Assiste.Forums

[la fourme]

a chaque démarrage l installation du Logiciel "AI project updater seting " se lance

Rapport malwarebytes


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Version de la base de données: 6805

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08/06/2011 19:39:19
mbam-log-2011-06-08 (19-39-13).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 171989
Temps écoulé: 8 minute(s), 39 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\messenger.exe (Trojan.Downloader) -> Value: messenger.exe -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\program files\common files\microsoft shared\web components\messenger.exe (Trojan.Downloader) -> No action taken.
c:\messenger.exe (Trojan.Downloader) -> No action taken.
c:\WINDOWS\system32\tftp.exe (Trojan.Agent.Gen) -> No action taken.
c:\documents and settings\administrateur\local settings\Temp\svchost.exe (Trojan.Agent) -> No action taken.

[la fourme]

OTL logfile created on: 08/06/2011 19:42:25 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1021.99 Mb Total Physical Memory | 459.54 Mb Available Physical Memory | 44.96% Memory free
2.41 Gb Paging File | 1.86 Gb Available in Paging File | 77.22% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.28 Gb Total Space | 2.60 Gb Free Space | 6.79% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 365.26 Gb Free Space | 78.42% Space Free | Partition Type: NTFS
Drive E: | 74.53 Gb Total Space | 70.20 Gb Free Space | 94.19% Space Free | Partition Type: NTFS

Computer Name: MAISON | User Name: Administrateur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/08 19:05:47 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
PRC - [2011/06/06 07:28:58 | 001,011,768 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/27 17:29:50 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/01 18:01:07 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/08/17 14:38:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 23:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/19 04:19:12 | 000,128,352 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2006/11/17 14:40:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 14:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2002/05/27 21:40:32 | 000,119,808 | ---- | M] () -- C:\Program Files\Volkey\Volkey.exe
PRC - [2002/01/29 14:33:14 | 000,077,824 | ---- | M] () -- C:\Program Files\Fichiers communs\EPSON\eEBAPI\eEBSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/06/08 19:05:47 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
MOD - [2011/01/11 10:59:44 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
MOD - [2011/01/11 10:59:44 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll
MOD - [2011/01/11 10:59:44 | 000,159,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_65b7a93a\atl90.dll
MOD - [2011/01/11 04:27:10 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
MOD - [2010/09/22 19:12:42 | 000,378,264 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.dll
MOD - [2010/08/23 18:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/03/25 11:25:22 | 004,222,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
MOD - [2010/03/25 04:45:44 | 008,935,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\1036\GrooveIntlResource.dll
MOD - [2010/01/30 03:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/02/27 16:37:16 | 000,311,296 | ---- | M] () -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.FRA
MOD - [2008/01/12 16:23:58 | 000,172,032 | ---- | M] (Illustrate) -- C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 17:29:50 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/01 18:01:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/08 20:13:34 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006/11/17 14:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2002/01/29 14:33:14 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Program Files\Fichiers communs\EPSON\eEBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/01 18:01:07 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/15 19:24:11 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 16:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 16:27:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/09/26 16:44:19 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/11/03 13:02:59 | 000,010,336 | ---- | M] (SurfRight) [Kernel | On_Demand | Stopped] -- C:\Program Files\Hitman Pro\hitmanpro2.sys -- (hitmanpro2)
DRV - [2004/01/21 03:14:46 | 000,005,915 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2004/01/21 03:14:42 | 000,271,360 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) Labtec WebCam Pro(PID_08A0)
DRV - [2003/09/20 09:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/08/04 14:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2001/08/17 22:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-117609710-2052111302-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-117609710-2052111302-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-117609710-2052111302-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-117609710-2052111302-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-117609710-2052111302-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-117609710-2052111302-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA 44 95 A8 84 F4 CB 01 [binary data]
IE - HKU\S-1-5-21-117609710-2052111302-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-117609710-2052111302-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.1:80

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/06/16 10:13:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/14 19:43:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/14 19:43:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/01 00:29:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/03/26 09:47:42 | 000,000,000 | ---D | M]

[2010/09/13 18:47:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions
[2010/09/13 18:47:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/04/09 15:41:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/04/07 17:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/28 23:24:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\isy229c1.default\extensions
[2010/07/23 10:25:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\isy229c1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/28 23:24:11 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\isy229c1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/04/14 19:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/21 20:06:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/03/18 19:58:47 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/04/21 20:06:13 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 10:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/01 10:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/01/01 10:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/01/01 10:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2007/12/16 20:51:50 | 000,004,158 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 bin.errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.systemdoctor.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winantispyware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.windrivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 dynamique.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 es.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winfixer.com ## added by CiD
O1 - Hosts: 46 more lines...
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (Microsoft Corporation)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-117609710-2052111302-1177238915-500\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKU\S-1-5-21-117609710-2052111302-1177238915-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-117609710-2052111302-1177238915-500\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [messenger.exe] C:\Program Files\Common Files\Microsoft Shared\Web Components\messenger.exe ((c) AI Project corporation)
O4 - HKLM..\Run: [VOLKEY] C:\Program Files\Volkey\Volkey.exe ()
O4 - HKU\S-1-5-21-117609710-2052111302-1177238915-500..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-117609710-2052111302-1177238915-500..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-117609710-2052111302-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O8 - Extra context menu item: &Envoyer à OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Ajouter au fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} https://static.impots.gouv.fr/tdir/stat ... DP-1.1.cab (AdSignerLCContrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/Mi ... b56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (morqxa.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2007/06/15 20:07:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{215832e4-5e51-11dc-9055-000d5613ddff}\Shell\Auto\command - "" = F:\AdobeR.exe e
O33 - MountPoints2\{215832e4-5e51-11dc-9055-000d5613ddff}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
O33 - MountPoints2\{228e1295-43cb-11df-b35e-000d5613ddff}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe
O33 - MountPoints2\{c7aa7241-2eb8-11dc-9015-0001021c61ca}\Shell - "" = AutoRun
O33 - MountPoints2\{c7aa7241-2eb8-11dc-9015-0001021c61ca}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\{c9a17d18-7bed-11dd-ab71-000d5613ddff}\Shell\Auto\command - "" = G:\AdobeR.exe e
O33 - MountPoints2\{c9a17d18-7bed-11dd-ab71-000d5613ddff}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
O33 - MountPoints2\{dbb0342d-77f8-11dc-907c-000d5613ddff}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{dbb0342d-77f8-11dc-907c-000d5613ddff}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011/06/08 19:15:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/08 19:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ERUNT
[2011/06/08 19:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/06/08 19:05:42 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2011/06/08 07:37:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2011/06/07 19:37:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Runtime Software
[2011/06/07 19:20:32 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2011/06/07 19:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/06/01 22:28:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Google Earth
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/08 19:45:02 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/06/08 19:43:03 | 000,001,184 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-2052111302-1177238915-500UA.job
[2011/06/08 19:28:00 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/08 19:13:51 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2011/06/08 19:13:49 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\NTREGOPT.lnk
[2011/06/08 19:13:49 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\ERUNT.lnk
[2011/06/08 19:05:47 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2011/06/08 19:00:00 | 000,000,298 | -H-- | M] () -- C:\WINDOWS\tasks\B17DCD2493B24B04.job
[2011/06/08 15:28:01 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/08 14:37:21 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/08 08:43:01 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-2052111302-1177238915-500Core.job
[2011/06/08 08:00:00 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\kavhqmsd.job
[2011/06/08 07:37:57 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/08 07:29:43 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/06/08 07:28:43 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/06/08 07:28:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/08 07:28:08 | 1071,702,016 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/07 07:39:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/05 20:17:25 | 000,000,146 | ---- | M] () -- C:\WINDOWS\CARTES.INI
[2011/06/05 12:46:33 | 000,987,603 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\243.JPG
[2011/06/05 12:40:03 | 001,384,868 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\scooter.jpg
[2011/06/05 01:48:50 | 000,000,186 | ---- | M] () -- C:\WINDOWS\funsol.ini
[2011/06/03 15:25:07 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/26 13:45:23 | 000,964,241 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\facture tv sony.pdf
[2011/05/22 13:26:50 | 059,511,683 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\GTPA_NEW_all.pdf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/08 19:45:02 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/06/08 19:13:51 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2011/06/08 19:13:49 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\NTREGOPT.lnk
[2011/06/08 19:13:49 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\ERUNT.lnk
[2011/06/05 12:47:34 | 001,384,868 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\scooter.jpg
[2011/06/05 12:42:09 | 000,987,603 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\243.JPG
[2011/05/26 13:45:19 | 000,964,241 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\facture tv sony.pdf
[2011/05/22 13:26:47 | 059,511,683 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\GTPA_NEW_all.pdf
[2010/10/31 17:14:31 | 000,003,012 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp WavPack Codec.dat
[2010/10/31 17:07:46 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\system.dat
[2010/10/31 17:06:48 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv6628p5now.sys
[2010/04/15 18:32:19 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/04/15 18:32:18 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/04/15 18:32:10 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/11 00:07:31 | 000,003,107 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
[2010/04/10 20:28:57 | 000,003,018 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2010/03/29 18:44:37 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2010/02/12 13:56:34 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\StarOpen.sys
[2009/12/15 21:50:25 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2009/07/14 22:36:34 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/07/14 13:53:22 | 000,000,091 | ---- | C] () -- C:\WINDOWS\System32\geyekrqkixayab.dat
[2009/07/14 13:42:58 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\geyekrupkrocqn.sys
[2009/07/14 13:42:58 | 000,004,054 | ---- | C] () -- C:\WINDOWS\System32\geyekrbgknfqlr.dat
[2009/06/07 20:51:09 | 000,004,143 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xqkcebzs.dik
[2009/03/30 18:16:58 | 000,002,564 | ---- | C] () -- C:\WINDOWS\Labocode.INI
[2009/03/02 08:33:09 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/01/11 18:45:15 | 000,000,143 | -H-- | C] () -- C:\Documents and Settings\Administrateur\Application Data\lakerda1967.sys
[2009/01/11 18:44:44 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\docXConverter (3).ini
[2008/12/21 14:00:33 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2008/09/26 16:45:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/09/26 16:18:18 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/08/28 14:06:52 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/08/28 14:06:52 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/28 21:15:23 | 000,015,397 | ---- | C] () -- C:\Program Files\settings.dat
[2008/07/08 18:20:23 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\$_hpcst$.hpc
[2008/04/12 13:45:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/04/03 10:06:39 | 000,225,280 | ---- | C] () -- C:\WINDOWS\OptChecker.exe
[2008/02/03 22:42:56 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/02/02 20:54:48 | 000,003,283 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Musepack Codec.dat
[2008/01/12 16:33:09 | 000,003,625 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2008/01/12 16:24:24 | 000,012,896 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2007/12/31 17:01:21 | 000,003,061 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2007/12/28 19:19:41 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2007/12/21 16:08:24 | 000,001,378 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat
[2007/12/21 16:07:50 | 000,002,180 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat
[2007/12/21 16:06:03 | 000,003,365 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2007/10/27 10:27:32 | 000,000,732 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2007/09/01 12:56:34 | 000,054,960 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP.dat
[2007/09/01 12:56:33 | 000,440,496 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2007/07/21 18:26:47 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/08 13:08:09 | 000,000,045 | -H-- | C] () -- C:\WINDOWS\dsez5214.dat
[2007/07/02 11:28:21 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/27 18:52:04 | 000,002,036 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/06/17 19:17:44 | 000,000,186 | ---- | C] () -- C:\WINDOWS\funsol.ini
[2007/06/17 19:06:46 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/17 11:36:44 | 000,000,146 | ---- | C] () -- C:\WINDOWS\CARTES.INI
[2007/06/16 10:35:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/06/16 10:16:06 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/16 10:01:54 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2007/06/16 10:01:54 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2007/06/16 10:01:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2007/06/16 10:00:13 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2007/06/16 09:52:31 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fusioncache.dat
[2007/06/15 21:58:39 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\hpgt33.dll
[2007/06/15 21:54:40 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/06/15 21:53:14 | 002,155,432 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/06/15 21:15:27 | 000,017,191 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/06/15 20:10:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/06/15 20:03:05 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 17:23:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/08/07 15:01:52 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/04/18 19:06:26 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SRVANY.EXE
[2003/02/11 08:58:50 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2001/08/28 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/28 14:00:00 | 000,513,844 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2001/08/28 14:00:00 | 000,444,774 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/28 14:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2001/08/28 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/28 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/28 14:00:00 | 000,172,095 | ---- | C] () -- C:\WINDOWS\System32\preinstall.exe
[2001/08/28 14:00:00 | 000,086,184 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2001/08/28 14:00:00 | 000,072,650 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/28 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/28 14:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2001/08/28 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/28 14:00:00 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\tftp.exe
[2001/08/28 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/08/23 15:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 15:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1998/01/25 06:58:12 | 000,079,632 | ---- | C] () -- C:\WINDOWS\System32\NTNETDOM.EXE
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1997/03/20 07:01:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\CABARC.EXE

========== LOP Check ==========

[2011/04/17 13:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\AdSigner
[2011/03/25 14:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Amazon
[2007/12/28 18:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\BSD
[2007/12/28 18:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\BSDh9
[2009/05/30 17:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Canon
[2010/03/29 17:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\com.adobe.ExMan
[2011/01/27 08:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Copernic
[2008/02/17 23:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\dBpoweramp
[2008/12/28 17:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\DisplayTune
[2010/06/20 19:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Facebook
[2010/08/13 18:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\GlarySoft
[2009/01/11 14:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\InfraRecorder
[2008/01/25 12:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\mathijs.jurresip.nl
[2010/12/24 16:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mp3tag
[2007/06/15 22:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\MSNInstaller
[2008/12/21 16:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\PCToolsFirewallPlus
[2010/08/13 18:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Samsung
[2009/06/20 14:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\SharePod
[2010/09/13 18:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Thunderbird
[2010/04/09 15:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\TomTom
[2010/12/02 19:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\TreeCardGames
[2011/06/08 07:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\uTorrent
[2010/12/03 22:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Vso
[2009/06/20 14:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\WindSolutions
[2011/05/08 11:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\XBMC
[2009/06/07 20:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Xilisoft Corporation
[2007/12/28 18:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BSD
[2009/01/11 22:11:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/01/11 22:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2009/02/08 18:54:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2009/12/15 21:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2007/12/28 19:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2007/09/15 11:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/06/07 20:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Micro Application
[2008/12/21 14:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2008/12/22 20:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/09 15:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/02/18 13:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
[2011/06/08 19:00:00 | 000,000,298 | -H-- | M] () -- C:\WINDOWS\Tasks\B17DCD2493B24B04.job
[2011/06/08 07:28:43 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2011/06/08 08:00:00 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\kavhqmsd.job
[2011/06/08 07:29:43 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2011/05/04 17:55:04 | 000,093,761 | ---- | M] ((c) AI Project corporation) -- C:\messenger.exe


< MD5 for: AGP440.SYS >
[2004/08/19 17:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/18 10:16:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/18 10:16:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/19 17:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/18 10:16:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/18 10:16:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CTFMON.EXE >
[2008/04/14 04:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[2008/04/14 04:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe
[2004/08/19 17:09:52 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=64E41E8FEE655B03E3F19DED21BA5118 -- C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe

< MD5 for: EVENTLOG.DLL >
[2004/08/19 17:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2004/08/19 17:09:54 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007/06/13 15:10:53 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=B795475444D6D57A572C14B9E1A29839 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 15:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/19 17:09:38 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/19 17:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/19 17:10:04 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/19 17:10:06 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

[la fourme]

OTL Extras logfile created on: 08/06/2011 19:42:25 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1021.99 Mb Total Physical Memory | 459.54 Mb Available Physical Memory | 44.96% Memory free
2.41 Gb Paging File | 1.86 Gb Available in Paging File | 77.22% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.28 Gb Total Space | 2.60 Gb Free Space | 6.79% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 365.26 Gb Free Space | 78.42% Space Free | Partition Type: NTFS
Drive E: | 74.53 Gb Total Space | 70.20 Gb Free Space | 94.19% Space Free | Partition Type: NTFS

Computer Name: MAISON | User Name: Administrateur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-117609710-2052111302-1177238915-500\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Domotix\Domotix.exe" = C:\Program Files\Domotix\Domotix.exe:*:Enabled:
"C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe" = C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner
"E:\Telechargements\LimeWire\LimeWire.exe" = E:\Telechargements\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" = C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" = C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE:*:Enabled:Canon IJ Network Scan Utility -- (CANON INC.)
"C:\Program Files\Canon\Canon IJ Network Tool\CNMNPUT.EXE" = C:\Program Files\Canon\Canon IJ Network Tool\CNMNPUT.EXE:*:Enabled:Canon IJ Network Tool -- (CANON INC.)
"E:\04.Telechargements\LimeWire\LimeWire.exe" = E:\04.Telechargements\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)
"C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"E:\EMULE\emule.exe" = E:\EMULE\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E}" = Adobe Flash Video Encoder
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{21C4D775-368A-46C4-8DC3-4207165B7115}" = Adobe Fireworks CS3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.0.1.11
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4BDB76C6-902E-41D5-9064-68768E02886B}" = Adobe Dreamweaver CS3
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58E653BE-BD68-4D68-BB2E-3AE1B925AAD0}" = Labtec WebCam
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69B6B4A5-1C4D-4F16-BB11-A4EB9A439116}" = Adobe Creative Suite 3 Web Premium
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6E08CE13-C2AB-4749-9335-5900B958929E}" = Adobe Illustrator CS3
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80FD3971-8482-49C8-BA8C-B6464A15882F}" = Adobe Flash CS3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90140000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 14
"{90140000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2010
"{90140000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2010
"{90140000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2010
"{90140000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2010
"{90140000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2010
"{90140000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2010
"{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2010
"{90140000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2010
"{90140000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2010
"{90140000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2010
"{90140000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2010
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9051040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9763E36A-08E9-4228-BBCE-12989A4EB1A8}" = QuickTime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B77AF57-F7B2-488F-8B75-1DDDCC447545}_is1" = Hitman Pro
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.3 - Français
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B23B4682-6CD4-4E08-BBD0-498CC5B90E00}" = Hofmann 7.6
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE136F60-5D0F-4663-8B32-938A3EFD3FCB}" = Adobe Setup
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C06EFB22-B5DB-46C5-9215-BCB5C19C0858}" = LauncherMA
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1FA4B3B-1625-4922-9C9D-780E8FCE161A}" = Adobe Photoshop CS3
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}" = Windows Live Contrôle parental
"{DC67641A-05C4-4FED-A462-1EB1DC6CF2F5}" = ArcSoft Software Suite
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar
"{F84ADE4E-9220-4324-994D-801EDD9DD251}" = Adobe Contribute CS3
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"123 Free Solitaire_is1" = 123 Free Solitaire 2009 v7.2
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_e7f691c6f2bf7b70c25ea19f3d73b6e" = Ajouter ou supprimer Adobe Creative Suite 3 Web Premium
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Ad-Remover" = Ad-Remover By C_XX
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BShooter4_is1" = Bubble Shooter v4.05
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CCleaner" = CCleaner
"Clavier+_is1" = Clavier+ 10.6.1
"CobBackup10" = Cobian Backup 10
"dBpowerAMP" = dBpowerAMP
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
"dBpoweramp Musepack Codec" = dBpoweramp Musepack Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"dBpoweramp WavPack Codec" = dBpoweramp WavPack Codec
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"dBpowerAMP WMA V9 Codec" = dBpowerAMP WMA V9 Codec
"dBpowerAMP WMA V9.1 Codec" = dBpowerAMP WMA V9.1 Codec
"E.M. PowerPoint Video Converter_is1" = E.M. PowerPoint Video Converter 2.90
"eMule" = eMule
"Enregistrement utilisateur de Canon MP620 series" = Enregistrement utilisateur de Canon MP620 series
"EPSON Imprimante et utilitaires" = EPSON Logiciel imprimante
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"EpsonNet WinAssist" = EpsonNet WinAssist
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FastStone Image Viewer" = FastStone Image Viewer 3.9
"FindThatFont!" = FindThatFont! 1.0
"FreeFileSync" = FreeFileSync
"Glary Utilities_is1" = Glary Utilities 2.26.0.956
"Google Desktop" = Google Desktop
"Google Updater" = Outil de mise à jour Google
"Heredis 8" = Heredis 8
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InfraRecorder" = InfraRecorder
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Full)
"LabtecDrv" = Programme de gestion Camera de Logitech®
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0 (x86 fr)" = Mozilla Firefox 4.0 (x86 fr)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Mp3tag" = Mp3tag v2.47b
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Toolbar" = Barre d'outils MSN
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.PROPLUSR" = Microsoft Office Professionnel Plus 2010
"PDFCreator Toolbar" = PDFCreator Toolbar
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RADVideo" = RAD Video Tools
"Recovery Toolbox for RAR_is1" = Recovery Toolbox for RAR 1.1
"Recuva" = Recuva
"RocketDock_is1" = RocketDock 1.3.5
"ST5UNST #1" = FMC FileRenamer
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VideoLAN VLC media player 0.8.5-freehd
"Volkey_is1" = Volkey
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Logiciel d'archivage WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-117609710-2052111302-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"RadioSure" = RadioSure
"WPanorama" = WPanorama
"XBMC" = XBMC

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/05/2011 01:02:27 | Computer Name = MAISON | Source = ESENT | ID = 490
Description = svchost (1276) Une tentative d'ouverture du fichier "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
pour accès en lecture/écriture a échoué en indiquant l'erreur système 32 (0x00000020)
: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un
autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur
-1032 (0xfffffbf8).

Error - 06/05/2011 05:07:52 | Computer Name = MAISON | Source = Application Hang | ID = 1002
Description = Application bloquée XBMC.exe, version 10.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 07/05/2011 06:23:50 | Computer Name = MAISON | Source = Application Hang | ID = 1002
Description = Application bloquée XBMC.exe, version 10.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 12/05/2011 04:19:28 | Computer Name = MAISON | Source = ESENT | ID = 490
Description = svchost (1240) Une tentative d'ouverture du fichier "C:\WINDOWS\system32\CatRoot2\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\catdb"
pour accès en lecture/écriture a échoué en indiquant l'erreur système 32 (0x00000020)
: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un
autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur
-1032 (0xfffffbf8).

Error - 22/05/2011 05:23:45 | Computer Name = MAISON | Source = Application Hang | ID = 1002
Description = Application bloquée AcroRd32.exe, version 9.4.2.220, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 22/05/2011 07:23:59 | Computer Name = MAISON | Source = Application Hang | ID = 1002
Description = Application bloquée AcroRd32.exe, version 9.4.2.220, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 29/05/2011 13:03:46 | Computer Name = MAISON | Source = ESENT | ID = 490
Description = svchost (1240) Une tentative d'ouverture du fichier "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
pour accès en lecture/écriture a échoué en indiquant l'erreur système 32 (0x00000020)
: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un
autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur
-1032 (0xfffffbf8).

Error - 03/06/2011 08:54:21 | Computer Name = MAISON | Source = Application Error | ID = 1000
Description = Application défaillante acrobat.exe, version 8.1.0.137, module défaillant
checkers.api, version 8.1.0.137, adresse de défaillance 0x000021a2.

Error - 03/06/2011 09:40:59 | Computer Name = MAISON | Source = Application Error | ID = 1000
Description = Application défaillante acrobat.exe, version 8.1.0.137, module défaillant
checkers.api, version 8.1.0.137, adresse de défaillance 0x000021a2.

Error - 08/06/2011 01:31:20 | Computer Name = MAISON | Source = Application Hang | ID = 1002
Description = Application bloquée messenger.exe, version 6.5.4.7, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

[ System Events ]
Error - 04/06/2011 04:29:02 | Computer Name = MAISON | Source = ipnathlp | ID = 30013
Description = L'allocateur DHCP s'est désactivé sur l'adresse IP 192.168.1.24, car
l'adresse IP est en dehors de l'étendue 192.168.0.0/255.255.255.0 à partir de laquelle
les adresses sont allouées aux clients DHCP. Pour activer l'allocateur sur cette
adresse IP, modifiez l'étendue pour y intégrer l'adresse IP,, ou modifiez l'adresse
IP pour qu'elle puisse faire partie de l'étendue.

Error - 04/06/2011 04:29:19 | Computer Name = MAISON | Source = DCOM | ID = 10010
Description = Le serveur {4EB61BAC-A3B6-4760-9581-655041EF4D69} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 05/06/2011 05:35:01 | Computer Name = MAISON | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : kl1

Error - 05/06/2011 05:35:15 | Computer Name = MAISON | Source = ipnathlp | ID = 30013
Description = L'allocateur DHCP s'est désactivé sur l'adresse IP 192.168.1.24, car
l'adresse IP est en dehors de l'étendue 192.168.0.0/255.255.255.0 à partir de laquelle
les adresses sont allouées aux clients DHCP. Pour activer l'allocateur sur cette
adresse IP, modifiez l'étendue pour y intégrer l'adresse IP,, ou modifiez l'adresse
IP pour qu'elle puisse faire partie de l'étendue.

Error - 06/06/2011 01:05:43 | Computer Name = MAISON | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : kl1

Error - 06/06/2011 01:06:03 | Computer Name = MAISON | Source = ipnathlp | ID = 30013
Description = L'allocateur DHCP s'est désactivé sur l'adresse IP 192.168.1.24, car
l'adresse IP est en dehors de l'étendue 192.168.0.0/255.255.255.0 à partir de laquelle
les adresses sont allouées aux clients DHCP. Pour activer l'allocateur sur cette
adresse IP, modifiez l'étendue pour y intégrer l'adresse IP,, ou modifiez l'adresse
IP pour qu'elle puisse faire partie de l'étendue.

Error - 07/06/2011 01:40:13 | Computer Name = MAISON | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : kl1

Error - 07/06/2011 01:40:32 | Computer Name = MAISON | Source = ipnathlp | ID = 30013
Description = L'allocateur DHCP s'est désactivé sur l'adresse IP 192.168.1.24, car
l'adresse IP est en dehors de l'étendue 192.168.0.0/255.255.255.0 à partir de laquelle
les adresses sont allouées aux clients DHCP. Pour activer l'allocateur sur cette
adresse IP, modifiez l'étendue pour y intégrer l'adresse IP,, ou modifiez l'adresse
IP pour qu'elle puisse faire partie de l'étendue.

Error - 08/06/2011 01:29:26 | Computer Name = MAISON | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : kl1

Error - 08/06/2011 01:29:50 | Computer Name = MAISON | Source = ipnathlp | ID = 30013
Description = L'allocateur DHCP s'est désactivé sur l'adresse IP 192.168.1.24, car
l'adresse IP est en dehors de l'étendue 192.168.0.0/255.255.255.0 à partir de laquelle
les adresses sont allouées aux clients DHCP. Pour activer l'allocateur sur cette
adresse IP, modifiez l'étendue pour y intégrer l'adresse IP,, ou modifiez l'adresse
IP pour qu'elle puisse faire partie de l'étendue.


< End of report >

[nickW]

Bonsoir,

Il reste des traces de McAfee. L'as-tu désinstallé?

Il reste des traces de Kaspersky Anti-Virus. L'as-tu désinstallé?


Nouvelles analyses:

Étape 1: Lop S&D (de Angeldark et Eric71)
Télécharger Lop S&D via un clic droit sur le lien ci-dessous:
http://sites.google.com/site/eric71mespages/LopSD.exe
Enregistrer ce fichier sur le Bureau.


Étape 2: Gmer, téléchargement
Télécharger le programme exécutable (fichier .exe) depuis la page http://www.gmer.net/#files
Cliquer sur le bouton Download EXE.
Enregistrer le fichier à la racine du disque système (généralement C: ) en notant son nom (qui est aléatoire).


Étape 3: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"


Étape 4: Gmer, exécution

Fermer absolument toutes les applications, les connexions et les navigateurs.

Faire un double clic sur le fichier au nom aléatoire téléchargé précédemment.

Attendre quelques instants le chargement du pilote et les premières recherches.

Si l'outil affiche un message "WARNING !!! GMER has found system modification ... Do You want to fully scan your system ?", cliquer sur NO.

Vérifier que toutes les cases de la colonne de droite sont cochées sauf
Sections
les lecteurs autres que C:\
"Show all"

comme ceci:


puis cliquer sur le bouton Scan.

Attendre sans rien faire d'autre (... c'est un peu long...).
Les clés de Registre & fichiers analysés s'affichent en bas de la fenêtre.

Lorsque l'outil a terminé (il n'y a plus de défilement en bas de la fenêtre), cliquer sur le bouton Save ....

Une fenêtre du Bloc-notes va s'ouvrir, contenant le fichier rapport.
Note: Dans le Bloc-notes, vérifier dans le menu Format que l'option "Retour automatique à la ligne" n'est pas cochée.
Enregistrer ce fichier sur le Bureau sous le nom gmer-110609.txt.
Fermer la fenêtre Gmer (clic sur OK).


Étape 5: Lop S&D (de Angeldark et Eric71), Recherche
Faire un double clic sur LopSD.exe pour lancer l'exécution de l'outil.

Choisir la langue en tapant F puis en appuyant sur Entrée.
Lire l'avertissement, puis cliquer sur OK.

Après l'affichage du menu, taper 1 puis faire Entrée pour rechercher les fichiers responsables de l'infection.
Lorsque la recherche est terminée, une fenêtre du Bloc-notes s'ouvre et affiche le rapport (alias log).

Fermer le Bloc-notes, ce qui termine l'exécution de l'outil.

Note:
Si le Bureau ne réapparaît pas, ouvrir le Gestionnaire des tâches en utilisant simultanément les touches CTRL+ALT+SUPP.
Cliquer en haut sur le Menu Fichier et choisir Nouvelle tâche (Exécuter...).
Dans la nouvelle fenêtre Créer une nouvelle tâche qui s'est ouverte, dans la zone Ouvrir, taper exactement explorer puis cliquer sur le bouton OK. Le Bureau va réapparaître.


Étape 6: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 7: Résultats
Envoyer en réponse:
*- le rapport de Lop S&D (contenu du fichier %SystemDrive%\lopR.txt)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

Envoyer en réponse:
*- le rapport de Gmer (contenu du fichier gmer-110609.txt)<----ce rapport est parfois très long; vérifier qu'il est complet; si nécessaire le découper en plusieurs messages -- en utilisant toujours le bouton Répondre.


Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
pour continuer dans ce fil de discussion.

A suivre,

[la fourme]

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.00GHz )
BIOS : Default System BIOS
USER : Administrateur ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 10.0.1.58 (Activated)
C:\ (Local Disk) - NTFS - Total:38 Go (Free:2 Go)
D:\ (Local Disk) - NTFS - Total:465 Go (Free:365 Go)
E:\ (Local Disk) - NTFS - Total:74 Go (Free:70 Go)
F:\ (CD or DVD)
H:\ (CD or DVD)
I:\ (CD or DVD)
J:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 11/06/2011| 8:28 )

--------------------\\ Listing des dossiers dans APPLIC~1

[17/02/2008|23:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\AccurateRip
[05/06/2011|12:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[17/04/2011|13:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\AdSigner
[05/03/2009|23:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
[25/03/2011|14:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Amazon
[30/07/2007|22:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[26/12/2007|20:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\ArcSoft
[09/12/2010|20:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\Avira
[28/12/2007|18:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\BSD
[28/12/2007|18:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\BSDh9
[30/05/2009|17:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\Canon
[29/03/2010|17:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\com.adobe.ExMan
[27/01/2011|08:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Copernic
[17/02/2008|23:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\dBpoweramp
[28/12/2008|17:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\DisplayTune
[05/06/2008|13:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\dvdcss
[20/06/2010|19:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\Facebook
[08/10/2009|19:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\FastStone
[13/08/2010|18:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\GlarySoft
[17/06/2007|12:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
[19/06/2007|20:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
[15/06/2007|20:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[11/01/2009|14:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\InfraRecorder
[15/02/2010|21:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[14/01/2009|08:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[25/01/2008|12:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\mathijs.jurresip.nl
[16/04/2010|09:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
[16/01/2011|17:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[02/08/2008|14:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[24/12/2010|16:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mp3tag
[15/06/2007|22:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\MSNInstaller
[21/12/2008|16:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\PCToolsFirewallPlus
[13/08/2010|18:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Samsung
[20/06/2009|14:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\SharePod
[04/08/2008|22:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype
[04/08/2008|18:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\skypePM
[25/07/2007|18:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[16/06/2007|10:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
[13/09/2010|18:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\Thunderbird
[09/04/2010|15:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\TomTom
[02/12/2010|19:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\TreeCardGames
[28/09/2007|18:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\U3
[11/06/2011|08:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\uTorrent
[19/06/2007|20:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
[03/12/2010|22:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\Vso
[20/06/2009|14:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\WindSolutions
[01/03/2010|20:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR
[08/05/2011|11:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\XBMC
[07/06/2009|20:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\Xilisoft Corporation

[21/06/2010|07:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[14/07/2009|17:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[29/03/2010|19:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ALM
[30/07/2007|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[30/07/2007|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[02/05/2009|09:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[28/12/2007|18:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BSD
[11/01/2009|22:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[11/01/2009|22:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonIJ
[08/02/2009|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonIJScan
[08/03/2010|23:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[13/02/2009|22:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[10/06/2011|16:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[15/12/2009|21:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hitman Pro
[28/12/2007|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[14/01/2009|08:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[14/04/2009|09:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[15/09/2007|11:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[07/06/2009|20:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Micro Application
[08/12/2010|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[15/04/2011|23:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[16/06/2007|10:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla
[21/12/2008|14:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
[16/02/2010|01:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Norton
[16/02/2010|00:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NortonInstaller
[03/02/2008|22:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[17/02/2010|18:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sun
[16/02/2010|00:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[22/12/2008|20:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[09/04/2010|15:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
[15/06/2007|23:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[18/02/2010|13:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[09/03/2008|12:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[02/12/2007|01:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[19/06/2008|11:16] C:\DOCUME~1\INVIT~1\APPLIC~1\Adobe
[19/06/2008|10:30] C:\DOCUME~1\INVIT~1\APPLIC~1\Google
[25/04/2008|23:41] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities
[19/06/2008|10:31] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia
[19/06/2008|10:30] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft
[19/06/2008|10:50] C:\DOCUME~1\INVIT~1\APPLIC~1\Mozilla
[19/06/2008|10:50] C:\DOCUME~1\INVIT~1\APPLIC~1\Talkback

[15/06/2007|20:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[15/06/2007|20:07] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[11/06/2011 08:22][--a------] C:\WINDOWS\tasks\GlaryInitialize.job
[11/06/2011 08:28][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[11/06/2011 08:22][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[10/06/2011 23:43][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-2052111302-1177238915-500UA.job
[10/06/2011 08:43][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-2052111302-1177238915-500Core.job
[11/06/2011 08:23][--a------] C:\WINDOWS\tasks\WGASetup.job
[11/06/2011 08:22][--a------] C:\WINDOWS\tasks\Google Software Updater.job
[11/06/2011 08:22][--a------] C:\WINDOWS\tasks\kavhqmsd.job
[10/06/2011 23:00][--ah-----] C:\WINDOWS\tasks\B17DCD2493B24B04.job
[11/06/2011 08:22][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( B17DCD2493B24B04.job )=( c:\docume~1\admini~1\applic~1\dvdcity\downloadplatformexit.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[02/12/2010|19:49] C:\Program Files\123 Free Solitaire
[16/06/2007|20:39] C:\Program Files\Absolutist.com
[10/01/2011|20:34] C:\Program Files\Adobe
[02/07/2007|07:17] C:\Program Files\Ahead
[25/03/2011|14:22] C:\Program Files\Amazon
[26/12/2007|19:56] C:\Program Files\ArcSoft
[27/01/2009|08:25] C:\Program Files\Audacity
[09/09/2009|18:46] C:\Program Files\Autostitch
[02/05/2009|09:24] C:\Program Files\Avira
[11/01/2009|19:09] C:\Program Files\Babylon
[29/03/2010|18:30] C:\Program Files\Bonjour
[28/12/2007|18:33] C:\Program Files\BSD Concept
[11/01/2009|23:04] C:\Program Files\Canon
[11/01/2009|22:10] C:\Program Files\CanonBJ
[06/05/2011|19:19] C:\Program Files\CCleaner
[22/03/2008|14:16] C:\Program Files\Circle Developement
[27/02/2011|17:05] C:\Program Files\Cobian Backup 10
[07/06/2011|19:01] C:\Program Files\Common Files
[15/06/2007|20:02] C:\Program Files\ComPlus Applications
[10/11/2008|21:00] C:\Program Files\DivX
[26/06/2010|19:53] C:\Program Files\E.M. PowerPoint Video Converter
[03/12/2009|22:22] C:\Program Files\Elaborate Bytes
[16/06/2007|10:00] C:\Program Files\EPSON
[18/06/2007|20:25] C:\Program Files\EpsonNet
[08/06/2011|19:14] C:\Program Files\ERUNT
[11/01/2009|19:40] C:\Program Files\eToro
[31/10/2010|17:11] C:\Program Files\Exact Audio Copy
[08/10/2009|19:42] C:\Program Files\FastStone Image Viewer
[08/12/2010|19:34] C:\Program Files\Fichiers communs
[25/01/2008|12:08] C:\Program Files\FindThatFont
[03/05/2009|11:20] C:\Program Files\FMC FileRenamer
[11/12/2007|20:21] C:\Program Files\Foxit Software
[09/04/2011|16:07] C:\Program Files\FreeFileSync
[13/08/2010|18:35] C:\Program Files\Glary Utilities
[01/06/2011|22:28] C:\Program Files\Google
[14/11/2008|18:25] C:\Program Files\Heredis 8
[15/12/2009|21:30] C:\Program Files\Hitman Pro
[26/04/2008|19:14] C:\Program Files\Hofmann
[01/09/2007|12:56] C:\Program Files\Illustrate
[11/01/2009|11:32] C:\Program Files\InfraRecorder
[13/08/2010|18:27] C:\Program Files\InstallShield Installation Information
[15/04/2011|23:53] C:\Program Files\Internet Explorer
[19/01/2008|16:05] C:\Program Files\iPod
[08/10/2009|19:41] C:\Program Files\IrfanView
[17/02/2010|18:28] C:\Program Files\Java
[15/04/2010|18:33] C:\Program Files\K-Lite Codec Pack
[28/12/2008|17:42] C:\Program Files\Lavalys
[14/12/2010|21:02] C:\Program Files\LimeWire
[15/06/2007|21:15] C:\Program Files\Logitech
[08/06/2011|07:37] C:\Program Files\Malwarebytes' Anti-Malware
[10/11/2008|21:00] C:\Program Files\Messenger
[15/09/2007|23:49] C:\Program Files\Messenger Plus! Live
[07/06/2009|20:31] C:\Program Files\Micro Application
[18/02/2010|13:22] C:\Program Files\Microsoft
[23/12/2008|08:50] C:\Program Files\Microsoft ActiveSync
[08/12/2010|19:14] C:\Program Files\Microsoft Analysis Services
[15/06/2007|20:07] C:\Program Files\microsoft frontpage
[08/12/2010|19:32] C:\Program Files\Microsoft Office
[18/02/2010|13:22] C:\Program Files\Microsoft Office Outlook Connector
[08/12/2010|19:32] C:\Program Files\Microsoft SQL Server Compact Edition
[18/02/2010|13:20] C:\Program Files\Microsoft Sync Framework
[08/12/2010|19:34] C:\Program Files\Microsoft Synchronization Services
[08/12/2010|19:19] C:\Program Files\Microsoft Visual Studio 8
[17/06/2007|19:03] C:\Program Files\Microsoft.NET
[11/08/2010|18:07] C:\Program Files\Movie Maker
[10/06/2011|13:04] C:\Program Files\Mozilla Firefox
[01/05/2011|00:29] C:\Program Files\Mozilla Thunderbird
[24/12/2010|15:53] C:\Program Files\Mp3tag
[08/12/2010|19:36] C:\Program Files\MSBuild
[06/12/2007|16:50] C:\Program Files\MSECache
[15/06/2007|22:10] C:\Program Files\MSN
[15/06/2007|22:21] C:\Program Files\MSN Apps
[15/06/2007|20:02] C:\Program Files\MSN Gaming Zone
[06/07/2007|11:42] C:\Program Files\MSN Messenger
[19/06/2007|22:09] C:\Program Files\MSXML 4.0
[18/08/2008|10:38] C:\Program Files\NetMeeting
[02/03/2009|08:34] C:\Program Files\Network Associates
[15/06/2007|20:02] C:\Program Files\Online Services
[17/12/2010|13:00] C:\Program Files\Outlook Express
[22/12/2008|20:40] C:\Program Files\PC Tools Firewall Plus
[28/07/2008|21:17] C:\Program Files\PDFCreator
[28/07/2008|21:15] C:\Program Files\PDFCreator Toolbar
[08/07/2007|16:57] C:\Program Files\Player Tool
[26/11/2007|19:17] C:\Program Files\QuickTime
[15/11/2009|12:17] C:\Program Files\RADVideo
[24/01/2011|22:34] C:\Program Files\Recovery Toolbox for RAR
[10/09/2010|19:16] C:\Program Files\Recuva
[06/08/2009|23:52] C:\Program Files\Reference Assemblies
[10/04/2010|14:07] C:\Program Files\RocketDock
[07/06/2011|19:37] C:\Program Files\Runtime Software
[15/06/2007|20:05] C:\Program Files\Services en ligne
[03/02/2008|22:38] C:\Program Files\Skype
[13/10/2008|22:18] C:\Program Files\Stardock
[09/04/2010|15:38] C:\Program Files\TomTom DesktopSuite
[15/06/2007|20:14] C:\Program Files\Uninstall Information
[30/03/2011|07:39] C:\Program Files\uTorrent
[19/06/2007|20:25] C:\Program Files\VideoLAN
[16/06/2007|10:08] C:\Program Files\Volkey
[28/09/2008|11:55] C:\Program Files\VSO
[03/04/2008|11:45] C:\Program Files\Wanadoo
[01/09/2007|12:45] C:\Program Files\Winamp
[18/02/2010|13:21] C:\Program Files\Windows Live
[18/02/2010|13:13] C:\Program Files\Windows Live SkyDrive
[15/06/2007|23:57] C:\Program Files\Windows Media Connect 2
[18/08/2008|10:38] C:\Program Files\Windows Media Player
[18/08/2008|10:38] C:\Program Files\Windows NT
[15/06/2007|20:05] C:\Program Files\WindowsUpdate
[02/03/2010|08:15] C:\Program Files\WinRAR
[22/02/2009|11:49] C:\Program Files\WPanorama
[30/04/2011|17:37] C:\Program Files\XBMC
[15/06/2007|20:07] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[10/01/2011|20:34] C:\Program Files\Fichiers communs\Adobe
[02/07/2007|07:17] C:\Program Files\Fichiers communs\Ahead
[26/12/2007|19:59] C:\Program Files\Fichiers communs\ArcSoft
[13/12/2008|17:34] C:\Program Files\Fichiers communs\CANON
[15/06/2007|20:56] C:\Program Files\Fichiers communs\Cisco Systems
[08/12/2010|19:34] C:\Program Files\Fichiers communs\DESIGNER
[18/09/2010|12:21] C:\Program Files\Fichiers communs\EPSON
[11/01/2009|18:45] C:\Program Files\Fichiers communs\eSellerate
[19/06/2007|22:30] C:\Program Files\Fichiers communs\InstallShield
[21/04/2010|20:07] C:\Program Files\Fichiers communs\Java
[15/06/2007|21:14] C:\Program Files\Fichiers communs\Labtec
[08/03/2010|20:13] C:\Program Files\Fichiers communs\Macrovision Shared
[08/12/2010|20:00] C:\Program Files\Fichiers communs\Microsoft Shared
[15/06/2007|20:04] C:\Program Files\Fichiers communs\MSSoap
[02/03/2009|08:31] C:\Program Files\Fichiers communs\Network Associates
[15/06/2007|21:54] C:\Program Files\Fichiers communs\ODBC
[22/12/2008|20:40] C:\Program Files\Fichiers communs\PC Tools
[15/06/2007|20:04] C:\Program Files\Fichiers communs\Services
[03/02/2008|22:38] C:\Program Files\Fichiers communs\Skype
[15/06/2007|21:54] C:\Program Files\Fichiers communs\SpeechEngines
[21/12/2008|14:01] C:\Program Files\Fichiers communs\Stardock
[18/02/2010|13:22] C:\Program Files\Fichiers communs\System
[18/02/2010|13:05] C:\Program Files\Fichiers communs\Windows Live
[09/03/2008|12:12] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 49 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\Program Files\Circle Developement
C:\WINDOWS\Tasks\B17DCD2493B24B04.job

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts MODIFIE

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

-> 72 [ 70 ## added by CiD ]

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-11 08:32:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2906

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ADMINI~1\Application Data\uTorrent\Runtime GetDataBack for FAT NTFS 4.01 __ KeyGen __.rar.torrent


[F:33][D:8]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
[F:9][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
[F:376][D:4]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 11/06/2011| 8:42 - Option : [1]

--------------------\\ Fin du rapport a 8:42:13

[la fourme]

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-10 23:55:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Maxtor_6E040L0 rev.NAR61590
Running: jh3cm7g0.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uxtdypoc.sys


---- System - GMER 1.0.15 ----

SSDT F7D450E6 ZwCreateKey
SSDT F7D450DC ZwCreateThread
SSDT F7D450EB ZwDeleteKey
SSDT F7D450F5 ZwDeleteValueKey
SSDT F7D450FA ZwLoadKey
SSDT F7D450C8 ZwOpenProcess
SSDT F7D450CD ZwOpenThread
SSDT F7D45104 ZwReplaceKey
SSDT F7D450FF ZwRestoreKey
SSDT F7D450F0 ZwSetValueKey

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\geyekrupkrocqn.sys (*** hidden *** ) [SYSTEM] geyekrtobwibom <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom@imagepath \systemroot\system32\drivers\geyekrupkrocqn.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\main@aid 10003
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\main\injector@* geyekrwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\modules@geyekrrk.sys \systemroot\system32\drivers\geyekrupkrocqn.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\modules@geyekrcmd.dll \systemroot\system32\geyekroppjvrvk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\modules@geyekrlog.dat \systemroot\system32\geyekrbgknfqlr.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\modules@geyekrwsp.dll \systemroot\system32\geyekruyhsewsq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\modules@geyekr.dat \systemroot\system32\geyekrqkixayab.dat
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom@imagepath \systemroot\system32\drivers\geyekrupkrocqn.sys
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\main@aid 10003
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\main\injector@* geyekrwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\modules@geyekrrk.sys \systemroot\system32\drivers\geyekrupkrocqn.sys
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\modules@geyekrcmd.dll \systemroot\system32\geyekroppjvrvk.dll
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\modules@geyekrlog.dat \systemroot\system32\geyekrbgknfqlr.dat
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\modules@geyekrwsp.dll \systemroot\system32\geyekruyhsewsq.dll
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\modules@geyekr.dat \systemroot\system32\geyekrqkixayab.dat

---- EOF - GMER 1.0.15 ----

[nickW]

Bonsoir,

Il existe même des gens qui écrivent Bonjour .....


Premiers nettoyages:

Étape 1: TDSSKiller (de Kaspersky), installation
Télécharger tdsskiller.zip depuis le lien ci-dessous:
http://support.kaspersky.com/downloads/ ... killer.zip

Extraire de l'archive téléchargée le fichier TDSSKiller.exe et le placer sur le Bureau.


Étape 2: rkill (de Grinler), téléchargement
Remarque importante:
rkill est parfois, à tort, détecté comme nuisible. Si nécessaire, désactiver l'antivirus lors de son téléchargement.

Télécharger rkill via un clic droit suivi de Enregistrer la cible du lien sous ... depuis l'un des liens ci-dessous:

Lien 1
Lien 2
Lien 3

Enregistrer le fichier sur le Bureau.


Étape 3: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"


Étape 4: TDSSKiller (de Kaspersky), exécution
Faire un double clic sur TDSSKiller.exe pour le lancer.

L'écran de TDSSKiller s'affiche:


Cliquer sur Start scan pour lancer l'analyse.

Lorsque l'outil a terminé son travail d'inspection,

Si des nuisibles ("Malicious objects") ont été détectés, le programme sélectionne automatiquement l'action à effectuer:
*- soit Cure
*- soit Skip. Dans ce cas, cliquer sur la petite flèche vers le bas située à coté de Skip afin d'ouvrir la liste des options disponibles. Si Cure est présent, il faut le sélectionner, mais il ne faut pas choisir Delete ni Quarantine


Si des objects suspects ("Suspicious objects") ont été détectés, sur l'écran de demande de confirmation, modifier l'action à entreprendre et indiquer Quarantine (au lieu de Skip).

Puis cliquer sur le bouton (Continue),

Attendre l'affichage du fichier rapport.

Si l'outil a besoin d'un redémarrage pour finaliser le nettoyage, cliquer sur le bouton (Reboot computer)

Dans tous les cas, faire redémarrer le PC.


Étape 5: Pas de processus de contrôle en temps réel
Comme le PC a redémarré, désactiver de nouveau le module résident de l'antivirus.


Étape 6: Lop S&D (de Angeldark et Eric71), Suppression
Faire un double clic sur LopSD.exe situé sur le Bureau pour lancer l'exécution de l'outil.
Choisir la langue en tapant F puis en appuyant sur Entrée.
Lire l'avertissement, puis cliquer sur OK.

Après l'affichage du menu, taper 2 puis faire Entrée pour supprimer les fichiers responsables de l'infection.

Ne pas fermer la fenêtre pendant la suppression des fichiers!

Lorsque la suppression est terminée, une fenêtre du Bloc-notes s'ouvre et affiche le rapport (alias log).

Fermer le Bloc-notes, ce qui termine l'exécution de l'outil.

Note:
Si le Bureau ne réapparaît pas, ouvrir le Gestionnaire des tâches en utilisant simultanément les touches CTRL+ALT+SUPP.
Cliquer en haut sur le Menu Fichier et choisir Nouvelle tâche (Exécuter...).
Dans la nouvelle fenêtre Créer une nouvelle tâche qui s'est ouverte, dans la zone Ouvrir, taper exactement explorer puis cliquer sur le bouton OK. Le Bureau va réapparaître.


Étape 7: rkill (de Grinler), exécution
Faire un double clic sur le fichier rkill téléchargé pour lancer l'outil.

Une fenêtre à fond noir va apparaître brièvement, puis disparaître.
En fin d'exécution, enregistrer le fichier rkill.log

Si rien ne se passe, ou si l'outil ne se lance pas, télécharger l'outil depuis un autre des trois liens ci-dessus et faire une nouvelle tentative d'exécution.

Si aucun des outils téléchargés depuis les trois liens ci-dessus ne semble fonctionner, télécharger une version renommée de rkill depuis iExplore.exe ou eXplorer.exe et essayer de le lancer.

Si aucun des cinq outils téléchargés ne semble fonctionner, ne pas continuer le nettoyage, et me prévenir sur le forum.

Ne pas faire redémarrer le PC.


Étape 8: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher, comme ceci:



Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats":



Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection":

Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 9: Pas de processus de contrôle en temps réel
Si le PC a redémarré, désactiver de nouveau le module résident de l'antivirus.


Étape 10: Gmer, exécution

Fermer absolument toutes les applications, les connexions et les navigateurs.

Faire un double clic sur le fichier au nom aléatoire téléchargé précédemment.

Attendre quelques instants le chargement du pilote et les premières recherches.

Si l'outil affiche un message "WARNING !!! GMER has found system modification ... Do You want to fully scan your system ?", cliquer sur NO.

Vérifier que toutes les cases de la colonne de droite sont cochées sauf
Sections
les lecteurs autres que C:\
"Show all"

comme ceci:


puis cliquer sur le bouton Scan.

Attendre sans rien faire d'autre (... c'est un peu long...).
Les clés de Registre & fichiers analysés s'affichent en bas de la fenêtre.

Lorsque l'outil a terminé (il n'y a plus de défilement en bas de la fenêtre), cliquer sur le bouton Save ....

Une fenêtre du Bloc-notes va s'ouvrir, contenant le fichier rapport.
Note: Dans le Bloc-notes, vérifier dans le menu Format que l'option "Retour automatique à la ligne" n'est pas cochée.
Enregistrer ce fichier sur le Bureau sous le nom gmer-110611.txt.
Fermer la fenêtre Gmer (clic sur OK).


Étape 11: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 12: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:


Cliquer sur le bouton Analyse rapide:



Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 13: Résultats
Envoyer en réponse:
*- le rapport de TDSSKiller (contenu du fichier %SystemDrive%\TDSSKiller.Version_Date_Heure_log.txt)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de rkill (contenu du fichier rkill.log situé dans le dossier %SystemDrive%\)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de Lop S&D (contenu du fichier %SystemDrive%\lopR.txt)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport de Gmer (contenu du fichier gmer-110611.txt)<----ce rapport est parfois très long; vérifier qu'il est complet; si nécessaire le découper en plusieurs messages -- en utilisant toujours le bouton Répondre.

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End of report>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
pour continuer dans ce fil de discussion.

A suivre,

[la fourme]

Désolé pour la manque de convivialité.
Je suis sur le cul qu'un dimanche il y ai des gens de ta compétence disponibles gratuitement
Ça laisse un peu d 'espoir sur une race humaine soit disant égoïste.
Encore merci pour tes actions.

[la fourme]

Bonjour,
Suite des rapports et d'avance merci

2011/06/12 19:19:48.0640 3324 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/12 19:19:48.0687 3324 ================================================================================
2011/06/12 19:19:48.0703 3324 SystemInfo:
2011/06/12 19:19:48.0703 3324
2011/06/12 19:19:48.0703 3324 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/12 19:19:48.0703 3324 Product type: Workstation
2011/06/12 19:19:48.0703 3324 ComputerName: MAISON
2011/06/12 19:19:48.0703 3324 UserName: Administrateur
2011/06/12 19:19:48.0703 3324 Windows directory: C:\WINDOWS
2011/06/12 19:19:48.0703 3324 System windows directory: C:\WINDOWS
2011/06/12 19:19:48.0703 3324 Processor architecture: Intel x86
2011/06/12 19:19:48.0703 3324 Number of processors: 1
2011/06/12 19:19:48.0703 3324 Page size: 0x1000
2011/06/12 19:19:48.0703 3324 Boot type: Normal boot
2011/06/12 19:19:48.0703 3324 ================================================================================
2011/06/12 19:20:01.0328 3324 Initialize success
2011/06/12 19:20:13.0359 3456 ================================================================================
2011/06/12 19:20:13.0359 3456 Scan started
2011/06/12 19:20:13.0359 3456 Mode: Manual;
2011/06/12 19:20:13.0359 3456 ================================================================================
2011/06/12 19:20:14.0109 3456 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/12 19:20:14.0234 3456 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/12 19:20:14.0390 3456 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
2011/06/12 19:20:14.0640 3456 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/12 19:20:14.0781 3456 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/12 19:20:15.0656 3456 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/12 19:20:15.0828 3456 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/12 19:20:16.0046 3456 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/12 19:20:16.0171 3456 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/12 19:20:16.0296 3456 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/06/12 19:20:16.0437 3456 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/06/12 19:20:16.0593 3456 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/06/12 19:20:16.0750 3456 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/12 19:20:16.0937 3456 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/12 19:20:17.0062 3456 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/12 19:20:17.0265 3456 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/12 19:20:17.0406 3456 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/12 19:20:17.0531 3456 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/12 19:20:18.0109 3456 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/12 19:20:18.0250 3456 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/12 19:20:18.0453 3456 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/12 19:20:18.0531 3456 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/12 19:20:18.0656 3456 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/12 19:20:18.0890 3456 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/12 19:20:19.0031 3456 E1000 (a97b4360acc61d9d3cae50cd155ef02c) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2011/06/12 19:20:19.0109 3456 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/06/12 19:20:19.0234 3456 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/06/12 19:20:19.0437 3456 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/12 19:20:19.0546 3456 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/12 19:20:19.0687 3456 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/12 19:20:19.0796 3456 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/12 19:20:19.0890 3456 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/12 19:20:20.0062 3456 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/06/12 19:20:20.0187 3456 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/12 19:20:20.0281 3456 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/12 19:20:20.0312 3456 Suspicious service (NoAccess): geyekrtobwibom
2011/06/12 19:20:20.0453 3456 geyekrtobwibom (6bbc45c590c7166d615670422c2d040a) C:\WINDOWS\system32\drivers\geyekrupkrocqn.sys
2011/06/12 19:20:20.0500 3456 geyekrtobwibom - detected Rootkit.Win32.TDSS.tdl2 (0)
2011/06/12 19:20:20.0640 3456 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/12 19:20:20.0843 3456 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/12 19:20:20.0937 3456 hitmanpro2 (cc2cfaf74dc5b144a2c2f56b3134c8ac) C:\Program Files\Hitman Pro\hitmanpro2.sys
2011/06/12 19:20:21.0140 3456 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/12 19:20:21.0468 3456 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/12 19:20:21.0609 3456 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/12 19:20:21.0812 3456 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/12 19:20:22.0093 3456 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/12 19:20:22.0234 3456 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/12 19:20:22.0328 3456 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/12 19:20:22.0453 3456 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/12 19:20:22.0562 3456 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/12 19:20:22.0656 3456 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/12 19:20:22.0750 3456 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/12 19:20:22.0843 3456 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/12 19:20:22.0953 3456 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/12 19:20:23.0031 3456 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/12 19:20:23.0234 3456 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/12 19:20:23.0343 3456 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/12 19:20:23.0703 3456 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
2011/06/12 19:20:23.0921 3456 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/12 19:20:24.0062 3456 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/12 19:20:24.0171 3456 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/06/12 19:20:24.0296 3456 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/12 19:20:24.0437 3456 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/12 19:20:24.0562 3456 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/12 19:20:24.0750 3456 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/12 19:20:24.0875 3456 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/12 19:20:25.0015 3456 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/12 19:20:25.0140 3456 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/12 19:20:25.0218 3456 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/12 19:20:25.0312 3456 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/12 19:20:25.0468 3456 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/12 19:20:25.0562 3456 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/12 19:20:25.0671 3456 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/12 19:20:25.0765 3456 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/12 19:20:25.0890 3456 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/12 19:20:25.0984 3456 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/12 19:20:26.0093 3456 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/12 19:20:26.0171 3456 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/12 19:20:26.0250 3456 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/12 19:20:26.0343 3456 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/12 19:20:26.0453 3456 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/12 19:20:26.0546 3456 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/12 19:20:26.0703 3456 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/12 19:20:26.0812 3456 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/12 19:20:26.0984 3456 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/12 19:20:27.0109 3456 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/12 19:20:27.0234 3456 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/12 19:20:27.0437 3456 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/12 19:20:27.0546 3456 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/12 19:20:27.0671 3456 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/12 19:20:27.0843 3456 PCANDIS5 (ceef86cb35abe95c40a88784f5b631ad) C:\WINDOWS\system32\PCANDIS5.SYS
2011/06/12 19:20:28.0000 3456 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/12 19:20:28.0234 3456 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/12 19:20:28.0375 3456 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/12 19:20:28.0796 3456 pepifilter (cec24da7f7dd1758e569019232f49def) C:\WINDOWS\system32\DRIVERS\lv302af.sys
2011/06/12 19:20:29.0140 3456 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
2011/06/12 19:20:29.0281 3456 PID_08A0 (642bfb100d0a7693355fe01b256e349a) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
2011/06/12 19:20:29.0453 3456 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/12 19:20:29.0546 3456 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/12 19:20:29.0656 3456 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/12 19:20:30.0078 3456 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/12 19:20:30.0203 3456 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/12 19:20:30.0296 3456 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/12 19:20:30.0421 3456 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/12 19:20:30.0562 3456 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/12 19:20:30.0687 3456 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/12 19:20:30.0828 3456 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/12 19:20:30.0937 3456 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/12 19:20:31.0031 3456 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/12 19:20:31.0281 3456 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/12 19:20:31.0453 3456 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/12 19:20:31.0578 3456 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/12 19:20:31.0781 3456 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/12 19:20:32.0031 3456 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/12 19:20:32.0156 3456 smwdm (b911c822922cf62df83ad36d5c9775cc) C:\WINDOWS\system32\drivers\smwdm.sys
2011/06/12 19:20:32.0296 3456 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/06/12 19:20:32.0421 3456 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/12 19:20:32.0578 3456 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/12 19:20:32.0734 3456 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/12 19:20:32.0890 3456 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/06/12 19:20:33.0046 3456 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/06/12 19:20:33.0171 3456 StillCam (3f669c9fc6411bdbc0155544aa876e46) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/06/12 19:20:33.0312 3456 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/12 19:20:33.0437 3456 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/12 19:20:33.0531 3456 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/12 19:20:34.0000 3456 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/12 19:20:34.0203 3456 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/12 19:20:34.0437 3456 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/12 19:20:34.0562 3456 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/12 19:20:34.0640 3456 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/12 19:20:34.0906 3456 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/12 19:20:35.0140 3456 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/12 19:20:35.0390 3456 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/12 19:20:35.0609 3456 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/12 19:20:35.0843 3456 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/12 19:20:36.0000 3456 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/12 19:20:36.0171 3456 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/12 19:20:36.0312 3456 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/12 19:20:36.0437 3456 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/12 19:20:36.0515 3456 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/12 19:20:36.0625 3456 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/06/12 19:20:36.0765 3456 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\WINDOWS\system32\DRIVERS\VClone.sys
2011/06/12 19:20:36.0906 3456 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/12 19:20:37.0140 3456 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/12 19:20:37.0296 3456 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/12 19:20:37.0468 3456 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/12 19:20:37.0796 3456 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/12 19:20:38.0000 3456 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/12 19:20:38.0140 3456 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/12 19:20:38.0328 3456 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/06/12 19:20:38.0640 3456 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/06/12 19:20:38.0750 3456 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
2011/06/12 19:20:39.0843 3456 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/06/12 19:20:39.0890 3456 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
2011/06/12 19:20:39.0953 3456 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR10
2011/06/12 19:20:39.0984 3456 ================================================================================
2011/06/12 19:20:39.0984 3456 Scan finished
2011/06/12 19:20:39.0984 3456 ================================================================================
2011/06/12 19:20:40.0031 2148 Detected object count: 1
2011/06/12 19:20:40.0031 2148 Actual detected object count: 1
2011/06/12 19:22:12.0109 2148 Rootkit.Win32.TDSS.tdl2(geyekrtobwibom) - User select action: Skip


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 12/06/2011 at 19:46:44.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 12/06/2011 at 19:46:56.




--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.00GHz )
BIOS : Default System BIOS
USER : Administrateur ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 10.0.1.58 (Not Activated)
C:\ (Local Disk) - NTFS - Total:38 Go (Free:2 Go)
D:\ (Local Disk) - NTFS - Total:465 Go (Free:365 Go)
E:\ (Local Disk) - NTFS - Total:74 Go (Free:70 Go)
F:\ (CD or DVD)
G:\ (Local Disk) - NTFS - Total:1397 Go (Free:657 Go)
H:\ (CD or DVD)
I:\ (CD or DVD)
J:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 12/06/2011|19:31 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\WINDOWS\Tasks\B17DCD2493B24B04.job
Supprime! - C:\Program Files\Circle Developement
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[17/02/2008|23:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\AccurateRip
[05/06/2011|12:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[17/04/2011|13:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\AdSigner
[05/03/2009|23:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
[25/03/2011|14:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Amazon
[30/07/2007|22:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[26/12/2007|20:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\ArcSoft
[09/12/2010|20:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\Avira
[28/12/2007|18:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\BSD
[28/12/2007|18:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\BSDh9
[30/05/2009|17:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\Canon
[29/03/2010|17:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\com.adobe.ExMan
[27/01/2011|08:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Copernic
[17/02/2008|23:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\dBpoweramp
[28/12/2008|17:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\DisplayTune
[05/06/2008|13:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\dvdcss
[20/06/2010|19:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\Facebook
[08/10/2009|19:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\FastStone
[13/08/2010|18:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\GlarySoft
[17/06/2007|12:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
[19/06/2007|20:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
[15/06/2007|20:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[11/01/2009|14:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\InfraRecorder
[15/02/2010|21:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[14/01/2009|08:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[25/01/2008|12:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\mathijs.jurresip.nl
[16/04/2010|09:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
[16/01/2011|17:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[02/08/2008|14:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[24/12/2010|16:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mp3tag
[15/06/2007|22:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\MSNInstaller
[21/12/2008|16:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\PCToolsFirewallPlus
[13/08/2010|18:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Samsung
[20/06/2009|14:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\SharePod
[04/08/2008|22:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype
[04/08/2008|18:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\skypePM
[25/07/2007|18:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[16/06/2007|10:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
[13/09/2010|18:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\Thunderbird
[09/04/2010|15:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\TomTom
[02/12/2010|19:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\TreeCardGames
[28/09/2007|18:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\U3
[12/06/2011|19:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\uTorrent
[19/06/2007|20:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
[03/12/2010|22:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\Vso
[20/06/2009|14:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\WindSolutions
[01/03/2010|20:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR
[08/05/2011|11:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\XBMC
[07/06/2009|20:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\Xilisoft Corporation

[21/06/2010|07:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[14/07/2009|17:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[29/03/2010|19:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ALM
[30/07/2007|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[30/07/2007|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[02/05/2009|09:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[28/12/2007|18:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BSD
[11/01/2009|22:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[11/01/2009|22:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonIJ
[08/02/2009|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonIJScan
[08/03/2010|23:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[13/02/2009|22:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[12/06/2011|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[15/12/2009|21:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hitman Pro
[28/12/2007|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[14/01/2009|08:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[14/04/2009|09:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[15/09/2007|11:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[07/06/2009|20:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Micro Application
[08/12/2010|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[15/04/2011|23:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[16/06/2007|10:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla
[21/12/2008|14:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
[16/02/2010|01:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Norton
[16/02/2010|00:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NortonInstaller
[03/02/2008|22:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[17/02/2010|18:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sun
[16/02/2010|00:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[22/12/2008|20:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[09/04/2010|15:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
[15/06/2007|23:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[18/02/2010|13:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[09/03/2008|12:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[02/12/2007|01:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[19/06/2008|11:16] C:\DOCUME~1\INVIT~1\APPLIC~1\Adobe
[19/06/2008|10:30] C:\DOCUME~1\INVIT~1\APPLIC~1\Google
[25/04/2008|23:41] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities
[19/06/2008|10:31] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia
[19/06/2008|10:30] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft
[19/06/2008|10:50] C:\DOCUME~1\INVIT~1\APPLIC~1\Mozilla
[19/06/2008|10:50] C:\DOCUME~1\INVIT~1\APPLIC~1\Talkback

[15/06/2007|20:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[15/06/2007|20:07] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[12/06/2011 19:29][--a------] C:\WINDOWS\tasks\GlaryInitialize.job
[12/06/2011 18:28][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[12/06/2011 19:29][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[12/06/2011 18:43][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-2052111302-1177238915-500UA.job
[11/06/2011 08:43][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-2052111302-1177238915-500Core.job
[12/06/2011 19:29][--a------] C:\WINDOWS\tasks\WGASetup.job
[12/06/2011 19:29][--a------] C:\WINDOWS\tasks\Google Software Updater.job
[12/06/2011 19:29][--a------] C:\WINDOWS\tasks\kavhqmsd.job
[12/06/2011 19:29][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[02/12/2010|19:49] C:\Program Files\123 Free Solitaire
[16/06/2007|20:39] C:\Program Files\Absolutist.com
[10/01/2011|20:34] C:\Program Files\Adobe
[02/07/2007|07:17] C:\Program Files\Ahead
[25/03/2011|14:22] C:\Program Files\Amazon
[26/12/2007|19:56] C:\Program Files\ArcSoft
[27/01/2009|08:25] C:\Program Files\Audacity
[09/09/2009|18:46] C:\Program Files\Autostitch
[02/05/2009|09:24] C:\Program Files\Avira
[11/01/2009|19:09] C:\Program Files\Babylon
[29/03/2010|18:30] C:\Program Files\Bonjour
[28/12/2007|18:33] C:\Program Files\BSD Concept
[11/01/2009|23:04] C:\Program Files\Canon
[11/01/2009|22:10] C:\Program Files\CanonBJ
[06/05/2011|19:19] C:\Program Files\CCleaner
[27/02/2011|17:05] C:\Program Files\Cobian Backup 10
[07/06/2011|19:01] C:\Program Files\Common Files
[15/06/2007|20:02] C:\Program Files\ComPlus Applications
[10/11/2008|21:00] C:\Program Files\DivX
[26/06/2010|19:53] C:\Program Files\E.M. PowerPoint Video Converter
[03/12/2009|22:22] C:\Program Files\Elaborate Bytes
[16/06/2007|10:00] C:\Program Files\EPSON
[18/06/2007|20:25] C:\Program Files\EpsonNet
[08/06/2011|19:14] C:\Program Files\ERUNT
[11/01/2009|19:40] C:\Program Files\eToro
[31/10/2010|17:11] C:\Program Files\Exact Audio Copy
[08/10/2009|19:42] C:\Program Files\FastStone Image Viewer
[08/12/2010|19:34] C:\Program Files\Fichiers communs
[25/01/2008|12:08] C:\Program Files\FindThatFont
[03/05/2009|11:20] C:\Program Files\FMC FileRenamer
[11/12/2007|20:21] C:\Program Files\Foxit Software
[09/04/2011|16:07] C:\Program Files\FreeFileSync
[13/08/2010|18:35] C:\Program Files\Glary Utilities
[01/06/2011|22:28] C:\Program Files\Google
[14/11/2008|18:25] C:\Program Files\Heredis 8
[15/12/2009|21:30] C:\Program Files\Hitman Pro
[26/04/2008|19:14] C:\Program Files\Hofmann
[01/09/2007|12:56] C:\Program Files\Illustrate
[11/01/2009|11:32] C:\Program Files\InfraRecorder
[13/08/2010|18:27] C:\Program Files\InstallShield Installation Information
[15/04/2011|23:53] C:\Program Files\Internet Explorer
[19/01/2008|16:05] C:\Program Files\iPod
[08/10/2009|19:41] C:\Program Files\IrfanView
[17/02/2010|18:28] C:\Program Files\Java
[15/04/2010|18:33] C:\Program Files\K-Lite Codec Pack
[28/12/2008|17:42] C:\Program Files\Lavalys
[14/12/2010|21:02] C:\Program Files\LimeWire
[15/06/2007|21:15] C:\Program Files\Logitech
[08/06/2011|07:37] C:\Program Files\Malwarebytes' Anti-Malware
[10/11/2008|21:00] C:\Program Files\Messenger
[15/09/2007|23:49] C:\Program Files\Messenger Plus! Live
[07/06/2009|20:31] C:\Program Files\Micro Application
[18/02/2010|13:22] C:\Program Files\Microsoft
[23/12/2008|08:50] C:\Program Files\Microsoft ActiveSync
[08/12/2010|19:14] C:\Program Files\Microsoft Analysis Services
[15/06/2007|20:07] C:\Program Files\microsoft frontpage
[08/12/2010|19:32] C:\Program Files\Microsoft Office
[18/02/2010|13:22] C:\Program Files\Microsoft Office Outlook Connector
[08/12/2010|19:32] C:\Program Files\Microsoft SQL Server Compact Edition
[18/02/2010|13:20] C:\Program Files\Microsoft Sync Framework
[08/12/2010|19:34] C:\Program Files\Microsoft Synchronization Services
[08/12/2010|19:19] C:\Program Files\Microsoft Visual Studio 8
[17/06/2007|19:03] C:\Program Files\Microsoft.NET
[11/08/2010|18:07] C:\Program Files\Movie Maker
[12/06/2011|09:57] C:\Program Files\Mozilla Firefox
[01/05/2011|00:29] C:\Program Files\Mozilla Thunderbird
[24/12/2010|15:53] C:\Program Files\Mp3tag
[08/12/2010|19:36] C:\Program Files\MSBuild
[06/12/2007|16:50] C:\Program Files\MSECache
[15/06/2007|22:10] C:\Program Files\MSN
[15/06/2007|22:21] C:\Program Files\MSN Apps
[15/06/2007|20:02] C:\Program Files\MSN Gaming Zone
[06/07/2007|11:42] C:\Program Files\MSN Messenger
[19/06/2007|22:09] C:\Program Files\MSXML 4.0
[18/08/2008|10:38] C:\Program Files\NetMeeting
[02/03/2009|08:34] C:\Program Files\Network Associates
[15/06/2007|20:02] C:\Program Files\Online Services
[17/12/2010|13:00] C:\Program Files\Outlook Express
[22/12/2008|20:40] C:\Program Files\PC Tools Firewall Plus
[28/07/2008|21:17] C:\Program Files\PDFCreator
[28/07/2008|21:15] C:\Program Files\PDFCreator Toolbar
[08/07/2007|16:57] C:\Program Files\Player Tool
[26/11/2007|19:17] C:\Program Files\QuickTime
[15/11/2009|12:17] C:\Program Files\RADVideo
[24/01/2011|22:34] C:\Program Files\Recovery Toolbox for RAR
[10/09/2010|19:16] C:\Program Files\Recuva
[06/08/2009|23:52] C:\Program Files\Reference Assemblies
[10/04/2010|14:07] C:\Program Files\RocketDock
[07/06/2011|19:37] C:\Program Files\Runtime Software
[15/06/2007|20:05] C:\Program Files\Services en ligne
[03/02/2008|22:38] C:\Program Files\Skype
[13/10/2008|22:18] C:\Program Files\Stardock
[09/04/2010|15:38] C:\Program Files\TomTom DesktopSuite
[15/06/2007|20:14] C:\Program Files\Uninstall Information
[30/03/2011|07:39] C:\Program Files\uTorrent
[19/06/2007|20:25] C:\Program Files\VideoLAN
[16/06/2007|10:08] C:\Program Files\Volkey
[28/09/2008|11:55] C:\Program Files\VSO
[03/04/2008|11:45] C:\Program Files\Wanadoo
[01/09/2007|12:45] C:\Program Files\Winamp
[18/02/2010|13:21] C:\Program Files\Windows Live
[18/02/2010|13:13] C:\Program Files\Windows Live SkyDrive
[15/06/2007|23:57] C:\Program Files\Windows Media Connect 2
[18/08/2008|10:38] C:\Program Files\Windows Media Player
[18/08/2008|10:38] C:\Program Files\Windows NT
[15/06/2007|20:05] C:\Program Files\WindowsUpdate
[02/03/2010|08:15] C:\Program Files\WinRAR
[22/02/2009|11:49] C:\Program Files\WPanorama
[30/04/2011|17:37] C:\Program Files\XBMC
[15/06/2007|20:07] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[10/01/2011|20:34] C:\Program Files\Fichiers communs\Adobe
[02/07/2007|07:17] C:\Program Files\Fichiers communs\Ahead
[26/12/2007|19:59] C:\Program Files\Fichiers communs\ArcSoft
[13/12/2008|17:34] C:\Program Files\Fichiers communs\CANON
[15/06/2007|20:56] C:\Program Files\Fichiers communs\Cisco Systems
[08/12/2010|19:34] C:\Program Files\Fichiers communs\DESIGNER
[18/09/2010|12:21] C:\Program Files\Fichiers communs\EPSON
[11/01/2009|18:45] C:\Program Files\Fichiers communs\eSellerate
[19/06/2007|22:30] C:\Program Files\Fichiers communs\InstallShield
[21/04/2010|20:07] C:\Program Files\Fichiers communs\Java
[15/06/2007|21:14] C:\Program Files\Fichiers communs\Labtec
[08/03/2010|20:13] C:\Program Files\Fichiers communs\Macrovision Shared
[08/12/2010|20:00] C:\Program Files\Fichiers communs\Microsoft Shared
[15/06/2007|20:04] C:\Program Files\Fichiers communs\MSSoap
[02/03/2009|08:31] C:\Program Files\Fichiers communs\Network Associates
[15/06/2007|21:54] C:\Program Files\Fichiers communs\ODBC
[22/12/2008|20:40] C:\Program Files\Fichiers communs\PC Tools
[15/06/2007|20:04] C:\Program Files\Fichiers communs\Services
[03/02/2008|22:38] C:\Program Files\Fichiers communs\Skype
[15/06/2007|21:54] C:\Program Files\Fichiers communs\SpeechEngines
[21/12/2008|14:01] C:\Program Files\Fichiers communs\Stardock
[18/02/2010|13:22] C:\Program Files\Fichiers communs\System
[18/02/2010|13:05] C:\Program Files\Fichiers communs\Windows Live
[09/03/2008|12:12] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 42 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-12 19:35:03
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2906

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ADMINI~1\Application Data\uTorrent\Runtime GetDataBack for FAT NTFS 4.01 __ KeyGen __.rar.torrent


[F:33][D:8]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
[F:9][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
[F:409][D:4]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 11/06/2011| 8:42 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 12/06/2011|19:44 - Option : [2]

--------------------\\ Fin du rapport a 19:44:50

[la fourme]

Suite de l'envoi

à la fin de malwarebytes, j'ai eu un msg sur la suppression de fichier systeme
et à la fin de gmer j'ai eu " GMER has found system modification caused by ROOTKIT activity"


GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-13 09:36:52
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Maxtor_6E040L0 rev.NAR61590
Running: jh3cm7g0.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uxtdypoc.sys


---- System - GMER 1.0.15 ----

SSDT F7C9DBC6 ZwCreateKey
SSDT F7C9DBBC ZwCreateThread
SSDT F7C9DBCB ZwDeleteKey
SSDT F7C9DBD5 ZwDeleteValueKey
SSDT F7C9DBDA ZwLoadKey
SSDT F7C9DBA8 ZwOpenProcess
SSDT F7C9DBAD ZwOpenThread
SSDT F7C9DBE4 ZwReplaceKey
SSDT F7C9DBDF ZwRestoreKey
SSDT F7C9DBD0 ZwSetValueKey

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\geyekrupkrocqn.sys (*** hidden *** ) [SYSTEM] geyekrtobwibom <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom@imagepath \systemroot\system32\drivers\geyekrupkrocqn.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\main@aid 10003
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\main\injector@* geyekrwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\modules@geyekrrk.sys \systemroot\system32\drivers\geyekrupkrocqn.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\modules@geyekrcmd.dll \systemroot\system32\geyekroppjvrvk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\modules@geyekrlog.dat \systemroot\system32\geyekrbgknfqlr.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\modules@geyekrwsp.dll \systemroot\system32\geyekruyhsewsq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtobwibom\modules@geyekr.dat \systemroot\system32\geyekrqkixayab.dat
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom@imagepath \systemroot\system32\drivers\geyekrupkrocqn.sys
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\main@aid 10003
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\main\injector@* geyekrwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\modules@geyekrrk.sys \systemroot\system32\drivers\geyekrupkrocqn.sys
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\modules@geyekrcmd.dll \systemroot\system32\geyekroppjvrvk.dll
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\modules@geyekrlog.dat \systemroot\system32\geyekrbgknfqlr.dat
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\modules@geyekrwsp.dll \systemroot\system32\geyekruyhsewsq.dll
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtobwibom\modules@geyekr.dat \systemroot\system32\geyekrqkixayab.dat

---- EOF - GMER 1.0.15 ----