Demande d'aide (rogue ?)

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Demande d'aide (rogue ?)

Messagede Philelip » 26 Mai 2012, 15:09

Bonjour à tous,

déjà inscrit il y a longtemps pour une béchamel infernale dont vous m'aviez sorti, je vous demande de l'aide sur un crampon tenace.

Le contexte : prêté un notebook à ma maman qui a dû se faire abuser d'un "souhaitez vous télécharger..." lors ce ses séances de surf à 50 fenêtres.

En tous cas, le résultat est que sous Firefox (navigateur par défaut), un fatras de faux rapports me demande d'échanger quelques piécettes contre un logiciel anti-malware qui m'a pas l'air catholique du tout.

Le reste a l'air de fonctionner, d'ailleurs je poste ce message sur l'ordinateur sous Chrome.

Je n'ai pas essayé de désinstaller/réinstaller Firefox.

Depuis 10 jours je me bats sporadiquement contre ce soucis. Ma présence ici vous prouve que je n'ai pas gagné...

J'ai essayé tous les anti-rogues que j'ai trouvé : il ne détectent rien. Je finis par me demander si il y a effectivement une bestiole.

Dans le doute, je vous demande votre avis.

Pour info, Winlogon (dans le rapport MAM) est Rkill renommé pour qu'il fonctionne.



J'ai essayé de suivre la procédure à lettre et j'espère ne pas m'être trompé.


Merci.


Le rapport MAM :


Malwarebytes Anti-Malware 1.61.0.1400
http://www.malwarebytes.org

Version de la base de données: v2012.05.26.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
philippe :: PHILIPPE-PC [administrateur]

26/05/2012 14:42:53
mbam-log-2012-05-26 (14-49-32).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 184807
Temps écoulé: 4 minute(s),

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 1
C:\Users\philippe\Downloads\WiNlOgOn.exe (Heuristics.Reserved.Word.Exploit) -> Aucune action effectuée.

(fin)
Philelip
 
Messages: 9
Inscription: 26 Mai 2012, 13:04

Re: Demande d'aide (rogue ?)

Messagede Philelip » 26 Mai 2012, 15:11

OTL logfile created on: 5/26/2012 3:06:02 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\philippe\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1.97 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.96% Memory free
3.93 Gb Paging File | 3.03 Gb Available in Paging File | 77.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 22.31 Gb Free Space | 57.10% Space Free | Partition Type: NTFS
Drive D: | 253.17 Gb Total Space | 229.89 Gb Free Space | 90.81% Space Free | Partition Type: NTFS

Computer Name: PHILIPPE-PC | User Name: philippe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/26 14:23:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\philippe\Desktop\OTL.exe
PRC - [2012/04/16 17:49:06 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.382.0\SeaPort.exe
PRC - [2012/03/07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/02/26 02:56:54 | 001,262,896 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
PRC - [2009/12/22 15:13:00 | 003,354,624 | ---- | M] (Sentelic Corporation) -- C:\Program Files\FSP\FspUip.exe
PRC - [2009/10/29 02:15:22 | 000,307,200 | ---- | M] () -- C:\Program Files\Bluetooth Suite\BtvStack.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | R-S- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2009/12/22 15:14:00 | 000,053,248 | ---- | M] () -- C:\Program Files\FSP\KbdHook.dll
MOD - [2009/12/22 15:13:00 | 000,077,824 | ---- | M] () -- C:\Program Files\FSP\FspLib.dll
MOD - [2009/10/29 02:15:22 | 000,307,200 | ---- | M] () -- C:\Program Files\Bluetooth Suite\BtvStack.exe
MOD - [2009/10/29 02:13:18 | 000,053,248 | ---- | M] () -- C:\Program Files\Bluetooth Suite\Sync.dll
MOD - [2009/10/29 02:13:12 | 000,040,960 | ---- | M] () -- C:\Program Files\Bluetooth Suite\BPP.DLL
MOD - [2009/10/29 02:13:06 | 000,073,728 | ---- | M] () -- C:\Program Files\Bluetooth Suite\Handsfree.dll
MOD - [2009/10/29 02:12:52 | 000,061,440 | ---- | M] () -- C:\Program Files\Bluetooth Suite\AthCopyHook.dll
MOD - [2009/10/29 02:12:46 | 000,049,152 | ---- | M] () -- C:\Program Files\Bluetooth Suite\BTBIP.DLL
MOD - [2009/10/29 02:11:24 | 000,061,440 | ---- | M] () -- C:\Program Files\Bluetooth Suite\GOEP.DLL
MOD - [2009/10/29 02:11:14 | 000,061,440 | ---- | M] () -- C:\Program Files\Bluetooth Suite\GOEP_SINGLE.DLL
MOD - [2009/10/29 02:11:02 | 000,065,536 | ---- | M] () -- C:\Program Files\Bluetooth Suite\GOEP_bpp.DLL
MOD - [2009/10/29 02:10:06 | 000,069,632 | ---- | M] () -- C:\Program Files\Bluetooth Suite\RfcommLib.dll
MOD - [2009/09/16 01:01:54 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/05/15 22:42:06 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/10 17:03:09 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/16 17:49:06 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.382.0\SeaPort.exe -- (BBUpdate)
SRV - [2012/04/16 17:49:06 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.382.0\BBSvc.exe -- (BBSvc)
SRV - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/20 10:32:42 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- E:\12E2Lastesttool0309(FT34)\Windows\FXDrv32.sys -- (FXDrv32)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\philippe\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\philippe\AppData\Local\Temp\FoxG1Driver.sys -- (__FOX__UNI_DRIVER__)
DRV - [2012/03/07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 01:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 01:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/03/18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2009/12/22 15:13:00 | 000,042,496 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2009/12/21 23:13:00 | 000,054,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009/10/23 20:03:58 | 000,282,112 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2009/10/22 17:49:24 | 000,049,152 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2009/10/22 17:46:14 | 000,205,312 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2009/10/21 21:58:16 | 000,033,280 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2009/10/21 17:42:30 | 000,117,760 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2009/10/20 19:02:38 | 000,020,480 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2009/10/05 18:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/26 00:22:04 | 000,038,272 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AthDfu.sys -- (AthDfu)
DRV - [2009/07/14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/10 15:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [1996/04/03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://global.hannspree.net/
IE - HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\..\SearchScopes\{83762C1A-BDED-41CE-8967-949372D92720}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\philippe\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\philippe\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/16 18:11:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/15 22:42:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/08/20 09:58:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe\AppData\Roaming\mozilla\Extensions
[2012/05/09 22:15:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe\AppData\Roaming\mozilla\Firefox\Profiles\c9xmxjfj.default\extensions
[2011/08/20 09:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/05/16 18:11:21 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/04/14 23:46:14 | 000,193,744 | ---- | M] () (No name found) -- C:\USERS\PHILIPPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C9XMXJFJ.DEFAULT\EXTENSIONS\{37FA1426-B82D-11DB-8314-0800200C9A66}.XPI
[2012/05/15 22:42:05 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/24 19:38:44 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/03/24 19:38:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/24 19:38:44 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/03/24 19:38:44 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012/03/24 19:38:44 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/03/24 19:38:44 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\philippe\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\philippe\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\philippe\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\philippe\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\

O1 HOSTS File: ([2012/05/17 17:05:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.382.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.382.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Bluetooth Suite\BtvStack.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4 - HKU\S-1-5-21-4007488331-1904091925-3465478802-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99B6243A-7F8B-4622-A306-7CBD338A355E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD48E03F-0CFA-4A4F-A1F7-BB132B9A6016}: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2012/05/26 14:34:50 | 000,000,000 | ---D | C] -- C:\Users\philippe\Desktop\erunt
[2012/05/26 14:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/05/26 14:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/05/26 14:26:33 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\philippe\Desktop\erunt-setup.exe
[2012/05/26 14:24:05 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\philippe\Desktop\OTL.exe
[2012/05/26 14:12:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/05/26 14:12:56 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/05/17 17:08:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/17 16:54:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/17 16:54:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/17 16:54:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/17 16:54:21 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/17 16:53:39 | 004,496,432 | R--- | C] (Swearware) -- C:\Users\philippe\Desktop\ComboFix.exe
[2012/05/17 16:53:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/17 16:52:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/16 21:40:35 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/05/16 21:22:09 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\CrashDumps
[2012/05/16 19:20:22 | 000,000,000 | ---D | C] -- C:\Users\philippe\Desktop\RK_Quarantine
[2012/05/16 19:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/05/16 18:11:35 | 000,337,880 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/05/16 18:11:35 | 000,020,696 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/05/16 18:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/05/16 18:11:32 | 000,612,184 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/05/16 18:11:32 | 000,057,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/05/16 18:11:32 | 000,053,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/05/16 18:11:32 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/05/16 18:11:09 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/05/16 18:11:08 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/05/16 18:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/05/16 18:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/05/15 23:55:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/05/15 23:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/05/15 23:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/05/15 23:27:08 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Roaming\Malwarebytes
[2012/05/15 23:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/15 23:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/15 23:27:00 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/15 23:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/15 22:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/15 22:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/13 17:27:36 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/13 17:27:35 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/13 17:27:34 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/13 17:27:12 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

========== Files - Modified Within 30 Days ==========

[2012/05/26 15:09:01 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/05/26 15:03:50 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4007488331-1904091925-3465478802-1000UA.job
[2012/05/26 15:03:01 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/26 14:32:30 | 000,001,088 | ---- | M] () -- C:\Users\philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/05/26 14:32:25 | 000,000,908 | ---- | M] () -- C:\Users\philippe\Desktop\NTREGOPT.lnk
[2012/05/26 14:32:25 | 000,000,889 | ---- | M] () -- C:\Users\philippe\Desktop\ERUNT.lnk
[2012/05/26 14:27:05 | 000,005,024 | ---- | M] () -- C:\Users\philippe\Desktop\erunt-loc_fr.zip
[2012/05/26 14:26:34 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\philippe\Desktop\erunt-setup.exe
[2012/05/26 14:23:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\philippe\Desktop\OTL.exe
[2012/05/26 14:15:30 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/26 14:15:30 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/26 14:12:56 | 000,002,979 | ---- | M] () -- C:\Users\philippe\Desktop\HiJackThis.lnk
[2012/05/26 14:12:35 | 000,704,480 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/05/26 14:12:35 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/26 14:12:35 | 000,130,754 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/05/26 14:12:35 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/26 14:07:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/26 14:07:24 | 1582,424,064 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/17 17:05:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/17 16:53:53 | 004,496,432 | R--- | M] (Swearware) -- C:\Users\philippe\Desktop\ComboFix.exe
[2012/05/16 21:40:24 | 294,199,427 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/16 18:11:35 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/05/16 18:11:32 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/05/15 23:55:31 | 000,001,254 | ---- | M] () -- C:\Users\philippe\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/15 23:55:31 | 000,001,230 | ---- | M] () -- C:\Users\philippe\Desktop\Spybot - Search & Destroy.lnk
[2012/05/15 23:27:01 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/15 23:23:01 | 000,227,217 | ---- | M] () -- C:\Users\philippe\AppData\Local\census.cache
[2012/05/15 23:22:47 | 000,110,828 | ---- | M] () -- C:\Users\philippe\AppData\Local\ars.cache
[2012/05/15 23:13:56 | 000,000,036 | ---- | M] () -- C:\Users\philippe\AppData\Local\housecall.guid.cache
[2012/05/14 20:47:56 | 000,266,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/10 17:03:06 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/10 17:03:06 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/05/26 15:09:01 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/05/26 14:32:30 | 000,001,088 | ---- | C] () -- C:\Users\philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/05/26 14:32:25 | 000,000,908 | ---- | C] () -- C:\Users\philippe\Desktop\NTREGOPT.lnk
[2012/05/26 14:32:25 | 000,000,889 | ---- | C] () -- C:\Users\philippe\Desktop\ERUNT.lnk
[2012/05/26 14:27:05 | 000,005,024 | ---- | C] () -- C:\Users\philippe\Desktop\erunt-loc_fr.zip
[2012/05/26 14:12:56 | 000,002,979 | ---- | C] () -- C:\Users\philippe\Desktop\HiJackThis.lnk
[2012/05/17 16:54:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/17 16:54:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/17 16:54:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/17 16:54:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/17 16:54:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/16 21:40:24 | 294,199,427 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/05/16 18:11:35 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/05/15 23:55:31 | 000,001,254 | ---- | C] () -- C:\Users\philippe\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/15 23:55:31 | 000,001,230 | ---- | C] () -- C:\Users\philippe\Desktop\Spybot - Search & Destroy.lnk
[2012/05/15 23:27:01 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/15 23:23:01 | 000,227,217 | ---- | C] () -- C:\Users\philippe\AppData\Local\census.cache
[2012/05/15 23:22:47 | 000,110,828 | ---- | C] () -- C:\Users\philippe\AppData\Local\ars.cache
[2012/05/15 23:13:56 | 000,000,036 | ---- | C] () -- C:\Users\philippe\AppData\Local\housecall.guid.cache

========== LOP Check ==========

[2012/03/25 22:10:23 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\COWON
[2012/04/14 23:44:49 | 000,032,494 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CTFMON.EXE >
[2009/07/14 03:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\ERDNT\cache\ctfmon.exe
[2009/07/14 03:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\System32\ctfmon.exe
[2009/07/14 03:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: IASTOR.SYS >
[2009/11/20 11:36:00 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/11/20 11:36:00 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys

< MD5 for: IASTORV.SYS >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WININIT.EXE >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2012/05/16 21:37:57 | 001,012,656 | ---- | M] () MD5=C7D040F4C3C0214B460AABDE52BE9189 -- C:\Users\philippe\Downloads\WiNlOgOn.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >
Philelip
 
Messages: 9
Inscription: 26 Mai 2012, 13:04

Re: Demande d'aide (rogue ?)

Messagede Philelip » 26 Mai 2012, 15:12

OTL logfile created on: 5/26/2012 3:06:02 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\philippe\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1.97 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.96% Memory free
3.93 Gb Paging File | 3.03 Gb Available in Paging File | 77.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 22.31 Gb Free Space | 57.10% Space Free | Partition Type: NTFS
Drive D: | 253.17 Gb Total Space | 229.89 Gb Free Space | 90.81% Space Free | Partition Type: NTFS

Computer Name: PHILIPPE-PC | User Name: philippe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/26 14:23:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\philippe\Desktop\OTL.exe
PRC - [2012/04/16 17:49:06 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.382.0\SeaPort.exe
PRC - [2012/03/07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/02/26 02:56:54 | 001,262,896 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
PRC - [2009/12/22 15:13:00 | 003,354,624 | ---- | M] (Sentelic Corporation) -- C:\Program Files\FSP\FspUip.exe
PRC - [2009/10/29 02:15:22 | 000,307,200 | ---- | M] () -- C:\Program Files\Bluetooth Suite\BtvStack.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | R-S- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2009/12/22 15:14:00 | 000,053,248 | ---- | M] () -- C:\Program Files\FSP\KbdHook.dll
MOD - [2009/12/22 15:13:00 | 000,077,824 | ---- | M] () -- C:\Program Files\FSP\FspLib.dll
MOD - [2009/10/29 02:15:22 | 000,307,200 | ---- | M] () -- C:\Program Files\Bluetooth Suite\BtvStack.exe
MOD - [2009/10/29 02:13:18 | 000,053,248 | ---- | M] () -- C:\Program Files\Bluetooth Suite\Sync.dll
MOD - [2009/10/29 02:13:12 | 000,040,960 | ---- | M] () -- C:\Program Files\Bluetooth Suite\BPP.DLL
MOD - [2009/10/29 02:13:06 | 000,073,728 | ---- | M] () -- C:\Program Files\Bluetooth Suite\Handsfree.dll
MOD - [2009/10/29 02:12:52 | 000,061,440 | ---- | M] () -- C:\Program Files\Bluetooth Suite\AthCopyHook.dll
MOD - [2009/10/29 02:12:46 | 000,049,152 | ---- | M] () -- C:\Program Files\Bluetooth Suite\BTBIP.DLL
MOD - [2009/10/29 02:11:24 | 000,061,440 | ---- | M] () -- C:\Program Files\Bluetooth Suite\GOEP.DLL
MOD - [2009/10/29 02:11:14 | 000,061,440 | ---- | M] () -- C:\Program Files\Bluetooth Suite\GOEP_SINGLE.DLL
MOD - [2009/10/29 02:11:02 | 000,065,536 | ---- | M] () -- C:\Program Files\Bluetooth Suite\GOEP_bpp.DLL
MOD - [2009/10/29 02:10:06 | 000,069,632 | ---- | M] () -- C:\Program Files\Bluetooth Suite\RfcommLib.dll
MOD - [2009/09/16 01:01:54 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/05/15 22:42:06 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/10 17:03:09 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/16 17:49:06 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.382.0\SeaPort.exe -- (BBUpdate)
SRV - [2012/04/16 17:49:06 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.382.0\BBSvc.exe -- (BBSvc)
SRV - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/20 10:32:42 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- E:\12E2Lastesttool0309(FT34)\Windows\FXDrv32.sys -- (FXDrv32)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\philippe\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\philippe\AppData\Local\Temp\FoxG1Driver.sys -- (__FOX__UNI_DRIVER__)
DRV - [2012/03/07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 01:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 01:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/03/18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2009/12/22 15:13:00 | 000,042,496 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2009/12/21 23:13:00 | 000,054,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009/10/23 20:03:58 | 000,282,112 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2009/10/22 17:49:24 | 000,049,152 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2009/10/22 17:46:14 | 000,205,312 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2009/10/21 21:58:16 | 000,033,280 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2009/10/21 17:42:30 | 000,117,760 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2009/10/20 19:02:38 | 000,020,480 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2009/10/05 18:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/26 00:22:04 | 000,038,272 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AthDfu.sys -- (AthDfu)
DRV - [2009/07/14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/10 15:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [1996/04/03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://global.hannspree.net/
IE - HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\..\SearchScopes\{83762C1A-BDED-41CE-8967-949372D92720}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\philippe\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\philippe\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/16 18:11:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/15 22:42:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/08/20 09:58:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe\AppData\Roaming\mozilla\Extensions
[2012/05/09 22:15:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philippe\AppData\Roaming\mozilla\Firefox\Profiles\c9xmxjfj.default\extensions
[2011/08/20 09:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/05/16 18:11:21 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/04/14 23:46:14 | 000,193,744 | ---- | M] () (No name found) -- C:\USERS\PHILIPPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C9XMXJFJ.DEFAULT\EXTENSIONS\{37FA1426-B82D-11DB-8314-0800200C9A66}.XPI
[2012/05/15 22:42:05 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/24 19:38:44 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/03/24 19:38:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/24 19:38:44 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/03/24 19:38:44 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012/03/24 19:38:44 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/03/24 19:38:44 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\philippe\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\philippe\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\philippe\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\philippe\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\

O1 HOSTS File: ([2012/05/17 17:05:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.382.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.382.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Bluetooth Suite\BtvStack.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4 - HKU\S-1-5-21-4007488331-1904091925-3465478802-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99B6243A-7F8B-4622-A306-7CBD338A355E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD48E03F-0CFA-4A4F-A1F7-BB132B9A6016}: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2012/05/26 14:34:50 | 000,000,000 | ---D | C] -- C:\Users\philippe\Desktop\erunt
[2012/05/26 14:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/05/26 14:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/05/26 14:26:33 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\philippe\Desktop\erunt-setup.exe
[2012/05/26 14:24:05 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\philippe\Desktop\OTL.exe
[2012/05/26 14:12:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/05/26 14:12:56 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/05/17 17:08:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/17 16:54:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/17 16:54:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/17 16:54:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/17 16:54:21 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/17 16:53:39 | 004,496,432 | R--- | C] (Swearware) -- C:\Users\philippe\Desktop\ComboFix.exe
[2012/05/17 16:53:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/17 16:52:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/16 21:40:35 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/05/16 21:22:09 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Local\CrashDumps
[2012/05/16 19:20:22 | 000,000,000 | ---D | C] -- C:\Users\philippe\Desktop\RK_Quarantine
[2012/05/16 19:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/05/16 18:11:35 | 000,337,880 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/05/16 18:11:35 | 000,020,696 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/05/16 18:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/05/16 18:11:32 | 000,612,184 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/05/16 18:11:32 | 000,057,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/05/16 18:11:32 | 000,053,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/05/16 18:11:32 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/05/16 18:11:09 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/05/16 18:11:08 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/05/16 18:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/05/16 18:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/05/15 23:55:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/05/15 23:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/05/15 23:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/05/15 23:27:08 | 000,000,000 | ---D | C] -- C:\Users\philippe\AppData\Roaming\Malwarebytes
[2012/05/15 23:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/15 23:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/15 23:27:00 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/15 23:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/15 22:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/15 22:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/13 17:27:36 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/13 17:27:35 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/13 17:27:34 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/13 17:27:12 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

========== Files - Modified Within 30 Days ==========

[2012/05/26 15:09:01 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/05/26 15:03:50 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4007488331-1904091925-3465478802-1000UA.job
[2012/05/26 15:03:01 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/26 14:32:30 | 000,001,088 | ---- | M] () -- C:\Users\philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/05/26 14:32:25 | 000,000,908 | ---- | M] () -- C:\Users\philippe\Desktop\NTREGOPT.lnk
[2012/05/26 14:32:25 | 000,000,889 | ---- | M] () -- C:\Users\philippe\Desktop\ERUNT.lnk
[2012/05/26 14:27:05 | 000,005,024 | ---- | M] () -- C:\Users\philippe\Desktop\erunt-loc_fr.zip
[2012/05/26 14:26:34 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\philippe\Desktop\erunt-setup.exe
[2012/05/26 14:23:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\philippe\Desktop\OTL.exe
[2012/05/26 14:15:30 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/26 14:15:30 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/26 14:12:56 | 000,002,979 | ---- | M] () -- C:\Users\philippe\Desktop\HiJackThis.lnk
[2012/05/26 14:12:35 | 000,704,480 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/05/26 14:12:35 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/26 14:12:35 | 000,130,754 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/05/26 14:12:35 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/26 14:07:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/26 14:07:24 | 1582,424,064 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/17 17:05:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/17 16:53:53 | 004,496,432 | R--- | M] (Swearware) -- C:\Users\philippe\Desktop\ComboFix.exe
[2012/05/16 21:40:24 | 294,199,427 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/16 18:11:35 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/05/16 18:11:32 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/05/15 23:55:31 | 000,001,254 | ---- | M] () -- C:\Users\philippe\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/15 23:55:31 | 000,001,230 | ---- | M] () -- C:\Users\philippe\Desktop\Spybot - Search & Destroy.lnk
[2012/05/15 23:27:01 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/15 23:23:01 | 000,227,217 | ---- | M] () -- C:\Users\philippe\AppData\Local\census.cache
[2012/05/15 23:22:47 | 000,110,828 | ---- | M] () -- C:\Users\philippe\AppData\Local\ars.cache
[2012/05/15 23:13:56 | 000,000,036 | ---- | M] () -- C:\Users\philippe\AppData\Local\housecall.guid.cache
[2012/05/14 20:47:56 | 000,266,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/10 17:03:06 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/10 17:03:06 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/05/26 15:09:01 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/05/26 14:32:30 | 000,001,088 | ---- | C] () -- C:\Users\philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/05/26 14:32:25 | 000,000,908 | ---- | C] () -- C:\Users\philippe\Desktop\NTREGOPT.lnk
[2012/05/26 14:32:25 | 000,000,889 | ---- | C] () -- C:\Users\philippe\Desktop\ERUNT.lnk
[2012/05/26 14:27:05 | 000,005,024 | ---- | C] () -- C:\Users\philippe\Desktop\erunt-loc_fr.zip
[2012/05/26 14:12:56 | 000,002,979 | ---- | C] () -- C:\Users\philippe\Desktop\HiJackThis.lnk
[2012/05/17 16:54:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/17 16:54:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/17 16:54:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/17 16:54:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/17 16:54:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/16 21:40:24 | 294,199,427 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/05/16 18:11:35 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/05/15 23:55:31 | 000,001,254 | ---- | C] () -- C:\Users\philippe\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/15 23:55:31 | 000,001,230 | ---- | C] () -- C:\Users\philippe\Desktop\Spybot - Search & Destroy.lnk
[2012/05/15 23:27:01 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/15 23:23:01 | 000,227,217 | ---- | C] () -- C:\Users\philippe\AppData\Local\census.cache
[2012/05/15 23:22:47 | 000,110,828 | ---- | C] () -- C:\Users\philippe\AppData\Local\ars.cache
[2012/05/15 23:13:56 | 000,000,036 | ---- | C] () -- C:\Users\philippe\AppData\Local\housecall.guid.cache

========== LOP Check ==========

[2012/03/25 22:10:23 | 000,000,000 | ---D | M] -- C:\Users\philippe\AppData\Roaming\COWON
[2012/04/14 23:44:49 | 000,032,494 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CTFMON.EXE >
[2009/07/14 03:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\ERDNT\cache\ctfmon.exe
[2009/07/14 03:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\System32\ctfmon.exe
[2009/07/14 03:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: IASTOR.SYS >
[2009/11/20 11:36:00 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/11/20 11:36:00 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys

< MD5 for: IASTORV.SYS >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WININIT.EXE >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2012/05/16 21:37:57 | 001,012,656 | ---- | M] () MD5=C7D040F4C3C0214B460AABDE52BE9189 -- C:\Users\philippe\Downloads\WiNlOgOn.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >
Philelip
 
Messages: 9
Inscription: 26 Mai 2012, 13:04

Re: Demande d'aide (rogue ?)

Messagede Philelip » 26 Mai 2012, 15:14

OTL Extras logfile created on: 5/26/2012 3:06:02 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\philippe\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1.97 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.96% Memory free
3.93 Gb Paging File | 3.03 Gb Available in Paging File | 77.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 22.31 Gb Free Space | 57.10% Space Free | Partition Type: NTFS
Drive D: | 253.17 Gb Total Space | 229.89 Gb Free Space | 90.81% Space Free | Partition Type: NTFS

Computer Name: PHILIPPE-PC | User Name: philippe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4007488331-1904091925-3465478802-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027B325C-5033-488A-AC00-761EEB2B323A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BD048C98-ECA5-4963-9F09-38A5B190F04D}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7212A682-2C3C-4F96-956D-B572674C91FE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{996CBF6E-FD1C-4329-8E9D-18F67317EE2A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CED86848-ABFB-4E48-96CE-5F549EA5F2CE}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{660D6E77-AADA-41E6-9E18-1300D4381FB7}" = OSD
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A9739666-2235-42F8-85D6-9B4005DC7951}" = Bing Bar
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic VX
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger Sensing Pad Driver
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Mozilla Firefox 12.0 (x86 fr)" = Mozilla Firefox 12.0 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SpeedFan" = SpeedFan (remove only)
"TVWiz" = Intel(R) TV Wizard
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4007488331-1904091925-3465478802-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/28/2012 3:21:29 PM | Computer Name = philippe-PC | Source = System Restore | ID = 8193
Description =

Error - 3/28/2012 3:21:43 PM | Computer Name = philippe-PC | Source = System Restore | ID = 8193
Description =

Error - 3/28/2012 3:21:58 PM | Computer Name = philippe-PC | Source = System Restore | ID = 8193
Description =

Error - 3/28/2012 3:22:16 PM | Computer Name = philippe-PC | Source = System Restore | ID = 8193
Description =

Error - 3/28/2012 3:23:13 PM | Computer Name = philippe-PC | Source = System Restore | ID = 8193
Description =

Error - 3/30/2012 1:47:12 PM | Computer Name = philippe-PC | Source = System Restore | ID = 8193
Description =

Error - 4/14/2012 2:33:06 PM | Computer Name = philippe-PC | Source = System Restore | ID = 8193
Description =

Error - 4/14/2012 2:43:49 PM | Computer Name = philippe-PC | Source = System Restore | ID = 8193
Description =

Error - 4/14/2012 2:43:50 PM | Computer Name = philippe-PC | Source = System Restore | ID = 8193
Description =

Error - 4/21/2012 5:31:28 PM | Computer Name = philippe-PC | Source = System Restore | ID = 8193
Description =

[ Media Center Events ]
Error - 5/17/2012 10:55:51 AM | Computer Name = philippe-PC | Source = MCUpdate | ID = 0
Description = 16:55:51 - Erreur de connexion à Internet. 16:55:51 - Impossible
de contacter le service..

Error - 5/17/2012 10:56:11 AM | Computer Name = philippe-PC | Source = MCUpdate | ID = 0
Description = 16:55:56 - Erreur de connexion à Internet. 16:55:56 - Impossible
de contacter le service..

[ System Events ]
Error - 4/25/2012 11:12:03 AM | Computer Name = philippe-PC | Source = BTHUSB | ID = 327697
Description = La carte locale Bluetooth a échoué d'une manière indéterminée et ne
sera pas utilisée. Le pilote a été déchargée.

Error - 4/25/2012 3:44:21 PM | Computer Name = philippe-PC | Source = BTHUSB | ID = 327697
Description = La carte locale Bluetooth a échoué d'une manière indéterminée et ne
sera pas utilisée. Le pilote a été déchargée.

Error - 4/25/2012 5:01:06 PM | Computer Name = philippe-PC | Source = BTHUSB | ID = 327697
Description = La carte locale Bluetooth a échoué d'une manière indéterminée et ne
sera pas utilisée. Le pilote a été déchargée.

Error - 4/25/2012 5:27:37 PM | Computer Name = philippe-PC | Source = BTHUSB | ID = 327697
Description = La carte locale Bluetooth a échoué d'une manière indéterminée et ne
sera pas utilisée. Le pilote a été déchargée.

Error - 4/25/2012 5:30:20 PM | Computer Name = philippe-PC | Source = BTHUSB | ID = 327697
Description = La carte locale Bluetooth a échoué d'une manière indéterminée et ne
sera pas utilisée. Le pilote a été déchargée.

Error - 4/25/2012 5:32:28 PM | Computer Name = philippe-PC | Source = BTHUSB | ID = 327697
Description = La carte locale Bluetooth a échoué d'une manière indéterminée et ne
sera pas utilisée. Le pilote a été déchargée.

Error - 4/26/2012 9:13:43 AM | Computer Name = philippe-PC | Source = ACPI | ID = 327693
Description =  : le contrôleur embarqué n’a pas répondu dans le délai imparti. Cette
erreur peut indiquer que le matériel ou le microprogramme du contrôleur embarqué
présente une erreur ou que le BIOS accède au contrôleur embarqué de manière incorrecte.
Contactez le fabricant de votre ordinateur afin de savoir si un BIOS mis à niveau
est disponible. Dans certains cas, cette erreur peut provoquer un fonctionnement
incorrect de l’application.

Error - 4/26/2012 10:44:31 AM | Computer Name = philippe-PC | Source = BTHUSB | ID = 327697
Description = La carte locale Bluetooth a échoué d'une manière indéterminée et ne
sera pas utilisée. Le pilote a été déchargée.

Error - 4/28/2012 8:02:43 AM | Computer Name = philippe-PC | Source = ACPI | ID = 327693
Description =  : le contrôleur embarqué n’a pas répondu dans le délai imparti. Cette
erreur peut indiquer que le matériel ou le microprogramme du contrôleur embarqué
présente une erreur ou que le BIOS accède au contrôleur embarqué de manière incorrecte.
Contactez le fabricant de votre ordinateur afin de savoir si un BIOS mis à niveau
est disponible. Dans certains cas, cette erreur peut provoquer un fonctionnement
incorrect de l’application.

Error - 4/29/2012 9:47:31 AM | Computer Name = philippe-PC | Source = ACPI | ID = 327693
Description =  : le contrôleur embarqué n’a pas répondu dans le délai imparti. Cette
erreur peut indiquer que le matériel ou le microprogramme du contrôleur embarqué
présente une erreur ou que le BIOS accède au contrôleur embarqué de manière incorrecte.
Contactez le fabricant de votre ordinateur afin de savoir si un BIOS mis à niveau
est disponible. Dans certains cas, cette erreur peut provoquer un fonctionnement
incorrect de l’application.


< End of report >
Philelip
 
Messages: 9
Inscription: 26 Mai 2012, 13:04

Re: Demande d'aide (rogue ?)

Messagede nickW » 26 Mai 2012, 20:34

Bonsoir,

Petit extrait du guide officiel de ComboFix:

Vous ne devez pas utiliser ComboFix sans qu'un assistant vous demande expressément de le faire.


Donc, qui t'a demandé d'utiliser ComboFix?


Que contiennent les rapports d'analyse/de nettoyage des outils suivants:

*- ComboFix
*- RogueKiller
*- RKill
*- MBAM lorsqu'il a découvert et supprimé quelque chose


Quel est le nom du programme "miraculeux" qui veut s'installer pour nettoyer le PC?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: Demande d'aide (rogue ?)

Messagede Philelip » 27 Mai 2012, 00:23

Bonsoir,

les rapports dont je dispose :

- Combofix :

ComboFix 12-05-17.05 - philippe 27/05/2012 0:58.2.2 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.2012.1213 [GMT 2:00]
Lancé depuis: c:\users\philippe\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- Mode FONCTIONNALITES REDUITES -
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Utility
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-04-26 au 2012-05-26 ))))))))))))))))))))))))))))))))))))
.
.
2012-05-26 22:59 . 2012-05-26 22:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-26 13:09 . 2012-05-26 13:09 512 ----a-w- C:\PhysicalMBR.bin
2012-05-26 12:32 . 2012-05-26 12:32 -------- d-----w- c:\program files\ERUNT
2012-05-26 12:22 . 2012-05-26 12:22 2306328 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-05-26 12:12 . 2012-05-26 12:12 388096 ----a-r- c:\users\philippe\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-26 12:12 . 2012-05-26 12:12 -------- d-----w- c:\program files\Trend Micro
2012-05-26 12:11 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{945539F6-737C-4158-A779-6580C6AF7149}\mpengine.dll
2012-05-26 12:11 . 2012-05-26 12:11 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-05-26 12:11 . 2012-05-26 12:11 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-05-16 19:22 . 2012-05-16 19:22 -------- d-----w- c:\users\philippe\AppData\Local\CrashDumps
2012-05-16 17:15 . 2012-05-16 17:15 -------- d-----w- c:\programdata\Kaspersky Lab
2012-05-16 16:11 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-05-16 16:11 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-05-16 16:11 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-16 16:11 . 2012-03-06 23:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-05-16 16:11 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-05-16 16:11 . 2012-03-06 23:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-05-16 16:11 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-05-16 16:11 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-16 16:10 . 2012-05-16 16:10 -------- d-----w- c:\programdata\AVAST Software
2012-05-16 16:10 . 2012-05-16 16:10 -------- d-----w- c:\program files\AVAST Software
2012-05-15 21:55 . 2012-05-16 00:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-15 21:55 . 2012-05-15 21:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-05-15 21:27 . 2012-05-15 21:27 -------- d-----w- c:\users\philippe\AppData\Roaming\Malwarebytes
2012-05-15 21:27 . 2012-05-15 21:27 -------- d-----w- c:\programdata\Malwarebytes
2012-05-15 21:27 . 2012-05-15 21:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-15 21:27 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-15 20:42 . 2012-05-15 20:42 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-15 20:42 . 2012-05-15 20:42 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-15 20:42 . 2012-05-15 20:42 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-13 15:27 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-13 15:27 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 15:27 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-13 15:27 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-13 15:27 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-13 15:27 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-13 15:27 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-13 15:27 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-13 15:27 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-13 15:27 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-09 21:17 . 2012-05-09 21:17 2306328 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-09 21:16 . 2012-05-09 21:16 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-09 21:16 . 2012-05-09 21:16 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-09 20:13 . 2012-05-09 20:22 8072272 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.382.0oemBingBarSetup-Partner.EXE
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-26 23:00 . 2012-05-26 23:00 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{945539F6-737C-4158-A779-6580C6AF7149}\offreg.dll
2012-05-10 15:03 . 2012-04-11 09:37 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-10 15:03 . 2011-08-20 07:42 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-24 18:16 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-03-01 05:46 . 2012-04-14 18:44 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-14 18:44 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-14 18:44 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-14 18:44 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 05:38 . 2012-04-14 18:33 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 03:52 . 2012-04-14 18:33 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-15 20:42 . 2011-08-20 07:58 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2009-10-29 307200]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-02-09 8505888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-17 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-17 151064]
"fspuip"="c:\program files\FSP\fspuip.exe" [2009-12-22 3354624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\users\philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe [2010-3-20 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 __FOX__UNI_DRIVER__;__FOX__UNI_DRIVER__;c:\users\philippe\AppData\Local\Temp\FoxG1Driver.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 257696]
R3 AthDfu;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2009-07-25 38272]
R3 FXDrv32;FXDrv32;e:\12e2lastesttool0309(ft34)\Windows\FXDrv32.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-15 129976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-20 1343400]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.382.0\BBSvc.exe [2012-04-16 193616]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2009-10-21 33280]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.382.0\SeaPort.exe [2012-04-16 240208]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2009-10-23 282112]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2009-10-20 20480]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2009-10-22 205312]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2009-10-21 117760]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2009-10-22 49152]
S3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [2009-12-22 42496]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-12-21 54784]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenu du dossier 'Tâches planifiées'
.
2012-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 15:03]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4007488331-1904091925-3465478802-1000Core.job
- c:\users\philippe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-20 08:17]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4007488331-1904091925-3465478802-1000UA.job
- c:\users\philippe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-20 08:17]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://global.hannspree.net/
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\users\philippe\AppData\Roaming\Mozilla\Firefox\Profiles\c9xmxjfj.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(2644)
c:\progra~1\SPYBOT~1\SDHelper.dll
.
Heure de fin: 2012-05-27 01:01:57
ComboFix-quarantined-files.txt 2012-05-26 23:01
ComboFix2.txt 2012-05-17 15:08
.
Avant-CF: 23 582 990 336 octets libres
Après-CF: 23 427 432 448 octets libres
.
- - End Of File - - 68CA8A9E45707FB17EF8D17797B43748

- Roguekiller :

RogueKiller V7.4.4 [08/05/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion- ... ntees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Demarrage : Mode normal
Utilisateur: philippe [Droits d'admin]
Mode: Recherche -- Date: 27/05/2012 01:13:02

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [CHARGE] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-22A23T0 +++++
--- User ---
[MBR] f7a1d74cf80b6df7a59c28e5ec901380
[BSP] 146326909a81e132f0b2cf43a3b8a539 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 6000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 12290048 | Size: 40000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 94210048 | Size: 259243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[1].txt >>
RKreport[1].txt


Quant au "logiciel", c'est Windows antivirus 2012.


Merci.
Philelip
 
Messages: 9
Inscription: 26 Mai 2012, 13:04

Re: Demande d'aide (rogue ?)

Messagede nickW » 27 Mai 2012, 22:34

Bonsoir,


1/ Pourrais-tu envoyer tous les rapports d'analyse/de nettoyage demandés:


*- 1er rapport de ComboFix

C:\Qoobox\ComboFix2.txt créé le 17/05/2012


*- rapport des fichiers mis en quarantaine par ComboFix

C:\Qoobox\ComboFix-quarantined-files.txt créé le 26/05/2012


*- rapport de RKill

C:\rkill.log



2/ Ensuite, nouvelle analyse:

Security Check (de screen317)
Télécharger SecurityCheck.exe depuis le lien ci-dessous:
http://screen317.spywareinfoforum.org/SecurityCheck.exe
Enregistrer ce fichier sur le Bureau.
Faire un double clic sur SecurityCheck.exe pour lancer l'outil.
Appuyer sur une touche quand cela est demandé.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant le résultat de l'analyse.
Enregistrer le fichier checkup.txt puis fermer le Bloc-notes.

Envoyer en réponse le contenu du fichier checkup.txt.




3/ Enfin, installer l'extension NoScript dans Firefox pour vérifier si les fenêtres en pop-up sont toujours présentes.
https://addons.mozilla.org/fr/firefox/addon/noscript/


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: Demande d'aide (rogue ?)

Messagede Philelip » 04 Juin 2012, 16:13

Bonjour,

ComboFix 12-05-17.05 - philippe 17/05/2012 16:55:59.1.2 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.2012.1336 [GMT 2:00]
Lancé depuis: c:\users\philippe\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Utility\OSD\__Init.exe
c:\program files\Utility\OSD\__Init.exe.manifest
c:\program files\Utility\OSD\__VistaVolumeDLL.dll
c:\program files\Utility\OSD\Bin\EasyWebcam\EasyWebcam.exe
c:\program files\Utility\OSD\Bin\EasyWebcam\Language\chs.dll
c:\program files\Utility\OSD\Bin\EasyWebcam\Language\cht.dll
c:\program files\Utility\OSD\DevLock.dll
c:\program files\Utility\OSD\Language\English.ini
c:\program files\Utility\OSD\Language\SChinese.ini
c:\program files\Utility\OSD\Language\TChinese.ini
c:\program files\Utility\OSD\Loader.dll
c:\program files\Utility\OSD\Loader.exe
c:\program files\Utility\OSD\Loader.exe.manifest
c:\program files\Utility\OSD\OSD.exe
c:\program files\Utility\OSD\OSD.log
c:\program files\Utility\OSD\OSDKiller.exe
c:\program files\Utility\OSD\OSDSettings.exe
c:\program files\Utility\OSD\OSDSettings.exe.manifest
c:\program files\Utility\OSD\OSDSettings.ini
c:\program files\Utility\OSD\Project\SZ903C.ini
c:\program files\Utility\OSD\Skins\3G-off.bmp
c:\program files\Utility\OSD\Skins\3G-on.bmp
c:\program files\Utility\OSD\Skins\3GOff.ini
c:\program files\Utility\OSD\Skins\3GOn.ini
c:\program files\Utility\OSD\Skins\Audio.ini
c:\program files\Utility\OSD\Skins\BluetoothOff.bmp
c:\program files\Utility\OSD\Skins\BluetoothOff.ini
c:\program files\Utility\OSD\Skins\BluetoothOn.bmp
c:\program files\Utility\OSD\Skins\BluetoothOn.ini
c:\program files\Utility\OSD\Skins\Bright-empty.bmp
c:\program files\Utility\OSD\Skins\Bright-Full.bmp
c:\program files\Utility\OSD\Skins\Bright.ini
c:\program files\Utility\OSD\Skins\CameraOff.bmp
c:\program files\Utility\OSD\Skins\CameraOff.ini
c:\program files\Utility\OSD\Skins\CameraOn.bmp
c:\program files\Utility\OSD\Skins\CameraOn.ini
c:\program files\Utility\OSD\Skins\ErrorMsg.bmp
c:\program files\Utility\OSD\Skins\ErrorMsg.ini
c:\program files\Utility\OSD\Skins\Mask.bmp
c:\program files\Utility\OSD\Skins\SupportID.ini
c:\program files\Utility\OSD\Skins\Thumbs.db
c:\program files\Utility\OSD\Skins\Touchpad-off.bmp
c:\program files\Utility\OSD\Skins\Touchpad-on.bmp
c:\program files\Utility\OSD\Skins\TouchpadOff.ini
c:\program files\Utility\OSD\Skins\TouchpadOn.ini
c:\program files\Utility\OSD\Skins\Volume-empty.bmp
c:\program files\Utility\OSD\Skins\Volume-full.bmp
c:\program files\Utility\OSD\Skins\VolumeOff.bmp
c:\program files\Utility\OSD\Skins\VolumeOn.bmp
c:\program files\Utility\OSD\Skins\VolumnOff.ini
c:\program files\Utility\OSD\Skins\VolumnOn.ini
c:\program files\Utility\OSD\Skins\WindowPos.ini
c:\program files\Utility\OSD\Skins\WirelessOff.bmp
c:\program files\Utility\OSD\Skins\WirelessOff.ini
c:\program files\Utility\OSD\Skins\WirelessOn.bmp
c:\program files\Utility\OSD\Skins\WirelessOn.ini
c:\program files\Utility\OSD\UniDrv.dll
c:\program files\Utility\OSD\uninstall.ico
c:\program files\Utility\OSD\WMI.dll
c:\program files\Utility\OSD\wmirestart.bat
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-04-17 au 2012-05-17 ))))))))))))))))))))))))))))))))))))
.
.
2012-05-17 15:04 . 2012-05-17 15:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-17 14:59 . 2012-05-17 14:59 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9C24229-77F9-4E7A-87A4-56A56D8FF0B4}\offreg.dll
2012-05-16 19:22 . 2012-05-16 19:22 -------- d-----w- c:\users\philippe\AppData\Local\CrashDumps
2012-05-16 17:15 . 2012-05-16 17:15 -------- d-----w- c:\programdata\Kaspersky Lab
2012-05-16 16:11 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-05-16 16:11 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-05-16 16:11 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-16 16:11 . 2012-03-06 23:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-05-16 16:11 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-05-16 16:11 . 2012-03-06 23:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-05-16 16:11 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-05-16 16:11 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-16 16:10 . 2012-05-16 16:10 -------- d-----w- c:\programdata\AVAST Software
2012-05-16 16:10 . 2012-05-16 16:10 -------- d-----w- c:\program files\AVAST Software
2012-05-15 21:55 . 2012-05-16 00:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-15 21:55 . 2012-05-15 21:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-05-15 21:27 . 2012-05-15 21:27 -------- d-----w- c:\users\philippe\AppData\Roaming\Malwarebytes
2012-05-15 21:27 . 2012-05-15 21:27 -------- d-----w- c:\programdata\Malwarebytes
2012-05-15 21:27 . 2012-05-15 21:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-15 21:27 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-15 20:42 . 2012-05-15 20:42 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-15 20:42 . 2012-05-15 20:42 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-15 20:42 . 2012-05-15 20:42 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-15 20:41 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9C24229-77F9-4E7A-87A4-56A56D8FF0B4}\mpengine.dll
2012-05-13 15:27 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-13 15:27 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 15:27 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-13 15:27 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-13 15:27 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-13 15:27 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-13 15:27 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-13 15:27 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-13 15:27 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-13 15:27 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-09 21:17 . 2012-05-09 21:17 2306328 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-09 21:16 . 2012-05-09 21:16 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-09 21:16 . 2012-05-09 21:16 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-09 20:13 . 2012-05-09 20:22 8072272 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.382.0oemBingBarSetup-Partner.EXE
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-10 15:03 . 2012-04-11 09:37 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-10 15:03 . 2011-08-20 07:42 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-24 18:16 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-03-01 05:46 . 2012-04-14 18:44 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-14 18:44 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-14 18:44 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-14 18:44 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 05:38 . 2012-04-14 18:33 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 03:52 . 2012-04-14 18:33 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 08:18 . 2011-08-27 20:57 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 20:42 . 2011-08-20 07:58 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2009-10-29 307200]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-02-09 8505888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-17 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-17 151064]
"fspuip"="c:\program files\FSP\fspuip.exe" [2009-12-22 3354624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe [2010-3-20 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 257696]
R3 AthDfu;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2009-07-25 38272]
R3 FXDrv32;FXDrv32;e:\12e2lastesttool0309(ft34)\Windows\FXDrv32.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-15 129976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-20 1343400]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.382.0\BBSvc.exe [2012-04-16 193616]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 __FOX__UNI_DRIVER__;__FOX__UNI_DRIVER__;c:\users\philippe\AppData\Local\Temp\FoxG1Driver.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2009-10-21 33280]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.382.0\SeaPort.exe [2012-04-16 240208]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2009-10-23 282112]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2009-10-20 20480]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2009-10-22 205312]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2009-10-21 117760]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2009-10-22 49152]
S3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [2009-12-22 42496]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-12-21 54784]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenu du dossier 'Tâches planifiées'
.
2012-05-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 15:03]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4007488331-1904091925-3465478802-1000Core.job
- c:\users\philippe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-20 08:17]
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4007488331-1904091925-3465478802-1000UA.job
- c:\users\philippe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-20 08:17]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://global.hannspree.net/
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\users\philippe\AppData\Roaming\Mozilla\Firefox\Profiles\c9xmxjfj.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2012-05-17 17:08:34
ComboFix-quarantined-files.txt 2012-05-17 15:08
.
Avant-CF: 23 863 992 320 octets libres
Après-CF: 23 795 752 960 octets libres
.
- - End Of File - - 659395B4CA3F0BE24E3D31D02C8E9B08

===================================================

2012-05-17 15:01:49 . 2012-05-17 15:01:49 10,441 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-05-17 14:53:16 . 2012-05-26 22:58:35 175 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-03-20 18:43:19 . 2010-03-08 15:32:32 60,416 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Bin\EasyWebcam\Language\cht.dll.vir
2010-03-20 18:43:19 . 2010-03-08 15:31:20 60,416 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Bin\EasyWebcam\Language\chs.dll.vir
2010-03-20 18:43:19 . 2010-03-08 15:37:02 450,048 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Bin\EasyWebcam\EasyWebcam.exe.vir
2010-03-20 18:43:19 . 2010-03-08 15:16:16 892 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Project\SZ903C.ini.vir
2010-03-20 18:43:19 . 2009-10-27 15:49:00 47,432 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\CameraOn.bmp.vir
2010-03-20 18:43:19 . 2009-10-29 17:00:28 216 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\CameraOn.ini.vir
2010-03-20 18:43:19 . 2009-10-29 16:57:22 228 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\BluetoothOn.ini.vir
2010-03-20 18:43:19 . 2009-10-27 15:49:00 47,432 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\CameraOff.bmp.vir
2010-03-20 18:43:19 . 2009-10-29 16:59:30 220 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\CameraOff.ini.vir
2010-03-20 18:43:19 . 2009-10-27 15:49:00 47,432 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\BluetoothOff.bmp.vir
2010-03-20 18:43:19 . 2009-10-29 16:54:58 232 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\BluetoothOff.ini.vir
2010-03-20 18:43:19 . 2009-10-27 15:49:00 47,432 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\BluetoothOn.bmp.vir
2010-03-20 18:43:19 . 2012-05-17 14:46:53 2,662 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\SupportID.ini.vir
2010-03-20 18:43:19 . 2008-07-10 18:54:00 47,432 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\ErrorMsg.bmp.vir
2010-03-20 18:43:19 . 2009-07-10 18:12:58 216 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\ErrorMsg.ini.vir
2010-03-20 18:43:19 . 2009-06-29 16:50:36 279 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\WirelessOn.ini.vir
2010-03-20 18:43:19 . 2009-06-29 16:59:50 47,430 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\WirelessOff.bmp.vir
2010-03-20 18:43:19 . 2009-06-29 16:50:32 283 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\WirelessOff.ini.vir
2010-03-20 18:43:19 . 2009-06-29 16:59:58 47,430 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\WirelessOn.bmp.vir
2010-03-20 18:43:19 . 2009-06-29 16:59:38 47,430 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\VolumeOn.bmp.vir
2010-03-20 18:43:19 . 2009-06-29 16:50:20 275 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\VolumnOff.ini.vir
2010-03-20 18:43:19 . 2009-06-29 16:50:26 271 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\VolumnOn.ini.vir
2010-03-20 18:43:19 . 2009-11-04 15:24:54 623 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\WindowPos.ini.vir
2010-03-20 18:43:19 . 2009-06-29 17:01:58 47,430 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\Volume-empty.bmp.vir
2010-03-20 18:43:19 . 2009-05-21 09:03:10 47,432 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\Volume-full.bmp.vir
2010-03-20 18:43:19 . 2009-06-29 16:59:30 47,430 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\VolumeOff.bmp.vir
2010-03-20 18:43:19 . 2009-06-29 16:59:20 47,430 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\Touchpad-on.bmp.vir
2010-03-20 18:43:19 . 2009-06-29 16:50:10 291 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\TouchpadOff.ini.vir
2010-03-20 18:43:19 . 2009-06-29 16:50:14 283 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\TouchpadOn.ini.vir
2010-03-20 18:43:19 . 2009-10-29 16:48:26 98,304 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\Thumbs.db.vir
2010-03-20 18:43:19 . 2009-06-29 16:59:10 47,430 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\Touchpad-off.bmp.vir
2010-03-20 18:43:19 . 2009-06-29 17:03:00 47,430 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\Bright-empty.bmp.vir
2010-03-20 18:43:19 . 2009-05-21 09:03:30 47,432 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\Bright-Full.bmp.vir
2010-03-20 18:43:19 . 2009-05-21 07:09:00 16,954 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\Mask.bmp.vir
2010-03-20 18:43:19 . 2009-06-29 16:58:56 47,430 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\3G-on.bmp.vir
2010-03-20 18:43:19 . 2009-06-29 16:49:42 261 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\3GOn.ini.vir
2010-03-20 18:43:19 . 2009-06-29 17:01:44 285 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\Audio.ini.vir
2010-03-20 18:43:19 . 2009-06-29 17:03:10 285 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\Bright.ini.vir
2010-03-20 18:43:19 . 2010-01-05 16:38:50 748 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Language\TChinese.ini.vir
2010-03-20 18:43:19 . 2009-06-29 16:58:46 47,430 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\3G-off.bmp.vir
2010-03-20 18:43:19 . 2009-06-29 16:49:36 263 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Skins\3GOff.ini.vir
2010-03-20 18:43:19 . 2010-01-05 16:38:30 945 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Language\English.ini.vir
2010-03-20 18:43:19 . 2010-01-05 16:38:16 748 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Language\SChinese.ini.vir
2010-03-20 18:43:19 . 2010-03-08 15:35:12 126,976 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\OSD.exe.vir
2010-03-20 18:43:19 . 2012-05-17 14:47:03 659 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\OSD.log.vir
2010-03-20 18:43:19 . 2010-01-14 22:21:22 794 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\OSDSettings.exe.manifest.vir
2010-03-20 18:43:19 . 2010-01-15 17:30:44 789 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\__Init.exe.manifest.vir
2010-03-20 18:43:19 . 2010-02-06 15:56:24 118,784 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\OSDSettings.exe.vir
2010-03-20 18:43:19 . 2012-05-17 14:46:53 161 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\OSDSettings.ini.vir
2010-03-20 18:43:19 . 2009-06-02 17:58:50 98,304 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\UniDrv.dll.vir
2010-03-20 18:43:19 . 2010-03-08 23:53:54 40,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\OSDKiller.exe.vir
2010-03-20 18:43:19 . 2009-03-06 07:08:50 290,911 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\DevLock.dll.vir
2010-03-20 18:43:19 . 2009-01-13 15:34:00 201,728 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\__VistaVolumeDLL.dll.vir
2010-03-20 18:43:19 . 2009-05-23 07:44:00 77,824 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\WMI.dll.vir
2010-03-20 18:43:19 . 2009-07-14 00:26:00 91 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\wmirestart.bat.vir
2010-03-20 18:43:19 . 2009-08-17 18:41:30 40,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\__Init.exe.vir
2010-03-20 18:43:19 . 2010-02-06 15:57:22 78 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Loader.dll.vir
2010-03-20 18:43:19 . 2008-09-29 07:35:06 789 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Loader.exe.manifest.vir
2010-03-20 18:43:19 . 2009-02-06 16:23:00 27,184 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\Loader.exe.vir
2010-03-20 18:43:19 . 2005-12-09 09:46:00 3,262 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Utility\OSD\uninstall.ico.vir

================================================

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 27/05/2012 at 1:30:02.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 27/05/2012 at 1:30:08.

===================================================================

Voilà ce que j'ai trouvé, j'espère que cela suffira.
Philelip
 
Messages: 9
Inscription: 26 Mai 2012, 13:04

Re: Demande d'aide (rogue ?)

Messagede Philelip » 04 Juin 2012, 16:40

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.61.0.1400
Adobe Flash Player 11.2.202.235
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0)
Google Chrome 18.0.1025.168
Google Chrome 19.0.1084.52
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Philelip
 
Messages: 9
Inscription: 26 Mai 2012, 13:04

Re: Demande d'aide (rogue ?)

Messagede Philelip » 04 Juin 2012, 16:44

Quant à l'addon Firefox, je n'arrive pas à faire quoi que ce soit sous Firefox. Je suis bloqué sur la page publicitaire.

Je n'arrive pas à le télécharger depuis Firefox.


Bonne soirée.
Philelip
 
Messages: 9
Inscription: 26 Mai 2012, 13:04

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 12 invités