[OK] PC infecté (srvklw32.exe a priori...)

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[OK] PC infecté (srvklw32.exe a priori...)

Messagede niko » 08 Juil 2010, 22:35

Bonsoir,

En me connectant aujourd'hui et en cliquant sur un lien publicitaire, j'ai été infecté par un malware, avast a détecté quelque chose mais ne peut l'éradiquer. Cela envoie apparemment des dizaines (centaines de spams) je ne sais où...
J'ai identifié le fichier srvklw32.exe grâce à HiJackthis mais ne suis pas sûr que ce soit bien ça bien qu'en recherchant sur internet, ce fichier est connu par Prevx qui peut me le supprimer moyennant quelques dizaines d'Euros !

Avant d'en arriver là, je passe vous voir connaissant vos grandes compétences.

Je joins les logs demandés.

Merci pour votre aide.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4293

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

08/07/2010 21:46:09
mbam-log-2010-07-08 (21-46-09).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 139171
Temps écoulé: 12 minute(s), 55 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Winsudate (Adware.GibMedia) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Win XP SP2 HE - Firefox - Thunderbird - ZoneAlarm - Avast 4.6 - Spybot S&D - Ad Aware SE - SpywareBlaster - CWShredder - HijackThis
Avatar de l’utilisateur
niko
 
Messages: 69
Inscription: 28 Jan 2005, 10:06
Localisation: Ouest de la France

Messagede niko » 08 Juil 2010, 22:37

OTL logfile created on: 08/07/2010 21:50:07 - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\Nicolas\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 023,00 Mb Total Physical Memory | 492,00 Mb Available Physical Memory | 48,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 226,87 Gb Total Space | 149,47 Gb Free Space | 65,88% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 209,15 Gb Free Space | 89,81% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICOLASC
Current User Name: Nicolas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/08 21:22:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicolas\Bureau\OTL.exe
PRC - [2010/07/08 20:19:11 | 006,384,592 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe
PRC - [2009/11/25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2007/12/13 20:27:10 | 000,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2007/12/13 20:27:10 | 000,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/06/13 15:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/28 11:11:42 | 000,737,379 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
PRC - [2005/01/28 11:11:40 | 000,024,576 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
PRC - [2005/01/07 12:01:52 | 000,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe
PRC - [2004/12/14 22:04:04 | 000,110,682 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
PRC - [2004/12/14 22:03:48 | 000,176,220 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
PRC - [2004/08/04 00:55:02 | 000,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slserv.exe
PRC - [2003/06/20 09:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2003/05/02 11:31:50 | 000,024,576 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\ABOARD.EXE
PRC - [2003/05/02 11:31:38 | 000,069,632 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\AOSD.EXE


========== Modules (SafeList) ==========

MOD - [2010/07/08 21:22:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicolas\Bureau\OTL.exe
MOD - [2008/04/15 19:56:59 | 001,724,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
MOD - [2007/10/19 13:19:10 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcInj.dll
MOD - [2006/08/25 17:51:12 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2004/08/05 14:00:00 | 002,986,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll
MOD - [2004/08/05 14:00:00 | 001,004,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msgina.dll
MOD - [2004/08/05 14:00:00 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mlang.dll
MOD - [2004/08/05 14:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbc32.dll
MOD - [2004/08/05 14:00:00 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2004/08/05 14:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/08/05 14:00:00 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbcint.dll
MOD - [2004/08/05 14:00:00 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2004/08/05 14:00:00 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sti.dll
MOD - [2004/08/05 14:00:00 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shgina.dll
MOD - [2004/08/05 14:00:00 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2004/08/05 14:00:00 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2004/08/05 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2004/08/05 14:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cfgmgr32.dll
MOD - [2004/08/05 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2004/08/05 14:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/08 20:19:11 | 006,384,592 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/11/25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/08/18 17:53:59 | 000,611,664 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007/12/13 20:27:10 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2007/10/19 13:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/08/05 20:39:27 | 000,352,768 | ---- | M] (GRISOFT, s.r.o.) [Disabled | Stopped] -- C:\Program Files\Grisoft\AVG7\avgemc.exe -- (AVGEMS)
SRV - [2007/08/05 20:36:55 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [On_Demand | Stopped] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)
SRV - [2007/05/06 17:16:19 | 000,353,280 | ---- | M] (GRISOFT, s.r.o.) [Disabled | Stopped] -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt)
SRV - [2006/11/10 22:23:36 | 000,049,664 | ---- | M] (GRISOFT, s.r.o.) [On_Demand | Stopped] -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc)
SRV - [2005/01/28 11:11:40 | 000,024,576 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/01/07 12:01:52 | 000,049,152 | ---- | M] () [Auto | Running] -- c:\APPS\HIDSERVICE\HidService.exe -- (GenericHidService)
SRV - [2004/12/14 22:04:04 | 000,110,682 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2004/12/14 22:03:48 | 000,176,220 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/08/04 00:55:02 | 000,073,796 | ---- | M] (Smart Link) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2003/12/15 02:37:12 | 002,252,800 | ---- | M] () [On_Demand | Stopped] -- c:\mysql\bin\mysqld-nt.exe -- (MysqlInventime)
SRV - [2003/06/20 09:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2010/07/08 20:19:12 | 000,061,752 | ---- | M] (Prevx) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pxrts.sys -- (pxrts)
DRV - [2010/07/08 20:19:12 | 000,030,320 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2010/07/08 20:19:12 | 000,024,400 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pxkbf.sys -- (pxkbf)
DRV - [2009/11/25 01:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/05/03 19:19:19 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007/12/13 20:27:14 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/10/19 13:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap)
DRV - [2007/10/18 21:18:44 | 000,051,176 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2007/10/11 18:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/10/11 18:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2007/08/05 20:39:24 | 000,820,928 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core)
DRV - [2007/08/05 20:36:31 | 000,011,000 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver)
DRV - [2007/07/19 16:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2007/07/03 17:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 17:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 17:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/05/12 02:31:46 | 000,022,560 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2007/05/12 02:31:34 | 003,580,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC)
DRV - [2007/05/12 02:31:20 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/12 02:30:02 | 001,921,184 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/03/18 19:05:37 | 000,027,776 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP)
DRV - [2006/11/10 22:23:39 | 000,004,224 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW)
DRV - [2006/11/10 22:23:37 | 000,004,960 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\avgtdi.sys -- (AvgTdi)
DRV - [2006/11/10 22:23:37 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgclean.sys -- (AvgClean)
DRV - [2006/09/05 18:03:16 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)
DRV - [2005/12/09 15:37:42 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005/10/01 10:36:00 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\hardwaredetection\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2005/01/28 20:06:50 | 000,974,336 | ---- | M] (ASUSTek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2004/09/16 11:21:18 | 002,257,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/08/12 11:40:00 | 002,627,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2004/08/03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 22:41:46 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/08/03 22:41:46 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2004/08/03 22:41:44 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/08/03 22:41:40 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/08/03 22:41:40 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/08/03 22:41:40 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent)
DRV - [2004/08/03 22:41:38 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/03/17 15:12:12 | 000,135,168 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/03/17 15:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/12/31 11:58:46 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2001/08/23 17:04:44 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 22:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 22:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 22:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 22:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 22:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 21:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 21:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 21:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 21:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 21:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 21:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 21:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 21:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 21:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 21:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2420213333-276562005-968734146-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2420213333-276562005-968734146-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2420213333-276562005-968734146-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2420213333-276562005-968734146-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2420213333-276562005-968734146-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Wibeez"
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: fr-FR@dictionaries.addons.mozilla.org:3.5
FF - prefs.js..extensions.enabledItems: fr@dictionaries.addons.mozilla.org:3.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://www.wibeez.com/france?search&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/08 18:57:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/08 18:57:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/22 19:34:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/07/08 16:56:51 | 000,000,000 | ---D | M]

[2008/08/30 10:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Extensions
[2010/07/08 17:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\lezuz9vt.default\extensions
[2010/04/27 20:55:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\lezuz9vt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/27 20:55:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\lezuz9vt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/17 08:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\lezuz9vt.default\extensions\fr@dictionaries.addons.mozilla.org
[2007/09/21 21:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\lezuz9vt.default\extensions\fr-FR@dico_vazkor
[2010/02/17 08:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\lezuz9vt.default\extensions\fr-FR@dictionaries.addons.mozilla.org
[2010/01/01 18:21:37 | 000,003,709 | ---- | M] () -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\lezuz9vt.default\searchplugins\Wibeez.xml
[2010/07/08 17:27:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2005/10/03 17:49:00 | 001,593,344 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\nphardwaredetection.dll
[2010/03/22 20:12:45 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/03/22 20:12:45 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/03/22 20:12:45 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2008/08/30 10:13:54 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/03/22 20:12:45 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/03/27 17:18:38 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/05/06 21:04:34 | 000,398,569 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 babe.the-killer.bz
O1 - Hosts: 127.0.0.1 babe.k-lined.com
O1 - Hosts: 127.0.0.1 did.i-used.cc
O1 - Hosts: 127.0.0.1 coolwwwsearch.com
O1 - Hosts: 127.0.0.1 coolwebsearch.com
O1 - Hosts: 127.0.0.1 hi.studioaperto.net
O1 - Hosts: 127.0.0.1 www.webbrowser.tv
O1 - Hosts: 127.0.0.1 www.wazzupnet.com
O1 - Hosts: 127.0.0.1 gueb.com
O1 - Hosts: 127.0.0.1 kabex.com
O1 - Hosts: 127.0.0.1 www.hityou.com
O1 - Hosts: 127.0.0.1 miosearch.com
O1 - Hosts: 127.0.0.1 wazzupnet.com
O1 - Hosts: 127.0.0.1 213.131.225.2
O1 - Hosts: 127.0.0.1 www.blue-elefant.com
O1 - Hosts: 127.0.0.1 babeweb.de
O1 - Hosts: 127.0.0.1 start-seite.com
O1 - Hosts: 127.0.0.1 sexolymp.com
O1 - Hosts: 127.0.0.1 toriii.cc
O1 - Hosts: 127.0.0.1 www.xtipp.de
O1 - Hosts: 127.0.0.1 urawa.cool.ne.jp
O1 - Hosts: 127.0.0.1 777search.com
O1 - Hosts: 127.0.0.1 ace-webmaster.com
O1 - Hosts: 127.0.0.1 aifind.info
O1 - Hosts: 13805 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (ECarteBleueBrowserHelper Class) - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SafeOnline BHO) - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll (Prevx)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKU\S-1-5-21-2420213333-276562005-968734146-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2420213333-276562005-968734146-1008\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2420213333-276562005-968734146-1008\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O4 - HKLM..\Run: [ACTIVBOARD] c:\APPS\ABOARD\ABOARD.EXE (NEC Computers International)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Nicolas\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Nicolas\Menu Démarrer\Programmes\Démarrage\srvklw32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2420213333-276562005-968734146-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2420213333-276562005-968734146-1008\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2420213333-276562005-968734146-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZI ... b32846.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9b8f844a-3f21-11db-9fbb-000feac520e1}\Shell - "" = AutoRun
O33 - MountPoints2\{9b8f844a-3f21-11db-9fbb-000feac520e1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/07/08 21:29:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/08 21:26:19 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/08 21:22:05 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nicolas\Bureau\OTL.exe
[2010/07/08 20:19:13 | 000,068,120 | ---- | C] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll
[2010/07/08 20:19:12 | 000,061,752 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/07/08 20:19:12 | 000,030,320 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/07/08 20:19:11 | 000,024,400 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/07/08 20:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2010/07/08 20:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/06/22 07:50:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nicolas\Recent
[2010/06/12 19:12:42 | 000,000,000 | ---D | C] -- C:\MSI3c7d1.tmp
[464 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/08 21:28:21 | 011,796,480 | -H-- | M] () -- C:\Documents and Settings\Nicolas\NTUSER.DAT
[2010/07/08 21:26:22 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\Nicolas\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/07/08 21:26:21 | 000,000,614 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\NTREGOPT.lnk
[2010/07/08 21:26:21 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\ERUNT.lnk
[2010/07/08 21:25:43 | 000,005,024 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\erunt-loc_fr.zip
[2010/07/08 21:22:26 | 000,000,371 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\scan.zip
[2010/07/08 21:22:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicolas\Bureau\OTL.exe
[2010/07/08 21:14:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/08 21:14:48 | 000,358,832 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/07/08 21:13:37 | 000,004,598 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/08 21:12:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/08 21:12:10 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/08 21:12:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/07/08 21:11:29 | 003,610,700 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/07/08 21:11:28 | 307,994,656 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/07/08 21:09:40 | 000,000,769 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/08 21:09:40 | 000,000,296 | RHS- | M] () -- C:\BOOT.INI
[2010/07/08 21:09:40 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/08 20:19:13 | 000,068,120 | ---- | M] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll
[2010/07/08 20:19:12 | 000,061,752 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/07/08 20:19:12 | 000,030,320 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/07/08 20:19:12 | 000,024,400 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/07/08 20:18:48 | 000,000,050 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/08 19:31:06 | 000,755,712 | ---- | M] () -- C:\WINDOWS\System32\drivers\bltsdm.sys
[2010/07/08 19:14:08 | 000,000,363 | ---- | M] () -- C:\Documents and Settings\Nicolas\.js
[2010/07/08 16:56:52 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/06/24 22:18:00 | 000,241,703 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\5358 b.PDF
[2010/06/24 22:17:06 | 000,070,363 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\5358 a.PDF
[2010/06/24 13:27:14 | 000,753,004 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\Salaire Stéphanie.pdf
[2010/06/24 13:23:29 | 000,705,248 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\Impôt Stéphanie.pdf
[2010/06/24 13:15:05 | 001,507,546 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\Relevés de compte Nicolas.pdf
[2010/06/24 13:02:21 | 001,095,805 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\Salaires Nicolas.pdf
[2010/06/24 12:58:07 | 000,422,519 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\Impôt Nicolas.pdf
[2010/06/23 21:56:06 | 000,091,136 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\vpm.xls
[2010/06/20 20:22:33 | 000,011,553 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\Frais FONCIA.ods
[2010/06/14 20:37:46 | 000,009,789 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\budget apport.ods
[2010/06/10 07:52:59 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\Nicolas\ntuser.ini
[2010/06/09 21:14:13 | 000,190,929 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\lotissement.jpg
[2010/06/09 21:11:34 | 000,197,483 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\Saint Pavace.jpg
[464 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/08 21:26:22 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\Nicolas\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/07/08 21:26:21 | 000,000,614 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\NTREGOPT.lnk
[2010/07/08 21:26:21 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\ERUNT.lnk
[2010/07/08 21:25:42 | 000,005,024 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\erunt-loc_fr.zip
[2010/07/08 21:22:25 | 000,000,371 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\scan.zip
[2010/07/08 20:18:48 | 000,000,050 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/07/08 20:12:00 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/08 19:18:05 | 000,755,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\bltsdm.sys
[2010/07/08 19:14:08 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Nicolas\.js
[2010/06/24 22:17:59 | 000,241,703 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\5358 b.PDF
[2010/06/24 22:17:05 | 000,070,363 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\5358 a.PDF
[2010/06/24 13:27:05 | 000,753,004 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\Salaire Stéphanie.pdf
[2010/06/24 13:23:19 | 000,705,248 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\Impôt Stéphanie.pdf
[2010/06/24 13:14:47 | 001,507,546 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\Relevés de compte Nicolas.pdf
[2010/06/24 13:02:10 | 001,095,805 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\Salaires Nicolas.pdf
[2010/06/24 12:58:00 | 000,422,519 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\Impôt Nicolas.pdf
[2010/06/16 21:27:16 | 000,091,136 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\vpm.xls
[2010/06/14 20:37:45 | 000,009,789 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\budget apport.ods
[2010/06/09 21:08:13 | 000,197,483 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\Saint Pavace.jpg
[2010/06/09 21:07:35 | 000,190,929 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\lotissement.jpg
[2009/12/13 19:10:48 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2009/02/11 21:38:52 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/03/31 23:25:46 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/03/21 22:30:08 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/21 22:28:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/03/21 22:28:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/03/21 22:28:20 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/10/11 18:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/05/13 19:45:56 | 000,000,057 | ---- | C] () -- C:\WINDOWS\DcmLtbox-WS.ini
[2007/04/01 10:00:17 | 000,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc040c.dll
[2007/04/01 10:00:17 | 000,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc040c.dll
[2006/11/12 14:41:43 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LineAudio.dll
[2006/09/07 22:40:44 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Relax.ini
[2006/09/07 22:34:42 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/04 18:26:09 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/06/18 19:43:22 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2006/01/21 15:00:22 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2006/01/21 15:00:10 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/01/02 17:45:14 | 000,000,069 | ---- | C] () -- C:\WINDOWS\gvcasinos.ini
[2005/10/08 12:31:03 | 000,001,201 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/09/19 17:29:41 | 000,260,096 | ---- | C] () -- C:\WINDOWS\System32\cp21_comeai.dll
[2005/09/19 17:29:41 | 000,226,304 | ---- | C] () -- C:\WINDOWS\System32\cp21_msjava.dll
[2005/09/19 17:29:41 | 000,133,120 | ---- | C] () -- C:\WINDOWS\System32\cp21_vrml1to2.dll
[2005/09/19 17:29:40 | 000,781,824 | ---- | C] () -- C:\WINDOWS\System32\cp21_main.dll
[2005/09/19 17:29:40 | 000,285,184 | ---- | C] () -- C:\WINDOWS\System32\cp21_graphicslarge8.dll
[2005/09/19 17:29:40 | 000,285,184 | ---- | C] () -- C:\WINDOWS\System32\cp21_graphicslarge16.dll
[2005/09/19 17:29:40 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\cp21_javascript.dll
[2005/09/19 17:29:40 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\cp21_graphicsmed8.dll
[2005/09/19 17:29:40 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\cp21_graphicsmed16.dll
[2005/09/19 17:29:40 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\cp21_graphicssmall8.dll
[2005/09/19 17:29:40 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\cp21_graphicssmall16.dll
[2005/09/19 17:29:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\cp21_lang.dll
[2005/09/19 17:29:40 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\cp21_basic.dll
[2005/09/19 17:29:40 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\cp21_graphicspos.dll
[2005/09/04 10:43:54 | 000,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2005/09/01 14:11:52 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/08/10 00:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/10 00:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/05/03 09:59:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/03 09:49:03 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/03 09:41:46 | 000,007,154 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2005/05/03 09:41:10 | 000,036,864 | ---- | C] () -- C:\WINDOWS\jRegistryKey.dll
[2005/05/03 09:41:10 | 000,000,232 | ---- | C] () -- C:\WINDOWS\my.ini
[2005/05/03 09:33:56 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/03 09:32:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll
[2005/05/03 09:32:23 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/05/03 09:31:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2004/09/07 18:49:32 | 000,005,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/16 18:25:16 | 000,000,930 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/16 17:41:06 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003427_.tmp.dll
[2004/08/16 17:40:32 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003459_.tmp.dll
[2004/06/23 14:14:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/01/17 18:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2007/08/22 21:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/08/03 16:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2005/10/02 20:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2010/07/08 20:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/04/18 15:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/05/03 09:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/05/12 15:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VistaCodecs
[2005/08/20 00:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2005/08/22 20:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\AVG7
[2008/05/12 18:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\kantaris
[2005/08/26 17:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Leadertech
[2006/01/15 21:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\MSNInstaller
[2009/02/11 21:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Samsung
[2005/08/19 23:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Thunderbird
[2007/01/06 17:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Vso
[2008/09/18 13:07:02 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\$~$Sys0$.job
[2008/09/18 19:28:51 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\$~$Sys1$.job
[2005/08/19 16:50:31 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job
[2005/08/19 16:50:31 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job
[2005/08/19 16:50:31 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>
[2005/10/31 17:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]


<MD5>
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/09/18 12:52:05 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

<MD5>
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/09/18 12:52:05 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

<MD5>
[2004/08/05 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\system32\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\eventlog.dll

<MD5>
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\netlogon.dll
[2009/02/06 20:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\SoftwareDistribution\Download\1b69c6a34ee3176041425a4238c7e626\sp2qfe\netlogon.dll
[2009/02/06 20:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\SoftwareDistribution\Download\fd39c169e8cb784cefd1d3b2f372297e\sp2qfe\netlogon.dll
[2004/08/05 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\system32\netlogon.dll

<MD5>
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\scecli.dll
[2004/08/05 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\system32\scecli.dll

<systemroot>

<systemroot>
[464 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

<systemroot>

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
<End>
Win XP SP2 HE - Firefox - Thunderbird - ZoneAlarm - Avast 4.6 - Spybot S&D - Ad Aware SE - SpywareBlaster - CWShredder - HijackThis
Avatar de l’utilisateur
niko
 
Messages: 69
Inscription: 28 Jan 2005, 10:06
Localisation: Ouest de la France

Messagede niko » 08 Juil 2010, 22:40

OTL Extras logfile created on: 08/07/2010 21:50:07 - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\Nicolas\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 023,00 Mb Total Physical Memory | 492,00 Mb Available Physical Memory | 48,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 226,87 Gb Total Space | 149,47 Gb Free Space | 65,88% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 209,15 Gb Free Space | 89,81% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICOLASC
Current User Name: Nicolas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OtsMedia.Surf] -- "C:\OtsLabs\OTSPLAY.EXE" "%1" /play /surf ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%ProgramFiles%\AOL 9.0\aol.exe" = %ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL -- (America Online, Inc.)
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe" = %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA -- File not found
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe" = %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA -- File not found
"C:\APPS\Inventime\my.exe" = C:\APPS\Inventime\my.exe:*:Enabled:INVENTIME -- (Inventime)
"C:\Program Files\IncrediMail\bin\IMApp.exe" = C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- (GRISOFT, s.r.o.)
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- (GRISOFT, s.r.o.)
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- (GRISOFT, s.r.o.)
"C:\Program Files\Grisoft\AVG7\avgemc.exe" = C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe -- (GRISOFT, s.r.o.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{06A940CD-4924-485E-8500-476C9E08A820}" = Samsung PC Studio 3
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0FF18B53-CA57-40BB-B562-21A27B662005}" = 1600
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D6B54EF-65E4-4624-8709-03A3BBE2C240}" = e-Carte Bleue LCL
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{44798400-788A-11D2-84CA-00104BB73183}" = Bâtiprix CD
"{45C8703C-61C8-4C5C-A6A1-90FDB86FE9A9}" = ViaMichelin Navigation
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{55D1BF8E-EA8F-4969-82B9-B577010CFBCD}" = Microsoft Baseline Security Analyzer 2.1
"{5D02AE2F-0C28-4AB1-91FA-049E6192AB93}" = Encyclopédie Universelle Larousse
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8000FA01-AA61-4200-9EC7-063074DAB70E}" = MVCpromo
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{88C9863E-5495-4D66-8B00-2644E95837C0}" = ViaMichelin Navigation
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{911A040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Outlook 2002
"{911B040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A122962F-331A-4C2E-93DB-AD92D8A4FB14}" = OpenOffice.org 2.4
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A99968BE-C155-474C-0089-33239DEE1CE2}" = NFS Underground
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.3 - Français
"{B04AC0A3-7A0F-4E38-9DE7-FD1E4CE47D8C}" = Packard Bell InfoCentre
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB449D5A-7710-47aa-B9F5-352B877C90E6}" = 1600_Help
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2BE6521-F81C-4EC6-8887-A8BBC0B0786B}" = OpenOffice.org 2.4 Language Pack (Français)
"{D37C6152-89DF-4D29-83CF-666200D5F398}" = iPAQ WebReg
"{D42B6F90-1084-4C9B-AF28-958926E6E32E}" = LP_Flash
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C6CC40-1142-49be-A28C-7BBD36F0B41A}" = 1600Trb
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"7-Zip" = 7-Zip 4.23
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"AVG7Uninstall" = AVG 7.5
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"CamStudio 2.0 Fr_is1" = CamStudio 2.0 Fr
"CCleaner" = CCleaner
"Cosmo Player 2.1" = Cosmo Player 2.1 (38329)
"DicoMots_is1" = DicoMots désinstallation
"DivX Content Uploader" = DivX Content Uploader
"e-Carte Bleue VISA PREMIER" = e-Carte Bleue VISA PREMIER
"eMule" = eMule
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HijackThis" = HijackThis 1.99.1
"HIJACKTHIS VF_is1" = HIJACKTHIS 1.99.01
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Language pack for Ad-Aware SE" = Language pack for Ad-Aware SE
"legacyqcam_11.00" = Coffret de pilotes Logitech Legacy USB Camera
"LimeWire" = LimeWire 4.14.10
"lvdrivers_11.50" = Coffret de pilotes Logitech QuickCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup 1.4 Fr_is1" = MozBackup 1.4 Fr
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OCCT_is1" = OCCT Perestroika 3.0.0
"OtsTurntables Free" = OtsTurntables Free 1.00.012
"PCSI" = Prevx
"RealPlayer 6.0" = RealPlayer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shockwave" = Shockwave
"Skype_is1" = Packard Bell - Skype 2.0
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SpywareBlaster_is1" = SpywareBlaster 4.3
"Trickshot" = Trickshot
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtools3DLifePlayer" = Virtools 3D Life Player
"WIC" = Windows Imaging Component
"Windows CE Services" = Microsoft ActiveSync 3.7
"WinLiveSuite_Wave3" = Installation Windows Live
"Yahoo! Companion" = Yahoo! Toolbar avec bloqueur de fenêtres pop-up
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 06/10/2008 01:01:15 | Computer Name = NICOLASC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\drwtsn32.exe failed, 00000005.

Error - 02/12/2008 07:32:01 | Computer Name = NICOLASC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\drwtsn32.exe failed, 00000005.

Error - 18/01/2009 09:07:50 | Computer Name = NICOLASC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\netsh.exe failed, 00000005.

Error - 21/02/2009 09:15:46 | Computer Name = NICOLASC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\netsh.exe failed, 00000005.

Error - 10/03/2009 01:51:56 | Computer Name = NICOLASC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\drwtsn32.exe failed, 00000005.

Error - 07/06/2009 03:09:34 | Computer Name = NICOLASC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\drwtsn32.exe failed, 00000005.

Error - 16/07/2009 01:02:32 | Computer Name = NICOLASC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\drwtsn32.exe failed, 00000005.

Error - 03/10/2009 09:20:25 | Computer Name = NICOLASC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\netsh.exe failed, 00000005.

Error - 21/01/2010 02:00:02 | Computer Name = NICOLASC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\drwtsn32.exe failed, 00000005.

Error - 23/03/2010 01:59:11 | Computer Name = NICOLASC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\drwtsn32.exe failed, 00000005.

[ Application Events ]
Error - 12/06/2010 13:12:40 | Computer Name = NICOLASC | Source = MsiInstaller | ID = 11706
Description = Product: PhotoGallery -- Error 1706.No valid source could be found
for product PhotoGallery. The Windows Installer cannot continue.

Error - 12/06/2010 13:31:58 | Computer Name = NICOLASC | Source = MsiInstaller | ID = 11706
Description = Product: PhotoGallery -- Error 1706.No valid source could be found
for product PhotoGallery. The Windows Installer cannot continue.

Error - 12/06/2010 13:32:53 | Computer Name = NICOLASC | Source = Application Hang | ID = 1002
Description = Application bloquée hpqgalry.exe, version 45.4.157.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 12/06/2010 13:33:03 | Computer Name = NICOLASC | Source = MsiInstaller | ID = 11706
Description = Product: PhotoGallery -- Error 1706.No valid source could be found
for product PhotoGallery. The Windows Installer cannot continue.

Error - 19/06/2010 16:10:21 | Computer Name = NICOLASC | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16876, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 20/06/2010 08:01:56 | Computer Name = NICOLASC | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré.


Error - 20/06/2010 08:01:56 | Computer Name = NICOLASC | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : Le serveur spécifié ne peut pas exécuter l'opération demandée.

Error - 25/06/2010 02:51:01 | Computer Name = NICOLASC | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16876, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 08/07/2010 10:51:43 | Computer Name = NICOLASC | Source = Google Update | ID = 20
Description =

Error - 08/07/2010 14:18:44 | Computer Name = NICOLASC | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré.


[ System Events ]
Error - 08/07/2010 14:14:04 | Computer Name = NICOLASC | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
TrueVector Internet Monitor.

Error - 08/07/2010 14:14:04 | Computer Name = NICOLASC | Source = Service Control Manager | ID = 7000
Description = Le service TrueVector Internet Monitor n'a pas pu démarrer en raison
de l'erreur : %%1053

Error - 08/07/2010 14:56:22 | Computer Name = NICOLASC | Source = Service Control Manager | ID = 7000
Description = Le service Secdrv n'a pas pu démarrer en raison de l'erreur : %%2

Error - 08/07/2010 14:56:22 | Computer Name = NICOLASC | Source = Service Control Manager | ID = 7000
Description = Le service Gestionnaire de téléchargement n'a pas pu démarrer en raison
de l'erreur : %%1079

Error - 08/07/2010 14:56:22 | Computer Name = NICOLASC | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
TrueVector Internet Monitor.

Error - 08/07/2010 14:56:22 | Computer Name = NICOLASC | Source = Service Control Manager | ID = 7000
Description = Le service TrueVector Internet Monitor n'a pas pu démarrer en raison
de l'erreur : %%1053

Error - 08/07/2010 14:56:22 | Computer Name = NICOLASC | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp
amsint
asc
asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 08/07/2010 15:14:28 | Computer Name = NICOLASC | Source = Service Control Manager | ID = 7000
Description = Le service Secdrv n'a pas pu démarrer en raison de l'erreur : %%2

Error - 08/07/2010 15:14:28 | Computer Name = NICOLASC | Source = Service Control Manager | ID = 7000
Description = Le service Gestionnaire de téléchargement n'a pas pu démarrer en raison
de l'erreur : %%1079

Error - 08/07/2010 15:18:23 | Computer Name = NICOLASC | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service wuauserv
avec les arguments "" pour démarrer le serveur : {E60687F7-01A1-40AA-86AC-DB1CBF673334}


<End>
Win XP SP2 HE - Firefox - Thunderbird - ZoneAlarm - Avast 4.6 - Spybot S&D - Ad Aware SE - SpywareBlaster - CWShredder - HijackThis
Avatar de l’utilisateur
niko
 
Messages: 69
Inscription: 28 Jan 2005, 10:06
Localisation: Ouest de la France

Messagede nickW » 09 Juil 2010, 00:47

Bonsoir,

Ton PC, mal protégé, est une véritable porte ouverte à toutes les infections!
Exemples:
*- l'OS (Windows XP) n'a pas été mis à jour depuis des années! avril 2008 = date de sortie du SP3
*- Avast!4 - version actuelle: avast! 5
*- des traces actives de AVG7
*- des traces actives de Kaspersky
*- AVG Anti-Spyware 7.5, qui n'est plus mis à jour depuis le 01/01/2009
*- 8 installations de Java de Sun, toutes obsolètes
*- des programmes non mis à jour (Spybot-S&D, Thunderbird, etc...)
*- des fichiers temporaires jamais effacés



Premiers nettoyages, nouvelle recherche:


Étape 1: Gmer, téléchargement
Télécharger le programme exécutable (fichier .exe) depuis la page http://www.gmer.net/#files
Cliquer sur le bouton Download EXE.
Enregistrer le fichier à la racine du disque système (généralement C: ) en notant son nom (qui est aléatoire).


Étape 2: OTL (de OldTimer), préparation de la correction
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien

:otl
FF - prefs.js..browser.search.selectedEngine: "Wibeez"
FF - prefs.js..keyword.URL: "http://www.wibeez.com/france?search&q="
[2010/01/01 18:21:37 | 000,003,709 | ---- | M] () -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\lezuz9vt.default\searchplugins\Wibeez.xml
O4 - Startup: C:\Documents and Settings\Nicolas\Menu Démarrer\Programmes\Démarrage\srvklw32.exe ()

:Commands
[emptytemp]




Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom fix.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: niko.
Si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 3: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus et celui de l'antispyware.
Image avast4!: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), puis "Arrêter la protection résidente"
Image Prevx: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), choisir "Show Management Console", dans la console de gestion, dans le menu déroulant sous "Protection Level", choisir "Off" puis valider
Image Si présent, AVG: ouvrir AVG Control Center, double clic sur "AVG Resident Shield", décocher "Turn on AVG Resident Shield"


Étape 4: OTL (de OldTimer), correction

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Correction: Image

Il y a ouverture d'une petite fenêtre "OTL": Image

Cliquer sur le bouton Ok.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier fix.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier fix.txt est ainsi inséré dans le panneau "Personnalisation" Image

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer de nouveau sur le bouton Correction: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Ok

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Correction terminée! Cliquez sur Ok pour afficher le rapport.". Cliquer sur Ok puis fermer OTL.


Étape 5: Pas de processus de contrôle en temps réel
Comme le PC a redémarré, et si les antivirus et antispyware ont été réactivés, il faut de nouveau les désactiver.


Étape 6: Gmer, exécution

Fermer absolument toutes les applications, les connexions et les navigateurs.

Faire un double clic sur le fichier au nom aléatoire téléchargé précédemment.

Attendre quelques instants le chargement du pilote et les premières recherches.

Si l'outil affiche un message "WARNING !!! GMER has found system modification ... Do You want to fully scan your system ?", cliquer sur NO.

Vérifier que toutes les cases de la colonne de droite sont cochées sauf
Sections
les lecteurs autres que C:\
"Show all"

comme ceci:
Image

puis cliquer sur le bouton Scan.

Attendre sans rien faire d'autre (... c'est un peu long...).
Les clés de Registre & fichiers analysés s'affichent en bas de la fenêtre.

Lorsque l'outil a terminé (il n'y a plus de défilement en bas de la fenêtre), cliquer sur le bouton Save ....

Une fenêtre du Bloc-notes va s'ouvrir, contenant le fichier rapport.
Note: Dans le Bloc-notes, vérifier dans le menu Format que l'option "Retour automatique à la ligne" n'est pas cochée.
Enregistrer ce fichier sur le Bureau sous le nom gmer-100708.txt.
Fermer la fenêtre Gmer (clic sur OK).


Étape 7: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus principal et celui de l'antispyware.


Étape 8: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 9: Résultats
Envoyer en réponse:
*- le rapport de correction de OTL (contenu du fichier SystemDrive\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de Gmer (contenu du fichier gmer-100708.txt)<----ce rapport est souvent très long; vérifier qu'il est complet; si nécessaire le découper en plusieurs messages -- en utilisant toujours le bouton Répondre.

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede niko » 10 Juil 2010, 17:35

Bonjour nickW,

Merci pour la rapidité de réponse et pour la procédure.

Tout d'abord, concernant les mises à jour, j'ai été obligé de redémarrer Windows avec la dernière bonne configuration connue, cela a peut-être son importance.
Pour le SP3, je n'ai jamais réussi à l'installer car ça plantait à chaque fois (message d'erreur style : le fichier Beethoven.wma est introuvable ?!?! Je ne sais plus si c'est ce compositeur, je me rappelle juste que c'était un fichier audio).

Concernant la procédure, je joins à la suite de ce message le rapport de correction d'OTL, j'ai par contre rencontré des difficultés avec gmer. Après plusieurs plantages, j'ai un rapport qui me semble loin d'être complet, le PC ramait, j'avais les processus lsass.exe et ashServ.exe qui tournaient sans cesse prenant 100% de CPU. (j'avais bien arrêté Prevx, la protection résidente d'Avast et désactivé mes connexions réseaux).

Lors de l'analyse avec OTL, Avast a détecté Win32:Rootkit-gen dans C:\WINDOWS\System32\drivers\bltsdm.sys.
J'ai cliqué sur "Ne rien faire" de la page d'alerte pensant que ce fichier avait un rapport avec gmer.

Voilà pour les petits soucis....

Rapport de correction OTL :

All processes killed
Error: Unable to interpret <rien> in the current context!
========== OTL ==========
Prefs.js: "Wibeez" removed from browser.search.selectedEngine
Prefs.js: "http://www.wibeez.com/france?search&q=" removed from keyword.URL
C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\lezuz9vt.default\searchplugins\Wibeez.xml moved successfully.
File move failed. C:\Documents and Settings\Nicolas\Menu Démarrer\Programmes\Démarrage\srvklw32.exe scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Nicolas
->Temp folder emptied: 35958572 bytes
->Temporary Internet Files folder emptied: 16266450 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37506518 bytes
->Google Chrome cache emptied: 6317888 bytes
->Flash cache emptied: 6062 bytes

User: Propriétaire

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114786 bytes
%systemroot%\System32 .tmp files removed: 127821684 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 135773 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13492890 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 88846271 bytes

Total Files Cleaned = 313,00 mb


OTL by OldTimer - Version 3.2.8.1 log created on 07092010_090633

Files\Folders moved on Reboot...
C:\Documents and Settings\Nicolas\Menu Démarrer\Programmes\Démarrage\srvklw32.exe moved successfully.
C:\Documents and Settings\Nicolas\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\36DDX5AL\translate_t[1].htm moved successfully.
C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
File\Folder C:\WINDOWS\temp\ZLT079c2.TMP not found!
File\Folder C:\WINDOWS\temp\ZLT079e9.TMP not found!

Registry entries deleted on Reboot...
Win XP SP2 HE - Firefox - Thunderbird - ZoneAlarm - Avast 4.6 - Spybot S&D - Ad Aware SE - SpywareBlaster - CWShredder - HijackThis
Avatar de l’utilisateur
niko
 
Messages: 69
Inscription: 28 Jan 2005, 10:06
Localisation: Ouest de la France

Messagede niko » 10 Juil 2010, 17:39

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-10 17:32:00
Windows 5.1.2600 Service Pack 2
Running: bkgxkj4l.exe; Driver: C:\DOCUME~1\Nicolas\LOCALS~1\Temp\kweorkod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0xF4696A00]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF3B706B8]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xF477A040]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xF4776930]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF3B70574]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xF477A510]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xF4780870]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xF4780AA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xF4783FD0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0xF4696A50]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xF477A600]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xF4776F20]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteKey [0xF4696720]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteValueKey [0xF46967E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xF4780580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xF47828B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xF4776D70]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF3B7064E]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xF4780350]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xF4780150]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0xF4696AF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF3B7076E]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xF4783250]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xF4782CB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xF4779C00]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF3B7072E]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xF477A220]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0xF46969B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xF4777120]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetValueKey [0xF46968C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwTerminateProcess [0xF4780CD0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0xF4696B90]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0xF4696BE0]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F477ECA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F477F1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F477F320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F477EE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F477EE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F477ECA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F477F1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F477F320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F477ECA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F477F320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F477F1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F477EE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F477F320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F477F1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F477ECA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F477EE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F477ECA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F477F1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F477F320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F477ECA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F477EE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F477F320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F477F1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[580] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[580] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D12F30] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D12CA0] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D12D00] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D12CD0] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe[2728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009D2F30] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe[2728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009D2CA0] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe[2728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009D2D00] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe[2728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009D2CD0] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\bkgxkj4l.exe[3220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\bkgxkj4l.exe[3220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\bkgxkj4l.exe[3220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\bkgxkj4l.exe[3220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Ip avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Tcp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Udp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\RawIp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\IPMULTICAST avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device EFA83C8A

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)

---- EOF - GMER 1.0.15 ----
Win XP SP2 HE - Firefox - Thunderbird - ZoneAlarm - Avast 4.6 - Spybot S&D - Ad Aware SE - SpywareBlaster - CWShredder - HijackThis
Avatar de l’utilisateur
niko
 
Messages: 69
Inscription: 28 Jan 2005, 10:06
Localisation: Ouest de la France

Messagede niko » 10 Juil 2010, 17:41

OTL logfile created on: 10/07/2010 17:49:50 - Run 3
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\Nicolas\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 023,00 Mb Total Physical Memory | 513,00 Mb Available Physical Memory | 50,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 226,87 Gb Total Space | 146,29 Gb Free Space | 64,48% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 209,15 Gb Free Space | 89,81% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICOLASC
Current User Name: Nicolas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/08 21:22:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicolas\Bureau\OTL.exe
PRC - [2010/07/08 20:19:11 | 006,384,592 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe
PRC - [2009/12/06 11:43:48 | 002,752,560 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
PRC - [2009/11/25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2007/12/13 20:27:10 | 000,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2007/12/13 20:27:10 | 000,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/06/13 15:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/28 11:11:42 | 000,737,379 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
PRC - [2005/01/28 11:11:40 | 000,024,576 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
PRC - [2005/01/07 12:01:52 | 000,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe
PRC - [2004/12/14 22:04:04 | 000,110,682 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
PRC - [2004/12/14 22:03:48 | 000,176,220 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
PRC - [2004/08/04 00:55:02 | 000,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slserv.exe
PRC - [2003/06/20 09:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2003/05/02 11:31:50 | 000,024,576 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\ABOARD.EXE
PRC - [2003/05/02 11:31:38 | 000,069,632 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\AOSD.EXE


========== Modules (SafeList) ==========

MOD - [2010/07/08 21:22:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicolas\Bureau\OTL.exe
MOD - [2007/10/19 13:19:10 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcInj.dll
MOD - [2006/08/25 17:51:12 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2004/08/05 14:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/08 20:19:11 | 006,384,592 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/11/25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/08/18 17:53:59 | 000,611,664 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007/12/13 20:27:10 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2007/10/19 13:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/08/05 20:39:27 | 000,352,768 | ---- | M] (GRISOFT, s.r.o.) [Disabled | Stopped] -- C:\Program Files\Grisoft\AVG7\avgemc.exe -- (AVGEMS)
SRV - [2007/08/05 20:36:55 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [On_Demand | Stopped] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)
SRV - [2007/05/06 17:16:19 | 000,353,280 | ---- | M] (GRISOFT, s.r.o.) [Disabled | Stopped] -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt)
SRV - [2006/11/10 22:23:36 | 000,049,664 | ---- | M] (GRISOFT, s.r.o.) [On_Demand | Stopped] -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc)
SRV - [2005/01/28 11:11:40 | 000,024,576 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/01/07 12:01:52 | 000,049,152 | ---- | M] () [Auto | Running] -- c:\APPS\HIDSERVICE\HidService.exe -- (GenericHidService)
SRV - [2004/12/14 22:04:04 | 000,110,682 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2004/12/14 22:03:48 | 000,176,220 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/08/04 00:55:02 | 000,073,796 | ---- | M] (Smart Link) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2003/12/15 02:37:12 | 002,252,800 | ---- | M] () [On_Demand | Stopped] -- c:\mysql\bin\mysqld-nt.exe -- (MysqlInventime)
SRV - [2003/06/20 09:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2010/07/08 20:19:12 | 000,061,752 | ---- | M] (Prevx) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pxrts.sys -- (pxrts)
DRV - [2010/07/08 20:19:12 | 000,030,320 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2010/07/08 20:19:12 | 000,024,400 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pxkbf.sys -- (pxkbf)
DRV - [2009/11/25 01:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/05/03 19:19:19 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007/12/13 20:27:14 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/10/19 13:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap)
DRV - [2007/10/18 21:18:44 | 000,051,176 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2007/10/11 18:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/10/11 18:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2007/08/05 20:39:24 | 000,820,928 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core)
DRV - [2007/08/05 20:36:31 | 000,011,000 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver)
DRV - [2007/07/19 16:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2007/07/03 17:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 17:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 17:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/05/12 02:31:46 | 000,022,560 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2007/05/12 02:31:34 | 003,580,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC)
DRV - [2007/05/12 02:31:20 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/12 02:30:02 | 001,921,184 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/03/18 19:05:37 | 000,027,776 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP)
DRV - [2006/11/10 22:23:39 | 000,004,224 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW)
DRV - [2006/11/10 22:23:37 | 000,004,960 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\avgtdi.sys -- (AvgTdi)
DRV - [2006/11/10 22:23:37 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgclean.sys -- (AvgClean)
DRV - [2006/09/05 18:03:16 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)
DRV - [2005/12/09 15:37:42 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005/10/01 10:36:00 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\hardwaredetection\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2005/01/28 20:06:50 | 000,974,336 | ---- | M] (ASUSTek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2004/09/16 11:21:18 | 002,257,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/08/12 11:40:00 | 002,627,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2004/08/03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 22:41:46 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/08/03 22:41:46 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2004/08/03 22:41:44 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/08/03 22:41:40 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/08/03 22:41:40 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/08/03 22:41:40 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent)
DRV - [2004/08/03 22:41:38 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/03/17 15:12:12 | 000,135,168 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/03/17 15:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/12/31 11:58:46 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2001/08/23 17:04:44 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 22:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 22:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 22:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 22:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 22:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 21:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 21:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 21:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 21:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 21:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 21:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 21:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 21:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 21:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 21:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: fr-FR@dictionaries.addons.mozilla.org:3.5
FF - prefs.js..extensions.enabledItems: fr@dictionaries.addons.mozilla.org:3.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/08 18:57:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/08 18:57:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/22 19:34:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/07/08 16:56:51 | 000,000,000 | ---D | M]

[2008/08/30 10:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Extensions
[2010/07/10 08:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\lezuz9vt.default\extensions
[2010/04/27 20:55:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\lezuz9vt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/27 20:55:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\lezuz9vt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/17 08:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\lezuz9vt.default\extensions\fr@dictionaries.addons.mozilla.org
[2007/09/21 21:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\lezuz9vt.default\extensions\fr-FR@dico_vazkor
[2010/02/17 08:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\lezuz9vt.default\extensions\fr-FR@dictionaries.addons.mozilla.org
[2010/07/10 08:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\lezuz9vt.default\extensions\staged-xpis
[2010/07/08 17:27:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2005/10/03 17:49:00 | 001,593,344 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\nphardwaredetection.dll
[2010/03/22 20:12:45 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/03/22 20:12:45 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/03/22 20:12:45 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2008/08/30 10:13:54 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/03/22 20:12:45 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/03/27 17:18:38 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/05/06 21:04:34 | 000,398,569 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 babe.the-killer.bz
O1 - Hosts: 127.0.0.1 babe.k-lined.com
O1 - Hosts: 127.0.0.1 did.i-used.cc
O1 - Hosts: 127.0.0.1 coolwwwsearch.com
O1 - Hosts: 127.0.0.1 coolwebsearch.com
O1 - Hosts: 127.0.0.1 hi.studioaperto.net
O1 - Hosts: 127.0.0.1 www.webbrowser.tv
O1 - Hosts: 127.0.0.1 www.wazzupnet.com
O1 - Hosts: 127.0.0.1 gueb.com
O1 - Hosts: 127.0.0.1 kabex.com
O1 - Hosts: 127.0.0.1 www.hityou.com
O1 - Hosts: 127.0.0.1 miosearch.com
O1 - Hosts: 127.0.0.1 wazzupnet.com
O1 - Hosts: 127.0.0.1 213.131.225.2
O1 - Hosts: 127.0.0.1 www.blue-elefant.com
O1 - Hosts: 127.0.0.1 babeweb.de
O1 - Hosts: 127.0.0.1 start-seite.com
O1 - Hosts: 127.0.0.1 sexolymp.com
O1 - Hosts: 127.0.0.1 toriii.cc
O1 - Hosts: 127.0.0.1 www.xtipp.de
O1 - Hosts: 127.0.0.1 urawa.cool.ne.jp
O1 - Hosts: 127.0.0.1 777search.com
O1 - Hosts: 127.0.0.1 ace-webmaster.com
O1 - Hosts: 127.0.0.1 aifind.info
O1 - Hosts: 13805 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (ECarteBleueBrowserHelper Class) - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SafeOnline BHO) - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll (Prevx)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O4 - HKLM..\Run: [ACTIVBOARD] c:\APPS\ABOARD\ABOARD.EXE (NEC Computers International)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Nicolas\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZI ... b32846.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9b8f844a-3f21-11db-9fbb-000feac520e1}\Shell - "" = AutoRun
O33 - MountPoints2\{9b8f844a-3f21-11db-9fbb-000feac520e1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/09 09:06:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/08 21:29:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/08 21:26:19 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/08 21:22:05 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nicolas\Bureau\OTL.exe
[2010/07/08 20:19:13 | 000,068,120 | ---- | C] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll
[2010/07/08 20:19:12 | 000,061,752 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/07/08 20:19:12 | 000,030,320 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/07/08 20:19:11 | 000,024,400 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/07/08 20:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2010/07/08 20:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/06/22 07:50:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nicolas\Recent
[2010/05/25 20:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicolas\Bureau\Nouveau dossier
[2010/05/02 12:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Bureau\Programme d'installation d'Adobe Reader 9
[2010/05/02 12:34:21 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/05/02 12:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[14 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/10 17:46:41 | 000,000,769 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/10 17:46:41 | 000,000,296 | RHS- | M] () -- C:\BOOT.INI
[2010/07/10 17:46:41 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/10 17:46:28 | 000,358,832 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/07/10 17:45:55 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/10 17:45:35 | 000,004,598 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/10 17:44:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/10 17:43:50 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/10 17:43:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/07/10 08:31:52 | 011,796,480 | -H-- | M] () -- C:\Documents and Settings\Nicolas\NTUSER.DAT
[2010/07/09 09:08:50 | 307,994,656 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/07/09 09:08:50 | 003,611,156 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/07/09 08:22:28 | 000,293,376 | ---- | M] () -- C:\bkgxkj4l.exe
[2010/07/08 21:26:22 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\Nicolas\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/07/08 21:26:21 | 000,000,614 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\NTREGOPT.lnk
[2010/07/08 21:26:21 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\ERUNT.lnk
[2010/07/08 21:25:43 | 000,005,024 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\erunt-loc_fr.zip
[2010/07/08 21:22:26 | 000,000,371 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\scan.zip
[2010/07/08 21:22:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicolas\Bureau\OTL.exe
[2010/07/08 20:19:13 | 000,068,120 | ---- | M] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll
[2010/07/08 20:19:12 | 000,061,752 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/07/08 20:19:12 | 000,030,320 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/07/08 20:19:12 | 000,024,400 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/07/08 20:18:48 | 000,000,050 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/08 19:31:06 | 000,755,712 | ---- | M] () -- C:\WINDOWS\System32\drivers\bltsdm.sys
[2010/07/08 19:14:08 | 000,000,363 | ---- | M] () -- C:\Documents and Settings\Nicolas\.js
[2010/07/08 16:56:52 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/06/24 22:18:00 | 000,241,703 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\5358 b.PDF
[2010/06/24 22:17:06 | 000,070,363 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\5358 a.PDF
[2010/06/24 13:27:14 | 000,753,004 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\Salaire Stéphanie.pdf
[2010/06/24 13:23:29 | 000,705,248 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\Impôt Stéphanie.pdf
[2010/06/24 13:15:05 | 001,507,546 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\Relevés de compte Nicolas.pdf
[2010/06/24 13:02:21 | 001,095,805 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\Salaires Nicolas.pdf
[2010/06/24 12:58:07 | 000,422,519 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\Impôt Nicolas.pdf
[2010/06/23 21:56:06 | 000,091,136 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\vpm.xls
[2010/06/20 20:22:33 | 000,011,553 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\Frais FONCIA.ods
[2010/06/14 20:37:46 | 000,009,789 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\budget apport.ods
[2010/06/10 07:52:59 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\Nicolas\ntuser.ini
[2010/06/09 21:14:13 | 000,190,929 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\lotissement.jpg
[2010/06/09 21:11:34 | 000,197,483 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\Saint Pavace.jpg
[2010/05/23 15:55:15 | 000,001,918 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk
[2010/05/08 11:14:57 | 000,013,860 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\carte affaire.ods
[2010/05/06 21:04:34 | 000,398,569 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/05/02 18:26:42 | 000,398,569 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-210434.backup
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/25 11:48:17 | 000,398,209 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100502-182642.backup
[2010/04/25 11:47:52 | 000,398,209 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100425-114817.backup
[2010/04/18 15:07:33 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\SpywareBlaster.lnk
[2010/04/17 11:38:42 | 000,001,551 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\CCleaner.lnk
[2010/04/17 11:34:26 | 000,397,451 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100425-114752.backup
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/09 08:22:28 | 000,293,376 | ---- | C] () -- C:\bkgxkj4l.exe
[2010/07/08 21:26:22 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\Nicolas\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/07/08 21:26:21 | 000,000,614 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\NTREGOPT.lnk
[2010/07/08 21:26:21 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\ERUNT.lnk
[2010/07/08 21:25:42 | 000,005,024 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\erunt-loc_fr.zip
[2010/07/08 21:22:25 | 000,000,371 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\scan.zip
[2010/07/08 20:18:48 | 000,000,050 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/07/08 20:12:00 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/08 19:18:05 | 000,755,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\bltsdm.sys
[2010/07/08 19:14:08 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Nicolas\.js
[2010/06/24 22:17:59 | 000,241,703 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\5358 b.PDF
[2010/06/24 22:17:05 | 000,070,363 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\5358 a.PDF
[2010/06/24 13:27:05 | 000,753,004 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\Salaire Stéphanie.pdf
[2010/06/24 13:23:19 | 000,705,248 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\Impôt Stéphanie.pdf
[2010/06/24 13:14:47 | 001,507,546 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\Relevés de compte Nicolas.pdf
[2010/06/24 13:02:10 | 001,095,805 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\Salaires Nicolas.pdf
[2010/06/24 12:58:00 | 000,422,519 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\Impôt Nicolas.pdf
[2010/06/16 21:27:16 | 000,091,136 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\vpm.xls
[2010/06/14 20:37:45 | 000,009,789 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\budget apport.ods
[2010/06/09 21:08:13 | 000,197,483 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\Saint Pavace.jpg
[2010/06/09 21:07:35 | 000,190,929 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\lotissement.jpg
[2010/06/06 17:38:22 | 000,011,553 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\Frais FONCIA.ods
[2010/05/23 15:55:15 | 000,001,918 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk
[2010/05/02 12:37:03 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2009/12/13 19:10:48 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2009/02/11 21:38:52 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/03/31 23:25:46 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/03/21 22:30:08 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/21 22:28:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/03/21 22:28:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/03/21 22:28:20 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/10/11 18:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/05/13 19:45:56 | 000,000,057 | ---- | C] () -- C:\WINDOWS\DcmLtbox-WS.ini
[2007/04/01 10:00:17 | 000,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc040c.dll
[2007/04/01 10:00:17 | 000,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc040c.dll
[2006/11/12 14:41:43 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LineAudio.dll
[2006/09/07 22:40:44 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Relax.ini
[2006/09/07 22:34:42 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/04 18:26:09 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/06/18 19:43:22 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2006/01/21 15:00:22 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2006/01/21 15:00:10 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/01/02 17:45:14 | 000,000,069 | ---- | C] () -- C:\WINDOWS\gvcasinos.ini
[2005/10/08 12:31:03 | 000,001,201 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/09/19 17:29:41 | 000,260,096 | ---- | C] () -- C:\WINDOWS\System32\cp21_comeai.dll
[2005/09/19 17:29:41 | 000,226,304 | ---- | C] () -- C:\WINDOWS\System32\cp21_msjava.dll
[2005/09/19 17:29:41 | 000,133,120 | ---- | C] () -- C:\WINDOWS\System32\cp21_vrml1to2.dll
[2005/09/19 17:29:40 | 000,781,824 | ---- | C] () -- C:\WINDOWS\System32\cp21_main.dll
[2005/09/19 17:29:40 | 000,285,184 | ---- | C] () -- C:\WINDOWS\System32\cp21_graphicslarge8.dll
[2005/09/19 17:29:40 | 000,285,184 | ---- | C] () -- C:\WINDOWS\System32\cp21_graphicslarge16.dll
[2005/09/19 17:29:40 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\cp21_javascript.dll
[2005/09/19 17:29:40 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\cp21_graphicsmed8.dll
[2005/09/19 17:29:40 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\cp21_graphicsmed16.dll
[2005/09/19 17:29:40 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\cp21_graphicssmall8.dll
[2005/09/19 17:29:40 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\cp21_graphicssmall16.dll
[2005/09/19 17:29:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\cp21_lang.dll
[2005/09/19 17:29:40 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\cp21_basic.dll
[2005/09/19 17:29:40 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\cp21_graphicspos.dll
[2005/09/04 10:43:54 | 000,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2005/09/01 14:11:52 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/08/10 00:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/10 00:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/05/03 09:59:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/03 09:49:03 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/03 09:41:46 | 000,007,154 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2005/05/03 09:41:10 | 000,036,864 | ---- | C] () -- C:\WINDOWS\jRegistryKey.dll
[2005/05/03 09:41:10 | 000,000,232 | ---- | C] () -- C:\WINDOWS\my.ini
[2005/05/03 09:33:56 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/03 09:32:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll
[2005/05/03 09:32:23 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/05/03 09:31:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2004/09/07 18:49:32 | 000,005,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/16 18:25:16 | 000,000,930 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/16 17:41:06 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003427_.tmp.dll
[2004/08/16 17:40:32 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003459_.tmp.dll
[2004/06/23 14:14:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/01/17 18:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2007/08/22 21:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/08/03 16:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2005/10/02 20:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2010/07/09 08:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/04/18 15:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/05/03 09:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/05/12 15:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VistaCodecs
[2005/08/22 20:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\AVG7
[2008/05/12 18:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\kantaris
[2005/08/26 17:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Leadertech
[2006/01/15 21:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\MSNInstaller
[2009/02/11 21:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Samsung
[2005/08/19 23:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Thunderbird
[2007/01/06 17:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Vso
[2008/09/18 13:07:02 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\$~$Sys0$.job
[2008/09/18 19:28:51 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\$~$Sys1$.job
[2005/08/19 16:50:31 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job
[2005/08/19 16:50:31 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job
[2005/08/19 16:50:31 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
<End>
Win XP SP2 HE - Firefox - Thunderbird - ZoneAlarm - Avast 4.6 - Spybot S&D - Ad Aware SE - SpywareBlaster - CWShredder - HijackThis
Avatar de l’utilisateur
niko
 
Messages: 69
Inscription: 28 Jan 2005, 10:06
Localisation: Ouest de la France

Messagede nickW » 15 Juil 2010, 00:30

Bonsoir,

1/ Peux-tu me dire:

*- Comment se comporte le PC

*- Quels sont les logiciels de sécurité réellement à jour et utilisés
Exemples: AVG7, Kaspersky


2/ Nouvelle recherche:


Étape 1: OTL (de OldTimer), préparation de l'analyse
Supprimer le fichier scan.txt créé précédemment.
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
c:\windows\system32\dllcache\*.sys /10
c:\windows\system32\drivers\*.sys /10



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom scan.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: niko.
Si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus et celui de l'antispyware.
Image avast4!: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), puis "Arrêter la protection résidente"
Image Prevx: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), choisir "Show Management Console", dans la console de gestion, dans le menu déroulant sous "Protection Level", choisir "Off" puis valider
Image Si présent, AVG: ouvrir AVG Control Center, double clic sur "AVG Resident Shield", décocher "Turn on AVG Resident Shield"


Étape 3: OTL (de OldTimer), analyse

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Aucun:
Image

Faire un double clic dans la zone blanche située sous Personnalisation Image

Il y a ouverture d'une petite fenêtre "OTL": Image

Cliquer sur le bouton Ok.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier scan.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier scan.txt est ainsi inséré dans le panneau "Personnalisation" Image

Cliquer sur le bouton Analyse: Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 4: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus et celui de l'antispyware.


Étape 5: Résultats
Envoyer en réponse:
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede niko » 15 Juil 2010, 18:20

Bonsoir,

Pas de soucis avec le PC, il fonctionne comme avant.
Concernant les antivirus et autres protections, j'utilise Avast avec mises à jour automatiques quotidiennes (je n'ai pas vu l'alerte de mise à jour programme pour passer à la version 5...), Prevx est installé suite à l'infection mais je ne sais pas si je vais le conserver.
J'utilise Spybot, il était à jour mais je rentrais de congés quand mon PC a été infecté et je n'avais donc pas fait la mise à jour depuis au moins 15j. Par contre, j'avais arrêté dernièrement la protection résidente car ça me faisait "ramer" le PC.
Je n'utilise plus AVG et suis étonné d'avoir des traces actives de Kapersky car je ne pensais pas l'avoir un jour installé.

Depuis la dernière manipulation, Thunderbird bug (lenteur de chargement des messages non lus qui provoque parfois la fermeture de Thunderbird)

Voici mon dernier log OTL :

OTL logfile created on: 15/07/2010 19:02:54 - Run 4
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\Nicolas\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 023,00 Mb Total Physical Memory | 603,00 Mb Available Physical Memory | 59,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 226,87 Gb Total Space | 145,79 Gb Free Space | 64,26% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 209,15 Gb Free Space | 89,81% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICOLASC
Current User Name: Nicolas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Custom Scans ==========


<c>

<c>
[2010/07/08 19:31:06 | 000,755,712 | ---- | M] () -- C:\WINDOWS\system32\drivers\bltsdm.sys
[2010/07/08 20:19:12 | 000,024,400 | ---- | M] (Prevx) -- C:\WINDOWS\system32\drivers\pxkbf.sys
[2010/07/08 20:19:12 | 000,061,752 | ---- | M] (Prevx) -- C:\WINDOWS\system32\drivers\pxrts.sys
[2010/07/08 20:19:12 | 000,030,320 | ---- | M] (Prevx) -- C:\WINDOWS\system32\drivers\pxscan.sys
<End>
Avatar de l’utilisateur
niko
 
Messages: 69
Inscription: 28 Jan 2005, 10:06
Localisation: Ouest de la France

Messagede nickW » 15 Juil 2010, 23:18

Bonsoir,

Les dernières manips n'ont été qu'une analyse: aucune modification n'a été apportée aux paramètres du PC.

Les manips précédentes étaient: suppression du logiciel publicitaire Wibeez et du nuisible srvklw32.exe.

Tout ceci ne concerne pas Thunderird.
As-tu vérifié les paramètres des comptes?
As-tu vérifié les logs du pare-feu?



Je te conseille de désinstaller PrevX (payant pour la version "avec nettoyage").



Suppression des traces d'AVG7 et Kaspersky:


Étape 1: OTL (de OldTimer), préparation de la correction

Supprimer le fichier fix.txt créé précédemment.

Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien

:otl
SRV - [2007/08/05 20:39:27 | 000,352,768 | ---- | M] (GRISOFT, s.r.o.) [Disabled | Stopped] -- C:\Program Files\Grisoft\AVG7\avgemc.exe -- (AVGEMS)
SRV - [2007/08/05 20:36:55 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [On_Demand | Stopped] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)
SRV - [2007/05/06 17:16:19 | 000,353,280 | ---- | M] (GRISOFT, s.r.o.) [Disabled | Stopped] -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt)
SRV - [2006/11/10 22:23:36 | 000,049,664 | ---- | M] (GRISOFT, s.r.o.) [On_Demand | Stopped] -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc)
DRV - [2007/08/05 20:39:24 | 000,820,928 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core)
DRV - [2007/08/05 20:36:31 | 000,011,000 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver)
DRV - [2007/07/19 16:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2007/03/18 19:05:37 | 000,027,776 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP)
DRV - [2006/11/10 22:23:39 | 000,004,224 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW)
DRV - [2006/11/10 22:23:37 | 000,004,960 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\avgtdi.sys -- (AvgTdi)
DRV - [2006/11/10 22:23:37 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgclean.sys -- (AvgClean)
DRV - [2006/09/05 18:03:16 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)

:Files
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
C:\Program Files\Grisoft\AVG7

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Grisoft\AVG7\avginet.exe"=-
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"=-
"C:\Program Files\Grisoft\AVG7\avgcc.exe"=-
"C:\Program Files\Grisoft\AVG7\avgemc.exe"=-

:Commands
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom fix.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: niko.
Si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus et celui de l'antispyware.
Image avast4!: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), puis "Arrêter la protection résidente"
Image Prevx: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), choisir "Show Management Console", dans la console de gestion, dans le menu déroulant sous "Protection Level", choisir "Off" puis valider
Image Si présent, AVG: ouvrir AVG Control Center, double clic sur "AVG Resident Shield", décocher "Turn on AVG Resident Shield"


Étape 3: OTL (de OldTimer), correction

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Correction: Image

Il y a ouverture d'une petite fenêtre "OTL": Image

Cliquer sur le bouton Ok.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier fix.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier fix.txt est ainsi inséré dans le panneau "Personnalisation" Image

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer de nouveau sur le bouton Correction: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Ok

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Correction terminée! Cliquez sur Ok pour afficher le rapport.". Cliquer sur Ok puis fermer OTL.


Étape 4: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus et celui de l'antispyware.


Étape 5: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 6: Résultats
Envoyer en réponse:
*- le rapport de correction de OTL (contenu du fichier SystemDrive\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


Ceci fait, nous nous occuperons des mises à jour. :wink:

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 17 invités

cron