/13 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 01:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 01:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 01:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 01:05:00 | 000,002,271 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 03:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/07/14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2003/09/26 11:41:10 | 000,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [1997/12/09 01:32:00 | 000,003,616 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\as6eio.sys -- (as6eio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local



IE - HKU\S-1-5-21-1417001333-1788223648-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-21-1417001333-1788223648-725345543-1004\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1417001333-1788223648-725345543-1004\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKU\S-1-5-21-1417001333-1788223648-725345543-1004\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.)
IE - HKU\S-1-5-21-1417001333-1788223648-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1417001333-1788223648-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.fr"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/23 10:28:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 12:12:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/26 09:34:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/19 11:23:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/12/17 00:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Mozilla\Extensions
[2009/06/14 11:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/04/12 23:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\extensions
[2009/04/12 23:59:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/07/27 11:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\wk53unwo.default\extensions
[2010/03/20 15:25:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\wk53unwo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/04 19:02:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/01/16 03:10:07 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/01/16 03:10:07 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/16 03:10:07 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/08/19 17:14:46 | 000,002,027 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
[2010/01/16 03:10:07 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/03/25 17:07:43 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2004/08/19 14:58:24 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Fichiers communs\Mcafee\SystemCore\ScriptSn.20100518053014.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-1417001333-1788223648-725345543-1004\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-1417001333-1788223648-725345543-1004\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
O3 - HKU\S-1-5-21-1417001333-1788223648-725345543-1004\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask .exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe ()
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe ()
O4 - HKU\S-1-5-21-1417001333-1788223648-725345543-1004..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe ()
O4 - HKU\S-1-5-21-1417001333-1788223648-725345543-1004..\Run: [newsecureapp70700.exe] C:\Documents and Settings\Marc\Application Data\BF4822D78C446F035BF8F6241EBD3430\newsecureapp70700.exe File not found
O4 - HKU\S-1-5-21-1417001333-1788223648-725345543-1004..\Run: [OTGV1DNWQQ] C:\Documents and Settings\Marc\Local Settings\Temp\Gxv.exe ()
O4 - HKU\S-1-5-21-1417001333-1788223648-725345543-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ()
O4 - HKU\S-1-5-21-1417001333-1788223648-725345543-1004..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe ()
O4 - HKU\S-1-5-21-1417001333-1788223648-725345543-1004..\Run: [XBV6RD5SZF] C:\Documents and Settings\Marc\Local Settings\Temp\Gxn .exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\Invité\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Marc\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk = C:\Documents and Settings\Marc\Application Data\BF4822D78C446F035BF8F6241EBD3430\newsecureapp70700.exe File not found
O4 - Startup: C:\Documents and Settings\Marc\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Marc\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\vincent\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\vincent\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1417001333-1788223648-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} https://static.impots.gouv.fr/tdir/stat ... DP-2.0.cab (AdSignerLCContrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found
O20 - Winlogon\Notify\cbssreg: DllName - C:\Documents and Settings\All Users\Documents\Settings\cbss.dll - C:\Documents and Settings\All Users\Documents\Settings\cbss.dll ()
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Marc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/12 16:33:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d6a28aab-53a8-11de-90b8-00123f32f263}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - C:\Documents and Settings\Marc\Local Settings\Temp\sshnas21.dll (ApexDC++ Development Team)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/28 16:39:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/28 16:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/28 16:31:41 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Marc\Bureau\erunt-setup.exe
[2010/08/28 12:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\Malwarebytes
[2010/08/28 12:05:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/28 12:05:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/28 12:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/28 12:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/28 12:02:05 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marc\Bureau\mbam-setup.exe
[2010/08/28 12:00:08 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marc\Bureau\OTL.exe
[2010/08/28 10:10:45 | 000,194,048 | ---- | C] (ApexDC++ Development Team) -- C:\WINDOWS\Gqifaf.exe
[2010/08/28 10:04:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/08/28 09:42:54 | 000,194,048 | ---- | C] (ApexDC++ Development Team) -- C:\WINDOWS\Gqifae.exe
[2010/08/27 23:48:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/08/27 23:39:53 | 000,194,048 | ---- | C] (ApexDC++ Development Team) -- C:\WINDOWS\Gqifad.exe
[2010/08/27 23:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Canon Easy-WebPrint EX
[2010/08/27 23:37:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/27 23:36:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr
[2010/08/27 23:36:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/08/27 23:33:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/08/27 23:33:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/08/27 22:03:13 | 000,194,048 | ---- | C] (ApexDC++ Development Team) -- C:\WINDOWS\Gqifac.exe
[2010/08/27 19:11:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\Settings
[2010/08/27 14:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/27 14:32:11 | 000,194,048 | ---- | C] (ApexDC++ Development Team) -- C:\WINDOWS\Gqifab.exe
[2010/08/27 14:31:51 | 000,194,048 | ---- | C] (ApexDC++ Development Team) -- C:\WINDOWS\Gqifaa.exe
[2010/08/27 14:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\BF4822D78C446F035BF8F6241EBD3430
[2010/08/26 10:42:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/08/26 10:08:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/08/26 09:59:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2004/08/25 15:22:08 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/28 17:05:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
[2010/08/28 17:05:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/08/28 17:05:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/08/28 17:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At162.job
[2010/08/28 17:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At138.job
[2010/08/28 17:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At114.job
[2010/08/28 17:03:01 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/28 17:02:23 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\Marc\ntuser.dat
[2010/08/28 16:56:03 | 000,001,142 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1788223648-725345543-1004UA.job
[2010/08/28 16:51:22 | 000,000,280 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/08/28 16:35:05 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Marc\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/08/28 16:34:57 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Marc\Bureau\NTREGOPT.lnk
[2010/08/28 16:34:57 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Marc\Bureau\ERUNT.lnk
[2010/08/28 16:31:54 | 000,000,970 | ---- | M] () -- C:\Documents and Settings\Marc\Bureau\ntregopt-loc_fr.zip
[2010/08/28 16:31:41 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Marc\Bureau\erunt-setup.exe
[2010/08/28 16:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/08/28 16:23:00 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/28 16:18:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At168.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At167.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At166.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At165.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At164.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At163.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At161.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At160.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At159.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At158.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At157.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At156.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At155.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At154.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At153.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At152.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At151.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At150.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At149.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At148.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At147.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At146.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At145.job
[2010/08/28 16:13:14 | 000,072,706 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\5F44K5ou.exe
[2010/08/28 16:13:14 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\2uGL041F.dat
[2010/08/28 16:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
[2010/08/28 16:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/08/28 16:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/08/28 16:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At137.job
[2010/08/28 16:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At113.job
[2010/08/28 15:59:21 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/28 15:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/08/28 15:21:08 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/08/28 15:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
[2010/08/28 15:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/08/28 15:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/08/28 15:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At136.job
[2010/08/28 15:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At112.job
[2010/08/28 14:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At144.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At143.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At142.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At141.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At140.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At139.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At135.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At134.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At133.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At132.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At131.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At130.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At129.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At128.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At127.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At126.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At125.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At124.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At123.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At122.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At121.job
[2010/08/28 14:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
[2010/08/28 14:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/08/28 14:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/08/28 14:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At111.job
[2010/08/28 13:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/08/28 13:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
[2010/08/28 13:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/08/28 13:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/08/28 13:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At110.job
[2010/08/28 12:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/08/28 12:11:56 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At120.job
[2010/08/28 12:11:56 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At119.job
[2010/08/28 12:11:56 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At118.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At99.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At98.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At97.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At117.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At116.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At115.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At109.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At108.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At107.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At106.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At105.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At104.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At103.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At102.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At101.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At100.job
[2010/08/28 12:05:23 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/08/28 12:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
[2010/08/28 12:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/08/28 12:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/08/28 12:02:18 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marc\Bureau\mbam-setup.exe
[2010/08/28 12:01:13 | 000,000,383 | ---- | M] () -- C:\Documents and Settings\Marc\Bureau\scan.zip
[2010/08/28 12:00:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marc\Bureau\OTL.exe
[2010/08/28 11:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/08/28 11:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
[2010/08/28 11:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/08/28 11:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/08/28 10:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/08/28 10:20:42 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\Marc\Bureau\Explorateur Windows.lnk
[2010/08/28 10:14:34 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/28 10:14:34 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/08/28 10:14:34 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/08/28 10:14:30 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/08/28 10:10:30 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/28 10:10:24 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\McAfee AntiVirus Plus.lnk
[2010/08/28 10:10:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/28 10:10:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/28 10:09:57 | 2145,538,048 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/28 10:09:57 | 000,169,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/28 10:09:06 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Marc\ntuser.ini
[2010/08/28 10:07:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/28 10:05:34 | 001,049,474 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/28 10:05:34 | 000,500,482 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/08/28 10:05:34 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/28 10:05:34 | 000,080,508 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/08/28 10:05:34 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/28 10:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
[2010/08/28 10:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010/08/28 10:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
[2010/08/27 23:45:08 | 000,746,533 | ---- | M] () -- C:\Documents and Settings\Marc\Mes documents\Mes favoris Google Chrome 27 Aout 2010.html
[2010/08/27 23:24:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/08/27 23:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010/08/27 23:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/08/27 22:24:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/08/27 22:23:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/27 22:02:28 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/08/27 22:02:27 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2010/08/27 21:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/08/27 21:05:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/08/27 20:29:01 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/08/27 20:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/08/27 19:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/08/27 19:13:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/08/27 19:13:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/08/27 19:13:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/08/27 19:13:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/08/27 19:13:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/08/27 19:13:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/08/27 19:13:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/08/27 19:13:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/08/27 19:13:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/08/27 19:13:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/08/27 19:13:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/08/27 19:13:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/08/27 19:11:54 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/08/27 19:11:54 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/08/27 19:11:54 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/08/27 19:11:54 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/08/27 19:11:54 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/08/27 19:11:54 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/08/27 19:11:54 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/08/27 19:11:54 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/08/27 19:11:54 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/08/27 19:11:54 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/08/27 19:11:54 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/08/27 19:11:54 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/08/27 15:28:23 | 000,001,204 | ---- | M] () -- C:\Documents and Settings\Marc\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk
[2010/08/27 15:28:23 | 000,001,192 | ---- | M] () -- C:\Documents and Settings\Marc\Bureau\Antimalware Doctor.lnk
[2010/08/27 15:28:23 | 000,001,170 | ---- | M] () -- C:\Documents and Settings\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/08/27 14:32:28 | 000,194,048 | ---- | M] (ApexDC++ Development Team) -- C:\WINDOWS\Gqifaf.exe
[2010/08/27 14:32:28 | 000,194,048 | ---- | M] (ApexDC++ Development Team) -- C:\WINDOWS\Gqifae.exe
[2010/08/27 14:32:28 | 000,194,048 | ---- | M] (ApexDC++ Development Team) -- C:\WINDOWS\Gqifad.exe
[2010/08/27 14:32:28 | 000,194,048 | ---- | M] (ApexDC++ Development Team) -- C:\WINDOWS\Gqifac.exe
[2010/08/27 14:31:26 | 000,194,048 | ---- | M] (ApexDC++ Development Team) -- C:\WINDOWS\Gqifaa.exe
[2010/08/27 14:31:24 | 000,194,048 | ---- | M] (ApexDC++ Development Team) -- C:\WINDOWS\Gqifab.exe
[2010/08/27 07:51:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1788223648-725345543-1004Core.job
[2010/08/26 10:03:29 | 000,252,240 | RHS- | M] () -- C:\ntldr
[2010/08/26 09:34:29 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/08/24 12:55:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/20 16:51:33 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/20 16:51:32 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Marc\Bureau\Google Chrome.lnk
[2010/08/13 17:18:33 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/28 16:35:05 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Marc\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/08/28 16:34:57 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Marc\Bureau\NTREGOPT.lnk
[2010/08/28 16:34:57 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Marc\Bureau\ERUNT.lnk
[2010/08/28 16:31:59 | 000,000,970 | ---- | C] () -- C:\Documents and Settings\Marc\Bureau\ntregopt-loc_fr.zip
[2010/08/28 16:13:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At168.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At167.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At166.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At165.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At164.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At163.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At162.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At161.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At160.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At159.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At158.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At157.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At156.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At155.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At154.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At153.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At152.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At151.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At150.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At149.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At148.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At147.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At146.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At145.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At144.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At143.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At142.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At141.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At140.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At139.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At138.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At137.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At136.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At135.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At134.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At133.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At132.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At131.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At130.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At129.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At128.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At127.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At126.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At125.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At124.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At123.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At122.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At121.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At99.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At98.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At97.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At120.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At119.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At118.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At117.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At116.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At115.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At114.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At113.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At112.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At111.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At110.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At109.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At108.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At107.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At106.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At105.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At104.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At103.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At102.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At101.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At100.job
[2010/08/28 12:05:23 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/08/28 12:01:13 | 000,000,383 | ---- | C] () -- C:\Documents and Settings\Marc\Bureau\scan.zip
[2010/08/28 09:44:57 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At96.job
[2010/08/28 09:44:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At95.job
[2010/08/28 09:44:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
[2010/08/28 09:44:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At93.job
[2010/08/28 09:44:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At92.job
[2010/08/28 09:44:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At91.job
[2010/08/28 09:44:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At90.job
[2010/08/28 09:44:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At89.job
[2010/08/28 09:44:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At88.job
[2010/08/28 09:44:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At87.job
[2010/08/28 09:44:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At86.job
[2010/08/28 09:44:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At85.job
[2010/08/28 09:44:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At84.job
[2010/08/28 09:44:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At83.job
[2010/08/28 09:44:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At82.job
[2010/08/28 09:44:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At81.job
[2010/08/28 09:44:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At80.job
[2010/08/28 09:44:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At79.job
[2010/08/28 09:44:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At78.job
[2010/08/28 09:44:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At77.job
[2010/08/28 09:44:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At76.job
[2010/08/28 09:44:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At75.job
[2010/08/28 09:44:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At74.job
[2010/08/28 09:44:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At73.job
[2010/08/27 23:45:06 | 000,746,533 | ---- | C] () -- C:\Documents and Settings\Marc\Mes documents\Mes favoris Google Chrome 27 Aout 2010.html
[2010/08/27 22:17:25 | 006,815,744 | ---- | C] () -- C:\Documents and Settings\Marc\ntuser.dat
[2010/08/27 21:52:19 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2010/08/27 21:52:19 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2010/08/27 21:52:19 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2010/08/27 21:52:19 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2010/08/27 21:52:19 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2010/08/27 21:52:19 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2010/08/27 21:52:19 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2010/08/27 21:52:19 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2010/08/27 21:52:19 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2010/08/27 21:52:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2010/08/27 21:52:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2010/08/27 21:52:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2010/08/27 21:52:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2010/08/27 21:52:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2010/08/27 21:52:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2010/08/27 21:52:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2010/08/27 21:52:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2010/08/27 21:52:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2010/08/27 21:52:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2010/08/27 21:52:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2010/08/27 21:52:18 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2010/08/27 21:52:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2010/08/27 21:52:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2010/08/27 21:52:17 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2010/08/27 19:13:03 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/0
marcus91
 
Messages: 50
Inscription: 28 Aoû 2010, 16:44
Localisation: Essonne

Demande étude log suite à virus lançant IE intempestivement

Messagede marcus91 » 28 Aoû 2010, 17:10

... suite OTL.TXT


[2010/08/27 19:13:03 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/08/27 19:13:03 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/08/27 19:13:02 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/08/27 19:13:02 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/08/27 19:13:02 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/08/27 19:13:02 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/08/27 19:13:02 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/08/27 19:13:02 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/08/27 19:13:02 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/08/27 19:13:02 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/08/27 19:13:02 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/08/27 19:13:02 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/08/27 19:13:02 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/08/27 19:13:02 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/08/27 19:13:02 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/08/27 19:13:02 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/08/27 19:13:02 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/08/27 19:13:02 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/08/27 19:13:02 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/08/27 19:13:01 | 000,072,706 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\5F44K5ou.exe
[2010/08/27 19:13:01 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/08/27 19:13:01 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/08/27 19:13:01 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/08/27 19:13:01 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/08/27 19:12:54 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\2uGL041F.dat
[2010/08/27 19:11:54 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/08/27 19:11:54 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/08/27 19:11:53 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/08/27 19:11:53 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/08/27 19:11:53 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/08/27 19:11:53 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/08/27 19:11:53 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/08/27 19:11:53 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/08/27 19:11:53 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/08/27 19:11:53 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/08/27 19:11:53 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/08/27 19:11:53 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/08/27 19:11:53 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/08/27 19:11:53 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/08/27 19:11:53 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/08/27 19:11:53 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/08/27 19:11:53 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/08/27 19:11:53 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/08/27 19:11:53 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/08/27 19:11:52 | 000,035,840 | ---- | C] () -- C:\WINDOWS\Fonts\k62B7kcr0.com
[2010/08/27 19:11:52 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/08/27 19:11:52 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/08/27 19:11:52 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/08/27 19:11:52 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/08/27 19:11:52 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/08/27 16:16:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/27 15:21:44 | 000,001,204 | ---- | C] () -- C:\Documents and Settings\Marc\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk
[2010/08/27 15:21:44 | 000,001,192 | ---- | C] () -- C:\Documents and Settings\Marc\Bureau\Antimalware Doctor.lnk
[2010/08/27 15:21:44 | 000,001,170 | ---- | C] () -- C:\Documents and Settings\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/08/27 14:32:18 | 000,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/27 14:31:39 | 000,000,280 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/07/27 14:10:51 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009/12/09 23:56:37 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/08/27 21:47:19 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/08/27 21:47:06 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/27 21:47:04 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/27 21:47:03 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/27 21:47:03 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/05/02 13:07:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\As6e32.ini
[2009/05/02 13:07:00 | 000,000,544 | ---- | C] () -- C:\WINDOWS\Supmini.ini
[2009/05/02 13:06:57 | 000,003,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\As6eio.sys
[2009/04/14 20:02:30 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/12 18:03:22 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/20 02:56:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/20 02:54:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/10/20 02:54:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/10/18 11:02:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2004/09/22 20:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/25 14:27:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== LOP Check ==========

[2009/04/12 23:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/07/01 14:44:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/07/09 10:46:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/07/01 15:03:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2009/06/14 11:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/12/22 14:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/07/19 11:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/11 20:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/12/11 10:13:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2010/05/25 16:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Invité\Application Data\IndexEducation
[2009/09/04 12:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Invité\Application Data\OpenOffice.org
[2009/05/03 16:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Invité\Application Data\pdfforge
[2009/05/03 16:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Invité\Application Data\Search Settings
[2009/12/23 18:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Any Video Converter
[2009/11/10 00:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Applied Acoustics Systems
[2010/06/11 21:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Azureus
[2010/08/27 23:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\BF4822D78C446F035BF8F6241EBD3430
[2009/04/13 10:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Canneverbe_Limited
[2010/07/01 15:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Canon
[2010/07/09 00:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Canon Easy-WebPrint EX
[2010/07/28 11:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\DVDVideoSoft
[2009/05/15 19:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\iGetter
[2009/04/12 18:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Leadertech
[2009/06/27 15:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\OpenOffice.org
[2009/04/13 10:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\pdfforge
[2009/04/13 10:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Search Settings
[2009/10/28 10:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Sony
[2009/11/08 19:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Thunderbird
[2009/06/14 11:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\TomTom
[2010/08/27 23:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Canon Easy-WebPrint EX
[2010/08/09 23:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vincent\Application Data\Azureus
[2010/07/06 16:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vincent\Application Data\Canon
[2010/07/11 13:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vincent\Application Data\Canon Easy-WebPrint EX
[2009/12/30 23:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vincent\Application Data\HDRsoft
[2009/09/08 09:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vincent\Application Data\ImgBurn
[2009/06/27 15:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vincent\Application Data\OpenOffice.org
[2009/12/18 19:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vincent\Application Data\Opera
[2010/02/12 02:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vincent\Application Data\pdfforge
[2009/11/02 22:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vincent\Application Data\Publish Providers
[2009/05/24 17:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vincent\Application Data\Search Settings
[2009/10/23 18:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vincent\Application Data\Sony
[2009/10/07 22:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vincent\Application Data\Thunderbird
[2010/08/28 10:14:30 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/08/28 15:21:08 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/08/28 10:14:34 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/08/28 10:14:34 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/08/28 10:14:34 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/08/27 19:11:54 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/08/27 19:11:54 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At100.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At101.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At102.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At103.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At104.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At105.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At106.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At107.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At108.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At109.job
[2010/08/28 10:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/08/28 13:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At110.job
[2010/08/28 14:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At111.job
[2010/08/28 15:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At112.job
[2010/08/28 16:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At113.job
[2010/08/28 17:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At114.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At115.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At116.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At117.job
[2010/08/28 12:11:56 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At118.job
[2010/08/28 12:11:56 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At119.job
[2010/08/28 11:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/08/28 12:11:56 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At120.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At121.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At122.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At123.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At124.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At125.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At126.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At127.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At128.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At129.job
[2010/08/28 12:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At130.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At131.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At132.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At133.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At134.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At135.job
[2010/08/28 15:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At136.job
[2010/08/28 16:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At137.job
[2010/08/28 17:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At138.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At139.job
[2010/08/28 13:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At140.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At141.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At142.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At143.job
[2010/08/28 14:12:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At144.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At145.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At146.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At147.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At148.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At149.job
[2010/08/28 14:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At150.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At151.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At152.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At153.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At154.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At155.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At156.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At157.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At158.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At159.job
[2010/08/28 15:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At160.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At161.job
[2010/08/28 17:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At162.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At163.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At164.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At165.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At166.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At167.job
[2010/08/28 16:13:18 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At168.job
[2010/08/28 16:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/08/27 19:11:54 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/08/27 19:11:54 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/08/27 19:11:54 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/08/27 19:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/08/27 20:29:01 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/08/27 21:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/08/27 22:24:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/08/27 23:24:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/08/27 19:13:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2010/08/27 19:13:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2010/08/27 19:13:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010/08/27 19:13:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/08/27 19:13:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2010/08/27 19:11:54 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/08/27 19:13:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2010/08/27 19:13:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2010/08/27 19:13:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2010/08/27 19:13:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2010/08/27 19:13:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2010/08/28 10:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2010/08/28 11:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2010/08/28 12:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2010/08/28 13:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2010/08/28 14:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010/08/27 19:11:54 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/08/28 15:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2010/08/28 16:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2010/08/28 17:05:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2010/08/27 19:13:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2010/08/27 19:13:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2010/08/27 20:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2010/08/27 21:05:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2010/08/27 22:02:27 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2010/08/27 23:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2010/08/27 19:11:54 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2010/08/28 10:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2010/08/27 19:11:54 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/08/28 11:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2010/08/28 12:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
[2010/08/28 13:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2010/08/28 14:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2010/08/28 15:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2010/08/28 16:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2010/08/28 17:05:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2010/08/27 19:11:54 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/08/27 21:52:20 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2010/08/27 22:02:28 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2010/08/27 23:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At73.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At74.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At75.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At76.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At77.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At78.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At79.job
[2010/08/27 19:11:54 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At80.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At81.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At82.job
[2010/08/28 10:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At83.job
[2010/08/28 11:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At84.job
[2010/08/28 12:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At85.job
[2010/08/28 13:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At86.job
[2010/08/28 14:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At87.job
[2010/08/28 15:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At88.job
[2010/08/28 16:05:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At89.job
[2010/08/27 19:11:54 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/08/28 17:05:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At90.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At91.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At92.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At93.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At94.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At95.job
[2010/08/28 09:44:57 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At96.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At97.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At98.job
[2010/08/28 12:11:52 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At99.job
[2010/08/28 16:23:00 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/28 16:51:22 | 000,000,280 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2004/08/19 15:07:10 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/08/26 09:43:08 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/08/26 09:43:08 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2010/08/26 09:43:08 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

<MD5>
[2004/08/19 15:07:10 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/08/26 09:43:08 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/08/26 09:43:08 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/08/26 09:43:08 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

<MD5>
[2004/08/19 14:57:56 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

<MD5>
[2004/08/19 15:13:38 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\WINDOWS\dell\iastor\iastor.sys

<MD5>
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 20:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 20:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/19 15:02:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

<MD5>
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2004/08/19 15:05:20 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

<systemroot>

<systemroot>
[2010/06/24 14:17:23 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/06/24 14:17:23 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/06/24 14:17:24 | 000,192,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

<systemroot>
<End>

END
marcus91
 
Messages: 50
Inscription: 28 Aoû 2010, 16:44
Localisation: Essonne

Demande étude log suite à virus lançant IE intempestivement

Messagede marcus91 » 28 Aoû 2010, 17:15

LOG OTL EXTRAS:

OTL Extras logfile created on: 28/08/2010 17:04:21 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Marc\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 33,00% Memory free
3,00 Gb Paging File | 1,00 Gb Available in Paging File | 53,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 13,80 Gb Free Space | 14,13% Space Free | Partition Type: NTFS
Drive D: | 209,96 Gb Total Space | 6,46 Gb Free Space | 3,08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MEZZO-719C8ECD8
Current User Name: Marc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1417001333-1788223648-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}" = OpenOffice.org 3.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20207CCE-A8FA-44A7-AA3D-1E43EB307B27}" = Sony Sound Forge Audio Studio 9.0
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{64D114CE-4234-45C2-B60A-2B07D5A48F72}" = Microsoft Works 7.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.4 - Français
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"abgx360" = abgx360 v1.0.1
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Any Video Converter_is1" = Any Video Converter 2.7.6
"Ask Toolbar_is1" = Vuze Toolbar
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"EasyBanner_is1" = EasyBanner 4.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Enregistrement utilisateur de Canon MP560 series" = Enregistrement utilisateur de Canon MP560 series
"ERUNT_is1" = ERUNT 1.1j
"FLV Player1.33T" = FLV Player
"Free Image Convert and Resize_is1" = Free Image Convert and Resize version 2.0
"Google Updater" = Outil de mise à jour Google
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"iGetter_is1" = iGetter v2.5.1
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"Lounge Lizard EP-3 Demo" = Applied Acoustics Systems - Lounge Lizard EP-3 Demo v3.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSC" = McAfee AntiVirus Plus
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments FM7" = Native Instruments FM7
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PDFCreator Toolbar" = PDFCreator Toolbar
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.6
"SopCast" = SopCast 3.0.1
"TomTom HOME" = TomTom HOME 2.6.4.1641
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.17
"ViewStation AS6E" = ViewStation AS6E
"VLC media player" = VLC media player 0.9.9
"Vuze" = Vuze
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1417001333-1788223648-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/08/2010 07:38:13 | Computer Name = MEZZO-719C8ECD8 | Source = Application Error | ID = 1000
Description = Application défaillante 5F44K5ou.exe, version 0.0.0.0, module défaillant
kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x0000985e.

Error - 28/08/2010 07:44:06 | Computer Name = MEZZO-719C8ECD8 | Source = Application Error | ID = 1000
Description = Application défaillante 5F44K5ou.exe, version 0.0.0.0, module défaillant
kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x0000985e.

Error - 28/08/2010 08:09:03 | Computer Name = MEZZO-719C8ECD8 | Source = Application Error | ID = 1000
Description = Application défaillante 5F44K5ou.exe, version 0.0.0.0, module défaillant
kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x0000985e.

Error - 28/08/2010 08:22:47 | Computer Name = MEZZO-719C8ECD8 | Source = Application Error | ID = 1000
Description = Application défaillante 5f44k5ou.exe, version 0.0.0.0, module défaillant
kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x0000985e.

Error - 28/08/2010 09:06:12 | Computer Name = MEZZO-719C8ECD8 | Source = Application Error | ID = 1000
Description = Application défaillante 5F44K5ou.exe, version 0.0.0.0, module défaillant
kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x0000985e.

Error - 28/08/2010 10:22:57 | Computer Name = MEZZO-719C8ECD8 | Source = Application Error | ID = 1000
Description = Application défaillante 5F44K5ou.exe, version 0.0.0.0, module défaillant
gdi32.dll, version 5.1.2600.5698, adresse de défaillance 0x0002be44.

Error - 28/08/2010 10:25:35 | Computer Name = MEZZO-719C8ECD8 | Source = Application Error | ID = 1000
Description = Application défaillante 5F44K5ou.exe, version 0.0.0.0, module défaillant
kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x0000985e.

Error - 28/08/2010 11:15:07 | Computer Name = MEZZO-719C8ECD8 | Source = Application Error | ID = 1000
Description = Application défaillante 5F44K5ou.exe, version 0.0.0.0, module défaillant
kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x0000985e.

Error - 28/08/2010 11:16:39 | Computer Name = MEZZO-719C8ECD8 | Source = Application Error | ID = 1000
Description = Application défaillante 5F44K5ou.exe, version 0.0.0.0, module défaillant
kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x0000985e.

Error - 28/08/2010 11:22:19 | Computer Name = MEZZO-719C8ECD8 | Source = Application Error | ID = 1000
Description = Application défaillante 5F44K5ou.exe, version 0.0.0.0, module défaillant
kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x0000985e.

[ System Events ]
Error - 27/08/2010 17:45:01 | Computer Name = MEZZO-719C8ECD8 | Source = DCOM | ID = 10010
Description = Le serveur {209500FC-6B45-4693-8871-6296C4843751} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 28/08/2010 03:42:39 | Computer Name = MEZZO-719C8ECD8 | Source = Ftdisk | ID = 262189
Description = Le système n'a pas pu charger le pilote du fichier de vidage sur incident.

Error - 28/08/2010 03:42:39 | Computer Name = MEZZO-719C8ECD8 | Source = Ftdisk | ID = 262193
Description = Échec de la configuration du fichier d'échange pour le vidage sur
incident. Assurez-vous qu'un fichier d'échange est présent sur la partition d'amorçage
et
qu'il est suffisamment grand pour contenir toute la mémoire physique.

Error - 28/08/2010 03:43:40 | Computer Name = MEZZO-719C8ECD8 | Source = Service Control Manager | ID = 7023
Description = Le service Explorateur d'ordinateur s'est arrêté avec l'erreur : %%1060

Error - 28/08/2010 04:06:19 | Computer Name = MEZZO-719C8ECD8 | Source = DCOM | ID = 10010
Description = Le serveur {0002DF01-0000-0000-C000-000000000046} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 28/08/2010 04:06:23 | Computer Name = MEZZO-719C8ECD8 | Source = Service Control Manager | ID = 7034
Description = Le service Windows Installer s'est terminé de façon inattendue pour
la 1ème fois.

Error - 28/08/2010 04:10:15 | Computer Name = MEZZO-719C8ECD8 | Source = Ftdisk | ID = 262189
Description = Le système n'a pas pu charger le pilote du fichier de vidage sur incident.

Error - 28/08/2010 04:10:15 | Computer Name = MEZZO-719C8ECD8 | Source = Ftdisk | ID = 262193
Description = Échec de la configuration du fichier d'échange pour le vidage sur
incident. Assurez-vous qu'un fichier d'échange est présent sur la partition d'amorçage
et
qu'il est suffisamment grand pour contenir toute la mémoire physique.

Error - 28/08/2010 04:10:44 | Computer Name = MEZZO-719C8ECD8 | Source = Service Control Manager | ID = 7023
Description = Le service Explorateur d'ordinateur s'est arrêté avec l'erreur : %%1060

Error - 28/08/2010 05:02:54 | Computer Name = MEZZO-719C8ECD8 | Source = DCOM | ID = 10010
Description = Le serveur {0002DF01-0000-0000-C000-000000000046} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.


<End>

END
marcus91
 
Messages: 50
Inscription: 28 Aoû 2010, 16:44
Localisation: Essonne

Demande étude log suite à virus lançant IE intempestivement

Messagede marcus91 » 28 Aoû 2010, 17:16

Voila, j'espère ne rien avoir oublié.
Merci d'avance pour votre aide précieuse.

Marc.
marcus91
 
Messages: 50
Inscription: 28 Aoû 2010, 16:44
Localisation: Essonne

Messagede sergeK » 29 Aoû 2010, 01:29

Bonjour marcus91,

Apparemment tu as oublié d'intégrer le fichier scan.txt lors de la personnalisation de l'analyse OTL (étape 7).
Sauf erreur de ma part, tu dois pouvoir reprendre directement à cette étape de la procédure.

@+
sergeK
 
Messages: 171
Inscription: 20 Jan 2008, 00:20

Messagede nickW » 29 Aoû 2010, 07:13

Bonjour sergeK,

Objection Votre Honneur! :wink:

Les résultats de cette analyse sont présents, sous l'entête ========== Custom Scans ==========.

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede marcus91 » 29 Aoû 2010, 08:47

Bonjour SergeK,

Si, je me souviens bien d'avoir double cliqué dans la fenêtre personnalisation d'OTL pour intégrer le scan.txt qui est sur mon bureau.
marcus91
 
Messages: 50
Inscription: 28 Aoû 2010, 16:44
Localisation: Essonne

Messagede nickW » 29 Aoû 2010, 10:01

Bonjour marcus91,

marcus91 a écrit:bien que protégé par McAfee

Quel doux euphémisme! Image


Premiers nettoyages:

Étape 1: OTL (de OldTimer), préparation de la correction
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien

:Services
SSHNAS

:otl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
IE - HKU\S-1-5-21-1417001333-1788223648-725345543-1004\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKU\S-1-5-21-1417001333-1788223648-725345543-1004\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
O3 - HKU\S-1-5-21-1417001333-1788223648-725345543-1004\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-1417001333-1788223648-725345543-1004\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe ()
O4 - HKU\S-1-5-21-1417001333-1788223648-725345543-1004..\Run: [newsecureapp70700.exe] C:\Documents and Settings\Marc\Application Data\BF4822D78C446F035BF8F6241EBD3430\newsecureapp70700.exe File not found
O4 - HKU\S-1-5-21-1417001333-1788223648-725345543-1004..\Run: [OTGV1DNWQQ] C:\Documents and Settings\Marc\Local Settings\Temp\Gxv.exe ()
O4 - HKU\S-1-5-21-1417001333-1788223648-725345543-1004..\Run: [XBV6RD5SZF] C:\Documents and Settings\Marc\Local Settings\Temp\Gxn .exe ()
O4 - Startup: C:\Documents and Settings\Marc\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk = C:\Documents and Settings\Marc\Application Data\BF4822D78C446F035BF8F6241EBD3430\newsecureapp70700.exe File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found
O20 - Winlogon\Notify\cbssreg: DllName - C:\Documents and Settings\All Users\Documents\Settings\cbss.dll - C:\Documents and Settings\All Users\Documents\Settings\cbss.dll ()
O33 - MountPoints2\{d6a28aab-53a8-11de-90b8-00123f32f263}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found
NetSvcs: SSHNAS - C:\Documents and Settings\Marc\Local Settings\Temp\sshnas21.dll (ApexDC++ Development Team)

:Files
C:\WINDOWS\Gqifaf.exe
C:\WINDOWS\Gqifae.exe
C:\WINDOWS\Gqifad.exe
C:\WINDOWS\Gqifac.exe
C:\WINDOWS\Gqifab.exe
C:\WINDOWS\Gqifaa.exe
C:\WINDOWS\tasks\At*.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\Documents and Settings\All Users\Application Data\5F44K5ou.exe
C:\Documents and Settings\All Users\Application Data\2uGL041F.dat
C:\Documents and Settings\Marc\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk
C:\Documents and Settings\Marc\Bureau\Antimalware Doctor.lnk
C:\Documents and Settings\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
C:\Documents and Settings\Invité\Application Data\Search Settings
C:\Documents and Settings\Marc\Application Data\Search Settings
C:\Documents and Settings\vincent\Application Data\Search Settings

:Commands
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom fix.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: marcus91.
Si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 2: rkill (de Grinler), téléchargement
Remarque importante:
rkill est parfois, à tort, détecté comme nuisible. Si nécessaire, désactiver l'antivirus lors de son téléchargement.

Télécharger rkill via un clic droit suivi de Enregistrer la cible du lien sous ... depuis l'un des liens ci-dessous:

Lien 1
Lien 2
Lien 3

Enregistrer le fichier sur le Bureau.


Étape 3: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image McAfee Antivirus: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), choisir "Exit" et confirmer


Étape 4: rkill (de Grinler), exécution
Faire un double clic sur le fichier rkill téléchargé pour lancer l'outil.

Une fenêtre à fond noir va apparaître brièvement, puis disparaître.
En fin d'exécution, enregistrer le fichier rkill.log

Si rien ne se passe, ou si l'outil ne se lance pas, télécharger l'outil depuis un autre des trois liens ci-dessus et faire une nouvelle tentative d'exécution.

Si aucun des outils téléchargés depuis les trois liens ci-dessus ne semble fonctionner, télécharger une version renommée de rkill depuis iExplore.exe ou eXplorer.exe et essayer de le lancer.

Si aucun des cinq outils téléchargés ne semble fonctionner, ne pas continuer le nettoyage, et me prévenir sur le forum.

Ne pas faire redémarrer le PC.


Étape 5: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher, comme ceci:

Image

Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats":
Image


Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection": Image

Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Un dysfonctionnement des serveurs de free et/ou du forum m'empêche d'envoyer de "gros" messages. La suite est donc dans le message suivant.
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 22 invités

cron