PC infecté, a l'aide !!!

Question

Bonjour,

depuis quelques jours, je trouvais que mon PC était anormalement lent: 5 fois plus de temps que d'habitude pour s'allumer (chargement de windows XP), quelques bugs, s'éteint parfois tout seul puis se rallume et enfin lorsque je l'éteins l'écran reste figé sur "Fermeture en cous...".

J'utilise Avira (version gratuite) qui n'a rien détecté.

J'ai donc effectué un scan avec Dr Web cureit qui, dans un premier temps a détecté que le fichier "csrcs.exe" était infecté (par un truc du genre Win32 Autohit 911X, désolé je ne me souviens plus du nom exacte).
Le souci est qu'arrivé a la moitié du scan il se bloque et arrête de scanner le PC.

Même chose avec le scan en ligne de eset, il détecte un fichier infecte (par Win32.Packed.Autoit.Gen application) puis se fige a 17% du scan (je l'ai pourtant laisse travaille plusieurs heures !!!

J'ai aussi installe la version d'essai de Eset (après avoir désactivé Avira): il est actuellement en cours de scan et n'a rien détecté.

Je ne sais plus quoi faire, je suis a blasé, étant donne que mon PC est mon principal outil de travail.

Merci d'avance pour votre aide.

Pour info, j'utilise:
- antivir d'avira
- Spybot
- PC Tool comme pare-feu

dédétraqué · Answer

Salut mou_yem


On va vérifier cela, télécharge RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe

- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l’analyse

Les rapports sont dans le dossier ici C:\rsit


@++ :)

mou_yem · Answer

et le suivant:

   - log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mourad at 2010-01-02 06:48:26
Microsoft Windows XP Professional Service Pack 3
System drive C: has 20 GB (51%) free of 40 GB
Total RAM: 3063 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:58 AM, on 1/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson\ST330\service\st330service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\D-Link\D-Link USB VoIP Adapter\VServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mourad\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mourad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Service Google Update (gupdate1c9c3c0e7640a00) (gupdate1c9c3c0e7640a00) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SolarWinds TFTP Server - SolarWinds - C:\Program Files\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson/ST330/service/st330service.exe
O23 - Service: VService - Unknown owner - C:\Program Files\D-Link\D-Link USB VoIP Adapter\VServ.exe

mou_yem · Answer

oups, le premier n'a pas ete poste:

- info.txt

info.txt logfile of random's system information tool 1.06 2010-01-02 06:49:01

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
ALTools Update-->"C:\Program Files\ESTsoft\ALUpdate\unins000.exe"
ALZip-->"C:\Program Files\ESTsoft\ALZip\unins000.exe"
AnyFirewall Engine 8.0-->MsiExec.exe /I{8AD05519-5866-40D7-B23D-407980F803E8}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Belkin Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDex extraction audio-->"C:\Program Files\CDex_150\uninstall.exe"
Ciel Auto-entrepreneur Facile 1.30-->MsiExec.exe /I{AB8DD4C1-6237-455E-AF09-86296B3E3EE0}
ClocX (1.4)-->"C:\Program Files\ClocX\Uninstall.exe"
Creative Live! Cam Vista IM Driver (1.00.03.0000)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0420.uns -unsext NT -plugin V0420Pin.dll -pluginres CtCamPin.crl
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe"
D-Link USB VoIP Adapter-->"C:\Program Files\D-Link\D-Link USB VoIP Adapter\\setup.exe" /REMOVE
D-Link USB VoIP Adapter-->MsiExec.exe /X{0A7AB28D-E7DE-458A-9243-663DADDEE290}
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Google Earth-->MsiExec.exe /X{C084BC61-E537-11DE-8616-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup\hpzscr01.exe -datfile hposcr27.dat -onestop
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
jv16 PowerTools 1.3-->"C:\Program Files\jv16 PowerTools\unins000.exe"
Keyyo Softphone 2.0 release 1105c-->"C:\Program Files\Keyyo X-PRO\unins000.exe"
KeyyoFax 1.0-->C:\Program Files\KeyyoFax\uninst.exe
Ma-Config.com-->MsiExec.exe /X{18754BA4-4F0C-4E6E-888B-9496AFA05F43}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRuntime Libraries-->MsiExec.exe /I{ECA2B21B-A180-4775-B93F-6E404E36A8CC}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 7 Essentials-->MsiExec.exe /X{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OpenOffice.org 3.1-->MsiExec.exe /I{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}
OpenVPN 2.1_rc20-->C:\Program Files\OpenVPN\Uninstall.exe
Opera 10.01-->MsiExec.exe /X{4B296228-DF7C-43EA-8DED-76027355B219}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC Tools Firewall Plus 5.0-->C:\Program Files\PC Tools Firewall Plus\unins000.exe /LOG
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -removeonly
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
softphone3-->MsiExec.exe /I{87825648-0757-3327-3046-385125603252}
SolarWinds TFTP Server-->C:\Program Files\InstallShield Installation Information\{1AA86313-B188-498D-91CF-D017AC5A82A5}\setup.exe -runfromtemp -l0x0409
SpeedTouch 330-->C:\Program Files\Thomson\ST330\Uninstall\stInstall.exe -s:scen_uninstall_st330.xml -l:fr
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AntiVir Desktop (disabled)
AV: ESET NOD32 Antivirus 4.0
FW: PC Tools Firewall Plus

======System event log======

Computer Name: MOURAD-7206BD0B
Event Code: 18
Message: TIMEOUT<avwsc.exe> C:\...iles\openofficeorg1.cab

Record Number: 22654
Source Name: avgntflt
Time Written: 20091226130151.000000+180
Event Type: warning
User:

Computer Name: MOURAD-7206BD0B
Event Code: 18
Message: TIMEOUT<avwsc.exe> C:\...iles\openofficeorg1.cab

Record Number: 22653
Source Name: avgntflt
Time Written: 20091226125150.000000+180
Event Type: warning
User:

Computer Name: MOURAD-7206BD0B
Event Code: 18
Message: TIMEOUT<mbam.exe> C:\...Files\openofficeorg1.cab

Record Number: 22652
Source Name: avgntflt
Time Written: 20091226124149.000000+180
Event Type: warning
User:

Computer Name: MOURAD-7206BD0B
Event Code: 18
Message: TIMEOUT<mbam.exe> C:\...n\BluetoothSoftware5.zip

Record Number: 22651
Source Name: avgntflt
Time Written: 20091226122758.000000+180
Event Type: warning
User:

Computer Name: MOURAD-7206BD0B
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 22624
Source Name: Service Control Manager
Time Written: 20091226115546.000000+180
Event Type: error
User:

=====Application event log=====

Computer Name: MOURAD-7206BD0B
Event Code: 20
Message:
Record Number: 8643
Source Name: Google Update
Time Written: 20091104180705.000000+180
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: MOURAD-7206BD0B
Event Code: 20
Message:
Record Number: 8642
Source Name: Google Update
Time Written: 20091104171014.000000+180
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: MOURAD-7206BD0B
Event Code: 20
Message:
Record Number: 8641
Source Name: Google Update
Time Written: 20091104160705.000000+180
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: MOURAD-7206BD0B
Event Code: 20
Message:
Record Number: 8640
Source Name: Google Update
Time Written: 20091104151014.000000+180
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: MOURAD-7206BD0B
Event Code: 20
Message:
Record Number: 8639
Source Name: Google Update
Time Written: 20091104141014.000000+180
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ESTsoft\ALZip
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

mou_yem · Answer

merci pour ton aide dédétraqué ...

dédétraqué · Answer

Salut mou_yem


Télécharge et installe UsbFix par Chiquitine29
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir.

• Double clic sur le raccourci UsbFix présent sur ton bureau .

• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

• Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

• Laisse travailler l'outil.

• Ensuite poste le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note2 : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html 


@++  :)

mou_yem · Answer

Voici le rapport UsbFix.txt:


############################## | UsbFix V6.069 |

User : Mourad (Administrators) # 7206BD0B
Update on 01/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 6:58:27 AM | 1/2/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Pentium(R) Dual  CPU  E2160  @ 1.80GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]
AV : ESET NOD32 Antivirus 4.0 4.0 [ Enabled | Updated ]
FW : PC Tools Firewall Plus[ Enabled ]4.0.0

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 39.07 Go (19.84 Go free) # NTFS
D:\ -> Disque fixe local # 39.07 Go (38.97 Go free) # NTFS
E:\ -> Disque fixe local # 39.07 Go (38.97 Go free) # NTFS
F:\ -> Disque fixe local # 31.84 Go (31.75 Go free) # NTFS
G:\ -> Disque CD-ROM
I:\ -> Disque amovible # 962.7 Mo (601.72 Mo free) # FAT

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 796
C:\WINDOWS\system32\csrss.exe 844
C:\WINDOWS\system32\winlogon.exe 868
C:\WINDOWS\system32\services.exe 912
C:\WINDOWS\system32\lsass.exe 932
C:\WINDOWS\system32\svchost.exe 1132
C:\WINDOWS\system32\svchost.exe 1200
C:\WINDOWS\System32\svchost.exe 1296
C:\Program Files\Thomson\ST330\service\st330service.exe 1324
C:\WINDOWS\system32\svchost.exe 1412
C:\WINDOWS\system32\svchost.exe 1540
C:\WINDOWS\system32\svchost.exe 1704
C:\WINDOWS\system32\spoolsv.exe 1860
C:\Program Files\Avira\AntiVir Desktop\sched.exe 220
C:\WINDOWS\Explorer.EXE 476
C:\WINDOWS\system32\svchost.exe 704
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 1288
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe 1320
C:\WINDOWS\system32\ctfmon.exe 1388
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 324
C:\WINDOWS\system32\svchost.exe 996
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe 160
C:\WINDOWS\system32\svchost.exe 500
C:\Program Files\Java\jre6\bin\jqs.exe 1000
C:\WINDOWS\System32\svchost.exe 1272
C:\Program Files\PC Tools Firewall Plus\FWService.exe 1068
C:\WINDOWS\system32\IoctlSvc.exe 1960
C:\WINDOWS\System32\svchost.exe 2068
C:\WINDOWS\system32\svchost.exe 2180
C:\Program Files\D-Link\D-Link USB VoIP Adapter\VServ.exe 2216
C:\WINDOWS\System32\alg.exe 3064
C:\WINDOWS\System32\svchost.exe 3716
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe 2200
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe 1996
C:\Program Files\Mozilla Firefox\firefox.exe 2772
C:\WINDOWS\system32\wbem\wmiprvse.exe 3288

################## | Elements infectieux |

C:\WINDOWS\System32\autorun.inf 
C:\khq   
D:\khq   
E:\khq   
F:\khq   
I:\autorun.inf  

################## | Registre |


################## | Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{76df851d-c6c8-11de-9fa9-54484d000031}
shElL\AUTOpLAY\ComManD =upbwyi.exe 
shElL\AutoRun\command =upbwyi.exe 
shElL\explore\COmmAND =upbwyi.exe 
shElL\open\ComMaND =upbwyi.exe 

HKCU\..\..\Explorer\MountPoints2\{e7896d48-5aa2-11de-b76e-54484d000031}
Shell\AutoRun\command =xabzwk.exe 
Shell\explore\Command =xabzwk.exe 
Shell\open\Command =xabzwk.exe 

################## | Cracks > Keygens > Serials |


################## | ! Fin du rapport # UsbFix V6.069 ! |

dédétraqué · Answer

Salut mou_yem


(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, caméra, Carte SD, etc...) susceptible d avoir été infectés sans les ouvrir

• Double clic sur le raccourci UsbFix présent sur ton bureau

• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

• Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]

• Ton bureau disparaîtra et le pc redémarrera.

• Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.

• Ensuite poste le rapport UsbFix.txt qui apparaîtra avec le bureau.

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller ) 


@++  :)

mou_yem · Answer

voici le rapport usbfix.txt:


############################## | UsbFix V6.069 |

User : Mourad (Administrators) # 7206BD0B
Update on 01/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 7:17:06 AM | 1/2/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Pentium(R) Dual  CPU  E2160  @ 1.80GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
FW : PC Tools Firewall Plus[ Enabled ]4.0.0

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 39.07 Go (20.27 Go free) # NTFS
D:\ -> Disque fixe local # 39.07 Go (38.97 Go free) # NTFS
E:\ -> Disque fixe local # 39.07 Go (38.97 Go free) # NTFS
F:\ -> Disque fixe local # 31.84 Go (31.75 Go free) # NTFS
G:\ -> Disque CD-ROM
I:\ -> Disque amovible # 962.7 Mo (601.73 Mo free) # FAT

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 800
C:\WINDOWS\system32\csrss.exe 848
C:\WINDOWS\system32\winlogon.exe 872
C:\WINDOWS\system32\services.exe 916
C:\WINDOWS\system32\lsass.exe 936
C:\WINDOWS\system32\svchost.exe 1136
C:\WINDOWS\system32\svchost.exe 1204
C:\WINDOWS\System32\svchost.exe 1300
C:\Program Files\Thomson\ST330\service\st330service.exe 1328
C:\WINDOWS\system32\svchost.exe 1416
C:\WINDOWS\system32\svchost.exe 1568
C:\WINDOWS\system32\svchost.exe 1692
C:\WINDOWS\system32\spoolsv.exe 1848
C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSInfo32.exe 1968
C:\Program Files\Avira\AntiVir Desktop\sched.exe 2036
C:\WINDOWS\system32\WgaTray.exe 304
C:\Program Files\Google\Update\GoogleUpdate.exe 336
C:\WINDOWS\Explorer.EXE 356
C:\WINDOWS\system32\svchost.exe 560
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 2004
C:\WINDOWS\system32\svchost.exe 2012
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe 1924
C:\WINDOWS\system32\svchost.exe 452
C:\Program Files\Java\jre6\bin\jqs.exe 1980
C:\Program Files\Google\Update\GoogleUpdate.exe 648
C:\WINDOWS\System32\svchost.exe 696
C:\Program Files\PC Tools Firewall Plus\FWService.exe 840
C:\WINDOWS\system32\IoctlSvc.exe 1600
C:\WINDOWS\System32\svchost.exe 1512
C:\WINDOWS\system32\svchost.exe 1884
C:\Program Files\D-Link\D-Link USB VoIP Adapter\VServ.exe 2060
C:\WINDOWS\system32\wuauclt.exe 2248
C:\WINDOWS\system32\wbem\wmiprvse.exe 3500
C:\WINDOWS\System32\alg.exe 1716

################## | Elements infectieux |

Supprimé ! C:\WINDOWS\System32\autorun.inf 
Supprimé ! C:\khq  
Supprimé ! C:\Recycler\S-1-5-21-1177238915-507921405-725345543-1004 
Supprimé ! D:\khq  
Supprimé ! D:\Recycler\S-1-5-21-1078081533-1644491937-1801674531-500 
Supprimé ! D:\Recycler\S-1-5-21-1177238915-507921405-725345543-1004 
Supprimé ! D:\Recycler\S-1-5-21-1229272821-2139871995-839522115-1004 
Supprimé ! D:\Recycler\S-1-5-21-1547161642-1677128483-839522115-1004 
Supprimé ! E:\khq  
Supprimé ! E:\Recycler\S-1-5-21-1078081533-1644491937-1801674531-500 
Supprimé ! E:\Recycler\S-1-5-21-1177238915-507921405-725345543-1004 
Supprimé ! E:\Recycler\S-1-5-21-1229272821-2139871995-839522115-1004 
Supprimé ! E:\Recycler\S-1-5-21-1547161642-1677128483-839522115-1004 
Supprimé ! F:\khq  
Supprimé ! F:\Recycler\S-1-5-21-1078081533-1644491937-1801674531-500 
Supprimé ! F:\Recycler\S-1-5-21-1177238915-507921405-725345543-1004 
Supprimé ! F:\Recycler\S-1-5-21-1229272821-2139871995-839522115-1004 
Supprimé ! F:\Recycler\S-1-5-21-1547161642-1677128483-839522115-1004 
Supprimé ! I:\Recycler\S-1-5-21-1482476501-1644491937-682003330-1013 

################## | Registre |


################## | Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{76df851d-c6c8-11de-9fa9-54484d000031}\Shell\AUTOpLAY\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{e7896d48-5aa2-11de-b76e-54484d000031}\Shell\AutoRun\Command  

################## | Listing des fichiers présent |

[04/22/2009 03:04 PM|--a------|0] C:\AUTOEXEC.BAT 
[09/09/2009 04:06 AM|---hs----|211] C:\boot.ini 
[04/22/2009 03:04 PM|--a------|0] C:\CONFIG.SYS 
[?|?|?] C:\hiberfil.sys 
[08/21/2009 03:37 PM|--a------|8407882] C:\immudebug.log 
[04/22/2009 03:04 PM|-rahs----|0] C:\IO.SYS 
[04/23/2009 02:19 PM|--a------|1035] C:\JavaRa.log 
[04/22/2009 03:04 PM|-rahs----|0] C:\MSDOS.SYS 
[08/04/2004 03:00 PM|-rahs----|47564] C:\NTDETECT.COM 
[04/23/2009 01:29 AM|-rahs----|250048] C:
tldr 
[?|?|?] C:\pagefile.sys 
[04/22/2009 03:06 PM|--a------|1392] C:\Recovery-Info.lnk 
[12/29/2009 01:48 PM|--a------|1608] C:esiplog.txt 
[06/12/2009 10:29 PM|--a------|58752] C:esultat.txt 
[06/12/2009 10:28 PM|--a------|20320679] C:\upload_moi_MOURAD-7206BD0B.tar.gz 
[01/02/2010 07:20 AM|--a------|4749] C:\UsbFix.txt 
[08/25/2004 06:52 AM|-rahs----|834696] I:\xabzwk.exe 
[06/12/2030 08:47 PM|-r-hs----|264] I:\Desktop.ini 
[12/27/2009 10:06 PM|--a------|428544] I:\u99.exe 
[12/31/2009 02:13 PM|--a------|346666032] I:\X12-30105.exe 
[12/31/2009 01:32 PM|--a------|29017528] I:\FileFormatConverters.exe 
[01/01/2010 09:03 PM|--a------|1328] I:\BOOTEX.LOG 
[12/31/2009 03:08 PM|--a------|957128] I:\50bd907b-c13e-4928-a82d-1a57d618d230_SaveAsPDFandXPS.exe 

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.  
# D:\autorun.inf -> Dossier créé par UsbFix.  
# E:\autorun.inf -> Dossier créé par UsbFix.  
# F:\autorun.inf -> Dossier créé par UsbFix.  
# I:\autorun.inf -> Dossier créé par UsbFix.  

################## | Crack > Keygen > Serial |


################## | Upload | 

Veuillez envoyer le fichier : C:\DOCUME~1\Mourad\Desktop\UsbFix_Upload_Me_7206BD0B.zip : https://www.ionos.fr/?affiliate_id=77097 
Merci pour votre contribution .  

################## | ! Fin du rapport # UsbFix V6.069 ! |

mou_yem · Answer

On m'a demandé de uploader un fichier; avant de le faire je voulais te demander s'il y avait un quelconque risque ???
Merci

dédétraqué · Answer

Salut mou_yem


Non pas de souci pour l'envoie de ce fichier, cela aide les concepteurs pour l'amélioration de l'outil.
Et dans ton cas cela va être important car je voie deux fichiers suspects qui non pas été détecté par l'outil.


Faire un scan de ce fichier xabzwk.exe ici :

https://www.virustotal.com/gui/


Clique sur Parcourir et copie/colle ceci :
I:\xabzwk.exe
Après tu clique sur Envoyer le fichier et attendre le résultat de l’analyse.

Si il te dit que le fichier a déjà été analysé, sélectionne le bouton :
Reanalyse le fichier maintenant et attendre le résultat de l'analyse, poste le résultat au complet.

Poste le résultat au complet

Aide : http://bibou0007.com/scans-en-ligne-f75/tutorial-sur-virustotal-t190.htm

Faire un scan de ce fichier également :
I:\u99.exe


@++   :)

mou_yem · Answer

Salut,

j'ai un petit souci, je ne retrouve pas le fichier "I:\xabzwk.exe " sur ma cle usb te je ne me souviens pas de l'avoir supprime.
En ce qui concerne le second (il s'agit d'un proxy que j'utilise pour me connecter sur internet car mon FAI bloque tous les sites qui traitent de la VOIP, etc), voici le resultat de l'analyse:

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.46 2010.01.02 -
AhnLab-V3 5.0.0.2 2010.01.02 -
AntiVir 7.9.1.122 2009.12.31 -
Antiy-AVL 2.0.3.7 2009.12.31 -
Authentium 5.2.0.5 2010.01.02 -
Avast 4.8.1351.0 2010.01.02 -
AVG 8.5.0.430 2010.01.02 -
BitDefender 7.2 2010.01.02 -
CAT-QuickHeal 10.00 2010.01.02 (Suspicious) - DNAScan
ClamAV 0.94.1 2010.01.01 -
Comodo 3449 2010.01.02 Heur.Pck.EXECryptor
DrWeb 5.0.1.12222 2010.01.02 -
eSafe 7.0.17.0 2009.12.31 -
eTrust-Vet 35.1.7210 2010.01.01 -
F-Prot 4.5.1.85 2010.01.02 -
F-Secure 9.0.15370.0 2010.01.02 -
Fortinet 4.0.14.0 2010.01.02 -
GData 19 2010.01.02 -
Ikarus T3.1.1.79.0 2009.12.31 -
Jiangmin 13.0.900 2010.01.02 -
K7AntiVirus 7.10.936 2010.01.02 -
Kaspersky 7.0.0.125 2010.01.02 -
McAfee 5849 2010.01.02 -
McAfee+Artemis 5849 2010.01.02 Artemis!305C26C30618
McAfee-GW-Edition 6.8.5 2010.01.01 Heuristic.LooksLike.Win32.SuspiciousPE.C
Microsoft 1.5302 2010.01.02 -
NOD32 4738 2010.01.02 -
Norman 6.04.03 2009.12.31 -
nProtect 2009.1.8.0 2009.12.31 -
Panda 10.0.2.2 2010.01.02 -
PCTools 7.0.3.5 2010.01.02 Packed/Execryptor
Prevx 3.0 2010.01.02 Medium Risk Malware
Rising 22.28.03.04 2009.12.31 -
Sophos 4.49.0 2010.01.02 -
Sunbelt 3.2.1858.2 2010.01.02 -
TheHacker 6.5.0.3.125 2010.01.02 -
TrendMicro 9.120.0.1004 2010.01.02 -
VBA32 3.12.12.1 2010.01.01 -
ViRobot 2009.12.31.2118 2009.12.31 -
VirusBuster 5.0.21.0 2010.01.02 Packed/Execryptor
Information additionnelle
File size: 428544 bytes
MD5...: 305c26c3061829ee5d1ef29d324c9758
SHA1..: 5e3ca21305d3656da463d501dece0dfa37ae767c
SHA256: 0ca7b461007cef04bbf789520da957e9b5d3e68c55d9bca25d9d68f3bb5dc905
ssdeep: 6144:duwdaoWbn0MKDSwvqAKlYht3OogRSbxJCRC0RN7gJJiCSVPIQjxe+7dLxv:
dmoWbn9kmlC3Oo2axJCRRN7JVPNhh
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4c1556
timedatestamp.....: 0x4b333524 (Thu Dec 24 09:32:20 2009)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2c000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
63csc3nw 0x2d000 0xa000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.data 0x37000 0x402000 0x17000 7.87 be4465c14db9e2ebae1fa788fdda68fd
.rsrc 0x439000 0xd000 0x9000 4.04 973e014701a286c1fe134751e07ffc53
xavehzmu 0x446000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
e4tr1enf 0x447000 0x33000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
h7vt1j.v 0x47a000 0x48000 0x4757a 7.99 441dd6766751592eeb1e2aa9a8497b1b
rd3dp1uv 0x4c2000 0x1000 0x1000 7.96 fe4e84880bb2409d8cc436501602d5bf

( 0 imports )

( 0 exports )
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=305c26c3061829ee5d1ef29d324c9758' target='_blank'>https://www.symantec.com?md5=305c26c3061829ee5d1ef29d324c9758</a>
packers (Kaspersky): Execryptor
packers (F-Prot): EXECryptor
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=29034AFE004728CC8A97060AB837170077CDBEF7' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=29034AFE004728CC8A97060AB837170077CDBEF7</a>
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
pdfid.: -

Pour info, ce programme est aussi present sur mon PC, et pas seulement sur la cle USB.

Merci

mou_yem · Answer

PS: s'il faut le supprimer aucun souci, car a présent j'utilise un VPN.

dédétraqué · Answer

Salut mou_yem


Pour ce fichier : I:\u99.exe 
Si pas utiliser tu peux le supprimer, clique droit et supprimer.


Pour ce fichier : I:\xabzwk.exe
Certain que tu ne le verras pas, c'est un fichier caché.
Il ne faut pas rechercher le fichier, simplement coller ceci I:\xabzwk.exe et cliquer sur Envoyer le fichier

Si tu veux y aller avec la recherche, affiche les fichiers et dossiers cachés :
https://1map.com/fr/astwindscom


@++   :)

mou_yem · Answer

Voici le rapport de I:\xabzwk.exe

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.46 2010.01.02 Packed.Win32.Klone!IK
AhnLab-V3 5.0.0.2 2010.01.02 Win-Trojan/Malware.834696
AntiVir 7.9.1.122 2009.12.31 -
Antiy-AVL 2.0.3.7 2009.12.31 -
Authentium 5.2.0.5 2010.01.02 -
Avast 4.8.1351.0 2010.01.02 AutoIt:Balero-A2
AVG 8.5.0.430 2010.01.02 Worm/Autoit.ABHZ
BitDefender 7.2 2010.01.02 Gen:Trojan.Heur.AutoIT.Yq3@byjiJjfO
CAT-QuickHeal 10.00 2010.01.02 Win32.Packed.Klone.bj.4
ClamAV 0.94.1 2010.01.01 -
Comodo 3449 2010.01.02 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.1.12222 2010.01.02 Win32.HLLW.Autohit.9511
eSafe 7.0.17.0 2009.12.31 -
eTrust-Vet 35.1.7210 2010.01.01 -
F-Prot 4.5.1.85 2010.01.02 -
F-Secure 9.0.15370.0 2010.01.02 Gen:Trojan.Heur.AutoIT.Yq3@byjiJjfO
Fortinet 4.0.14.0 2010.01.02 W32/AutoIt.PL!worm
GData 19 2010.01.02 Gen:Trojan.Heur.AutoIT.Yq3@byjiJjfO
Ikarus T3.1.1.79.0 2009.12.31 Packed.Win32.Klone
Jiangmin 13.0.900 2010.01.02 TrojanDownloader.Zlob.xcl
K7AntiVirus 7.10.936 2010.01.02 -
Kaspersky 7.0.0.125 2010.01.02 Worm.Win32.AutoIt.pl
McAfee 5849 2010.01.02 Generic.dx!hmq
McAfee+Artemis 5849 2010.01.02 Generic.dx!hmq
McAfee-GW-Edition 6.8.5 2010.01.01 -
Microsoft 1.5302 2010.01.02 Worm:AutoIt/Renocide.gen!A
NOD32 4738 2010.01.02 Win32/Packed.Autoit.Gen
Norman 6.04.03 2009.12.31 AutoRun.XTB
nProtect 2009.1.8.0 2009.12.31 -
Panda 10.0.2.2 2010.01.02 Trj/CI.A
PCTools 7.0.3.5 2010.01.02 Malware.Harakit
Prevx 3.0 2010.01.02 High Risk Cloaked Malware
Rising 22.28.03.04 2009.12.31 -
Sophos 4.49.0 2010.01.02 Mal/Renocide-A
Sunbelt 3.2.1858.2 2010.01.02 Trojan.Win32.AutoIt.gen.1 (v)
TheHacker 6.5.0.3.125 2010.01.02 -
TrendMicro 9.120.0.1004 2010.01.02 Cryp_Otorun-12
VBA32 3.12.12.1 2010.01.01 Trojan.Autoit.F
ViRobot 2009.12.31.2118 2009.12.31 -
VirusBuster 5.0.21.0 2010.01.02 Trojan.Autoit.Gen!Pac
Information additionnelle
File size: 834696 bytes
MD5...: ba8f0da73020045769f162389fe12f21
SHA1..: 820f43562ac8b5e03d8a9d472f214af488b8668f
SHA256: 895ddeb07eb5d8543ed296dc30da919ffcd0cc418e69ceb8899c1c67f18ac7f2
ssdeep: 24576:MxqT31T6WE6I5jKqosOm+b1BEvli/drhg:D6WE6IN95+b1itilNg
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x54d3d
timedatestamp.....: 0x4850e379 (Thu Jun 12 08:51:05 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x65f57 0x66000 6.69 3acda4623a0e3d29e47286c5ce656b86
.rdata 0x67000 0xe534 0xe600 5.02 f5ea2b2f886fbb9eaf7f19883bd5f07b
.data 0x76000 0x16ad8 0x2a00 3.89 85ce1e4957f76b29bd9a747a6ce443cc
.rsrc 0x8d000 0x1d100 0x1d200 5.26 12aa9c30e5a68a6213ac32e1bc630e17

( 13 imports )
> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
> WINMM.dll: waveOutSetVolume, mciSendStringW, timeGetTime
> COMCTL32.dll: ImageList_DragMove, ImageList_EndDrag, ImageList_DragLeave, ImageList_DragEnter, ImageList_BeginDrag, ImageList_SetDragCursorImage, ImageList_Destroy, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Remove
> MPR.dll: WNetUseConnectionW, WNetGetConnectionW, WNetAddConnection2W, WNetCancelConnection2W
> KERNEL32.dll: UnmapViewOfFile, OpenProcess, CreateFileMappingW, MapViewOfFile, WriteProcessMemory, ReadProcessMemory, CreateFileW, ReadFile, SetFilePointer, SetFileTime, FindResourceW, LoadResource, GetFileAttributesW, LockResource, FindFirstFileW, SizeofResource, FindClose, EnumResourceNamesW, DeleteFileW, FindNextFileW, lstrcmpiW, MoveFileW, OutputDebugStringW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, TerminateProcess, SetSystemPowerState, GetLocalTime, MultiByteToWideChar, WideCharToMultiByte, CompareStringW, InterlockedIncrement, InterlockedDecrement, WriteFile, CreatePipe, GetStdHandle, InterlockedExchange, EnterCriticalSection, TerminateThread, LeaveCriticalSection, DeleteCriticalSection, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetDriveTypeW, QueryPerformanceFrequency, GetVolumeInformationW, SetVolumeLabelW, DeviceIoControl, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, SetFileAttributesW, WritePrivateProfileSectionW, GetShortPathNameW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetEnvironmentVariableW, GetFileSize, SetEnvironmentVariableW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, SetProcessWorkingSetSize, GlobalMemoryStatus, Beep, GetComputerNameW, GetWindowsDirectoryW, GetSystemDirectoryW, GetCurrentProcessId, GetCurrentThread, CreateProcessW, SetPriorityClass, VirtualAlloc, LoadLibraryExW, GetModuleHandleA, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, RaiseException, GetModuleFileNameA, HeapSize, HeapReAlloc, HeapDestroy, HeapCreate, RtlUnwind, QueryPerformanceCounter, GetModuleHandleW, GetSystemInfo, GetVersionExW, GetCurrentThreadId, Sleep, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, HeapAlloc, GetProcessHeap, HeapFree, CloseHandle, GetCurrentProcess, LoadLibraryA, GetModuleFileNameW, GetFullPathNameW, SetCurrentDirectoryW, GetConsoleCP, GetConsoleMode, SetHandleCount, GetCurrentDirectoryW, FreeLibrary, InitializeCriticalSection, GetProcAddress, LoadLibraryW, GetStartupInfoW, GetVersionExA, ExitProcess, ExitThread, GetSystemTimeAsFileTime, GetFileType, GetStartupInfoA, SetStdHandle, ResumeThread, FlushFileBuffers, LCMapStringA, LCMapStringW, GetTimeZoneInformation, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetCommandLineW, GetTickCount, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, SetEndOfFile, CompareStringA, GetDiskFreeSpaceW, SetEnvironmentVariableA
> USER32.dll: SetWindowLongW, FlashWindow, GetActiveWindow, InflateRect, CharNextW, DrawFocusRect, wsprintfW, DrawTextW, RedrawWindow, FrameRect, DrawFrameControl, FillRect, DrawMenuBar, PtInRect, DestroyMenu, SetMenu, DestroyAcceleratorTable, CreateAcceleratorTableW, GetWindowTextLengthW, SetCursor, GetWindowDC, TranslateAcceleratorW, GetSystemMetrics, IsDialogMessageW, CreateMenu, IsDlgButtonChecked, GetSysColor, DefDlgProcW, ReleaseCapture, SetCapture, SetActiveWindow, FindWindowExW, EnumThreadWindows, LoadImageW, CreateIconFromResourceEx, mouse_event, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, IsZoomed, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, DispatchMessageW, GetDC, GetKeyboardLayoutNameA, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, DestroyWindow, GetMenu, GetClientRect, CopyRect, EndPaint, BeginPaint, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, SendMessageTimeoutW, GetFocus, GetWindowTextW, ScreenToClient, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, GetCaretPos, GetSubMenu, GetMenuStringW, IsCharUpperW, IsCharLowerW, IsCharAlphaNumericW, IsCharAlphaW, GetKeyboardLayoutNameW, ClientToScreen, RegisterHotKey, ReleaseDC, SetMenuItemInfoW, GetCursor, PostMessageW, GetWindowRect, MessageBoxW, GetForegroundWindow, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, MessageBoxA, RegisterWindowMessageW, DestroyIcon, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, TranslateMessage, PeekMessageW, WindowFromPoint, SetClipboardData, EmptyClipboard, CountClipboardFormats, SetWindowPos, CopyImage, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, AdjustWindowRectEx, SetRect, CharLowerBuffW, GetMessageW, VkKeyScanA, LockWindowUpdate, UnregisterHotKey, keybd_event, ExitWindowsEx, CharUpperW
> GDI32.dll: LineTo, AngleArc, MoveToEx, Ellipse, PolyDraw, BeginPath, SetTextColor, GetObjectW, SetBkMode, RoundRect, SetBkColor, CloseFigure, SetPixel, EndPath, StrokePath, StrokeAndFillPath, ExtCreatePen, PolyBezierTo, SetViewportOrgEx, Rectangle, CreatePen, CreateSolidBrush, CreateCompatibleBitmap, GetPixel, DeleteDC, GetDIBits, BitBlt, SelectObject, CreateDIBSection, CreateCompatibleDC, CreateFontW, GetDeviceCaps, GetTextFaceW, GetStockObject, CreateDCW, GetTextExtentPoint32W, DeleteObject
> comdlg32.dll: GetSaveFileNameW, GetOpenFileNameW
> ADVAPI32.dll: RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, RegEnumKeyExW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, CloseServiceHandle, UnlockServiceDatabase, LockServiceDatabase, OpenSCManagerW, RegCloseKey, RegQueryValueExW, RegOpenKeyExW
> SHELL32.dll: DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
> ole32.dll: OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, IIDFromString, StringFromIID, CLSIDFromString, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, StringFromCLSID, OleUninitialize
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Windows Screen Saver (51.1%)
Win32 Executable Generic (33.2%)
Generic Win/DOS Executable (7.8%)
DOS Executable Generic (7.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: n/a
copyright....: Fear
product......: n/a
description..: Tear
original name: n/a
internal name: n/a
file version.: 9.1.9.5
comments.....: Gear
signers......: -
signing date.: -
verified.....: Unsigned
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=BCA6C4548821B3E0BC620C61DAB4F700F75398C8' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=BCA6C4548821B3E0BC620C61DAB4F700F75398C8</a>

dédétraqué · Answer

Salut mou_yem


Télécharge OTM (de Old_Timer) sur le bureau :

http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/


Double-clique sur OTM.exe sur le bureau

- Copie le texte qui se trouve en gras ci-dessous et colle le dans le cadre de gauche de OTM nommé Paste Instructions for Items to be Moved

 :files 
I:\xabzwk.exe

:commands 
[purity] 
[emptytemp] 
[reboot]

- Clique sur MoveIt! pour lancer la suppression.
- Ferme OTM

Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.

Poste le rapport de OTMoveIt qui se trouve dans C:\_OTM\MovedFiles.


@++   :)

mou_yem · Answer

Salut, voici le rapport:

All processes killed
========== FILES ==========
I:\xabzwk.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Mourad
->Temp folder emptied: 258355 bytes
->Temporary Internet Files folder emptied: 5587613 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42336325 bytes
->Google Chrome cache emptied: 5861046 bytes
->Opera cache emptied: 870851 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2223107 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 634205 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 499478 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 573804828 bytes
 
Total Files Cleaned = 603.00 mb
 
 
OTM by OldTimer - Version 3.1.4.0 log created on 01022010_231459

Files moved on Reboot...

Registry entries deleted on Reboot...

dédétraqué · Answer

Salut mou_yem 


Supprime ce dossier : C:\_OTM
Vide la corbeille

Retente le scan avec Nod32 en ligne (il faut utiliser Internet Explorer) ici :

https://www.eset.com/int/home/online-scanner/

(coche toutes les cases à chaque fois) 
A la fin, colle le rapport : C:\Program Files\EsetOnlineScanner\[b]log.txt[/b]


@++   :)

mou_yem · Answer

Salut dédétraqué,

après plus de 5heures de scan, il est bloque a 23% et a détecté 2 fichiers infectes par Win32/Prc View application.
Le PC a beuguer, j'ai du le redémarrer, et il met toujours très longtemps a  se lancer...

mou_yem · Answer

Salut dédétraqué, 

c'est encore moi,rien a change de mon cote, mon PC est toujours aussi lent, et IMPOSSIBLE de mener un scan en ligne a terme (même après plus de 6 heures je ne dépasse pas les 20%), pourtant j'ai une connexion a 1MB...

En tout cas merci pour ton aide !

dédétraqué · Answer

Salut mou_yem


On va creuser un peu plus, télécharge combofix.exe (de sUBs) sur le bureau :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

Important Désactive ton Antivirus et antispyware avant le scan avec Combofix :
https://forum.pcastuces.com/default.asp


==> Sauvegarde ton travail et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==

Double clique sur combofix.exe, clique sur OUI et valide par Entrée 

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure


@++   :)

mou_yem · Answer

Salut,

voici le rapport:

ComboFix 10-01-02.05 - Mourad 01/03/2010  20:12:37.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3063.2589 [GMT 3:00]
Running from: c:\documents and settings\Mourad\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\COMMON~1\{525D3~1
c:\progra~1\COMMON~1\{525D3~1\slscp.log
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\autorun.inf
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\Ivr.scp
c:\progra~1\COMMON~1\{525D3~1\SLTLINKeadme.txt
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\Setup.exe
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\Setup.MSI
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\Setup.scp
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\SLExtBU\ivr.scp
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\SLExtBU\Setup.scp
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\slusbvip.cat
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\slusbvip.inf
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\slusbvip.sys
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\slvad.cat
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\slvad.inf
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\slvad.sys
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\slvipco.dll
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\slvipgx.dll
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\TLRecAgent.sys

.
(((((((((((((((((((((((((   Files Created from 2009-12-03 to 2010-01-03  )))))))))))))))))))))))))))))))
.

2010-01-02 04:36 . 2010-01-02 04:36	--------	d--h--w-	c:\windows\PIF
2010-01-02 03:58 . 2010-01-02 03:58	--------	d-----w-	c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-01-02 03:57 . 2010-01-02 04:22	--------	d-----w-	C:\UsbFix
2010-01-02 03:48 . 2010-01-02 03:49	--------	d-----w-	C:sit
2010-01-02 02:58 . 2010-01-02 02:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\ESET
2010-01-01 18:18 . 2010-01-02 02:58	--------	d-----w-	c:\program files\ESET
2010-01-01 11:51 . 2009-06-30 06:37	28552	----a-w-	c:\windows\system32\drivers\pavboot.sys
2010-01-01 03:39 . 2010-01-01 03:41	--------	d-----w-	c:\program files\OpenVPN
2009-12-31 18:22 . 2009-03-25 11:29	130432	----a-w-	c:\windows\system32\drivers\Rtnicxp.sys
2009-12-31 17:28 . 2004-08-03 19:31	20992	-c--a-w-	c:\windows\system32\dllcachetl8139.sys
2009-12-31 17:28 . 2004-08-03 19:31	20992	----a-w-	c:\windows\system32\drivers\RTL8139.sys
2009-12-30 15:27 . 2009-12-30 15:27	6868368	----a-w-	c:\documents and settings\Mourad\Application Data\ESTsoft\ALUpdate\ALZIP
ewfile\TEMP\ALZip.exe
2009-12-23 22:52 . 2009-12-23 22:52	--------	d-----w-	c:\program files\Common Files\Skype
2009-12-23 15:56 . 2009-12-23 15:57	--------	d-----w-	c:\documents and settings\Mourad\Application Data\RealTunnelv2
2009-12-20 21:33 . 2009-12-20 21:33	--------	d-----w-	c:\documents and settings\All Users\Application Data\SolarWinds
2009-12-20 21:32 . 2009-12-20 21:32	--------	d-----w-	c:\program files\SolarWinds
2009-12-20 20:16 . 2009-12-20 20:16	729088	----a-w-	c:\windows\iun6002.exe
2009-12-20 20:16 . 2009-12-20 21:47	--------	d-----w-	c:\program files\TFTP Desktop
2009-12-20 08:33 . 2009-10-12 13:38	149504	-c----w-	c:\windows\system32\dllcacheastls.dll
2009-12-20 08:33 . 2009-10-12 13:38	79872	-c----w-	c:\windows\system32\dllcacheaschap.dll
2009-12-20 08:31 . 2009-10-13 10:30	270336	-c----w-	c:\windows\system32\dllcache\oakley.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-03 15:00 . 2009-04-22 14:35	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-03 10:39 . 2009-08-18 03:15	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2010-01-03 04:12 . 2009-04-23 21:22	1	----a-w-	c:\documents and settings\Mourad\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-02 10:23 . 2009-04-23 03:01	--------	d-----w-	c:\program files\Real
2010-01-02 08:56 . 2009-04-23 03:01	--------	d-----w-	c:\program files\Common Files\Real
2010-01-01 13:21 . 2009-06-07 10:28	--------	d-----w-	c:\program files\Panda Security
2010-01-01 00:18 . 2009-04-22 23:09	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-01-01 00:18 . 2009-04-22 23:10	5061520	-c--a-w-	c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-31 23:41 . 2009-04-29 23:02	--------	d-----w-	c:\program files\ma-config.com
2009-12-31 22:34 . 2009-08-18 03:14	--------	d-----w-	c:\program files\PC Tools Firewall Plus
2009-12-31 18:22 . 2009-04-22 13:49	--------	d-----w-	c:\program files\Realtek
2009-12-31 18:22 . 2009-04-22 13:49	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-12-31 18:14 . 2009-04-29 23:02	--------	d-----w-	c:\documents and settings\All Users\Application Data\ma-config.com
2009-12-31 05:03 . 2009-10-13 18:49	--------	d-----w-	c:\documents and settings\Mourad\Application Data\Skype
2009-12-31 05:00 . 2009-04-22 23:13	--------	d-----w-	c:\documents and settings\Mourad\Application Data\skypePM
2009-12-30 18:19 . 2009-08-01 10:35	--------	d-----w-	c:\documents and settings\Mourad\Application Data\vlc
2009-12-30 11:55 . 2009-04-22 23:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 11:54 . 2009-04-22 23:09	19160	-c--a-w-	c:\windows\system32\drivers\mbam.sys
2009-12-24 04:03 . 2009-04-22 22:57	--------	d-----w-	c:\program files\Google Chrome
2009-12-23 22:52 . 2009-10-13 18:48	--------	d-----r-	c:\program files\Skype
2009-12-23 22:52 . 2009-04-22 23:11	--------	d-----w-	c:\documents and settings\All Users\Application Data\Skype
2009-12-20 08:49 . 2009-04-22 14:35	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2009-12-20 08:48 . 2009-07-14 16:13	56816	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2009-11-11 06:30 . 2009-10-19 21:48	177056	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-11 03:13 . 2009-06-06 15:08	--------	d-----w-	c:\documents and settings\Mourad\Application Data\HP
2009-11-11 03:13 . 2009-06-06 14:48	--------	d-----w-	c:\documents and settings\All Users\Application Data\HP
2009-11-11 02:14 . 2009-04-22 14:05	32024	-c--a-w-	c:\documents and settings\Mourad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-03 21:04 . 2008-07-31 22:42	25984	----a-w-	c:\windows\system32\drivers	ap0901.sys
2009-10-31 08:23 . 2009-04-22 14:23	411368	-c--a-w-	c:\windows\system32\deploytk.dll
2009-10-29 07:45 . 2004-09-29 18:47	916480	----a-w-	c:\windows\system32\wininet.dll
2009-10-13 10:30 . 2004-08-04 12:00	270336	----a-w-	c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 12:00	149504	----a-w-	c:\windows\system32astls.dll
2009-10-12 13:38 . 2004-08-04 12:00	79872	----a-w-	c:\windows\system32aschap.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KeyyoFax.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KeyyoFax.lnk
backup=c:\windows\pss\KeyyoFax.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mourad^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Mourad\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Mourad^Start Menu^Programs^Startup^Outil de notification Live Search.lnk]
path=c:\documents and settings\Mourad\Start Menu\Programs\Startup\Outil de notification Live Search.lnk
backup=c:\windows\pss\Outil de notification Live Search.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32\V0420Ext.ax]
c:\windows\system32\V0420Ext.ax [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]
c:\program files\ZTE Corporation\ZXDSL852\CnxDslTb.exe ZTE Corporation\ZXDSL852 [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ParadialRealTun2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WengoPhoneNG

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 09:08	935288	-c--a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 01:08	35696	-c--a-w-	c:\program files\Adobe\Reader 9.0\Readereader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2009-03-02 08:14	57344	-c--a-w-	c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12	110592	-c--a-w-	c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32\V0420Cvw.dll]
2007-05-14 01:00	262144	-c--a-r-	c:\windows\system32\V0420CVW.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12	15360	------w-	c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagnostics]
2009-05-08 21:19	557149	-c--a-w-	c:\program files\Thomson\ST330\diagnostics\diagnostics.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLinkMonitor.exe]
2007-01-03 11:12	651264	-c--a-w-	c:\program files\D-Link\D-Link USB VoIP Adapter\DLinkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2009-07-18 03:21	257440	-c--a-w-	c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-04-22 22:50	133104	-c--atw-	c:\documents and settings\Mourad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-15 09:46	159744	-c--a-w-	c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 18:17	49152	-c--a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 13:31	80896	-c--a-w-	c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-15 09:46	135168	-c--a-w-	c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 15:50	4363504	-c--a-w-	c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 00:12	169984	-c--a-w-	c:\windows\pchealth\helpctr\binaries\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-08-26 20:07	3883856	-c--a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 05:27	570664	-c--a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-15 09:46	131072	-c--a-w-	c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-04-10 10:38	17879552	-c--a-w-	c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-11-20 15:15	1826816	-c--a-w-	c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 13:07	2260480	-c----w-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-31 08:23	149280	-c--a-w-	c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0420Mon.exe]
2007-04-30 01:00	32768	-c--a-r-	c:\windows\V0420Mon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"=
"c:\Program Files\Thomson\ST330\service\st330service.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hposid01.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"=
"c:\Program Files\Windows Live\Messenger\wlcsdk.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Skype\Plugin Manager\skypePM.exe"=
"c:\Program Files\Skype\Phone\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5060:UDP"= 5060:UDP:5060
"5061:UDP"= 5061:UDP:5061
"16384:UDP"= 16384:UDP:16384
"16482:UDP"= 16482:UDP:16482

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [1/7/2009 11:39 PM 20744]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [1/1/2010 2:51 PM 28552]
R0 TLRecAgent;TLRecAgent;c:\windows\system32\drivers\TLRecAgent.sys [7/22/2009 11:19 AM 37208]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [8/18/2009 6:15 AM 159600]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [7/14/2009 7:13 PM 108289]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [8/18/2009 6:15 AM 73840]
R2 VService;VService;c:\program files\D-Link\D-Link USB VoIP Adapter\VServ.exe [1/2/2007 1:07 PM 105208]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [8/18/2009 6:14 AM 95640]
R3 ST330;ST330;c:\windows\system32\drivers\st330.sys [4/30/2009 7:43 PM 30464]
R3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [4/30/2009 7:43 PM 12672]
R3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [4/30/2009 7:43 PM 32000]
S2 gupdate1c9c3c0e7640a00;Service Google Update (gupdate1c9c3c0e7640a00);c:\program files\Google\Update\GoogleUpdate.exe [4/23/2009 6:09 AM 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/30/2009 3:13 AM 1684736]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/7/2008 12:44 PM 30088]
S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys --> c:\windows\system32\DRIVERS\CnxEtP.sys [?]
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys --> c:\windows\system32\DRIVERS\CnxEtU.sys [?]
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNW.sys --> c:\windows\system32\DRIVERS\CnxTgNW.sys [?]
S3 DOSMEMIO;MEMIO;\??\g:\memio.sys --> g:\MEMIO.SYS [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [7/2/2008 2:58 PM 26248]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [12/17/2009 7:00 PM 243056]
S3 slusbvip;SL3800 USB Driver;c:\windows\system32\drivers\slusbvip.sys [7/22/2009 11:19 AM 591832]
S3 SLVAD_simple;D-Link Virtual Audio Device;c:\windows\system32\drivers\slvad.sys [7/22/2009 11:20 AM 85656]
S3 SolarWinds TFTP Server;SolarWinds TFTP Server;c:\program files\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe [10/20/2009 9:52 PM 54272]
S3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\drivers\V0420Vid.sys [5/31/2009 5:38 PM 99648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-01-03 c:\windows\Tasks\defrag.job
- c:\windows\system32\defrag.exe [2004-08-04 00:12]

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-23 03:09]

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-23 03:09]

2010-01-03 c:\windows\Tasks\User_Feed_Synchronization-{894F263C-E34C-448D-AD66-4A9A7005FF4A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local
IE: Send To &Bluetooth - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {33AFB313-4EC0-403E-A9F3-948279A1C833} = 82.114.162.33 195.94.0.34
FF - ProfilePath - c:\documents and settings\Mourad\Application Data\Mozilla\Firefox\Profiles\moulsvwe.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - plugin: c:\documents and settings\Mourad\Local Settings\Application Data\Google\Update\1.2.141.5
pGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Earth\plugin
pgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13
pGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com
phardwaredetection.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-BtTray - c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
MSConfigStartUp-InCD - c:\program files\Nero\Nero 7\InCD\InCD.exe
MSConfigStartUp-SecurDisc - c:\program files\Nero\Nero 7\InCD\NBHGui.exe
MSConfigStartUp-SpeedTouch USB Diagnostics - c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OBealsched.exe
MSConfigStartUp-TLinkAgent - c:\program files\D-Link\D-Link USB Phone Adapter\DPH-50U Utility.exe



**************************************************************************
scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\st330service]
"ImagePath"="C:\Program Files/Thomson/ST330/service/st330service.exe -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\MSVCP60.dll
.
Completion time: 2010-01-03  20:18:35
ComboFix-quarantined-files.txt  2010-01-03 17:18

Pre-Run: 22,489,088,000 bytes free
Post-Run: 22,441,598,976 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 35D177D1D3026A8FB727AE1E0B1733D7

dédétraqué · Answer

Salut mou_yem


Faire un scan avec [b]BitDefender[/b] ici :

http://www.bitdefender.fr/scan8/ie.html [color=red][b](A faire avec Internet Explorer)[/b][/color]


Tutoriel : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId406812


@++ :)

mou_yem · Answer

Bonsoir,

J'ai reussi a mener le scan a terme. Voici le rapport:

BitDefender Online Scanner
  
  
 
Rapport d'analyse gnr : Mon, Jan 04, 2010 - 00:27:54
 
 
  
  
 
Voie d'analyse: A:\;C:\;D:\;E:\;F:\;G:\;I:\;
  
  
 
 
  
  
 
Statistiques
 
Temps
 01:47:55
 
Fichiers
 76633
 
Directoires
 6576
 
Secteurs de boot
 0
 
Archives
 1694
 
Paquets programmes
 4170
 
  
  
 
Rsultats
 
Virus identifis
 1
 
Fichiers infects
 3
 
Fichiers suspects
 0
 
Avertissements
 0
 
Dsinfects
 0
 
Fichiers effacs
 3
 
  
  
 
Info sur les moteurs
 
Dfinition virus
 4811475
 
Version des moteurs
 AVCORE v2.1 Windows/i386 11.0.0.33 (Nov 24 2009)
 
Analyse des plugins
 17
 
Archive des plugins
 44
 
Unpack des plugins
 8
 
E-mail plugins
 6
 
Systme plugins
 4
 
  
  
 
Paramtres d'analyse
 
Premire action
 DÃ©sinfectÃ©
 
Seconde Action
 SupprimÃ©s
 
Heuristique
 Oui
 
Acceptez les avertissements
 Oui
 
Extensions analyses
 exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
 
Excludez les extensions
  
 
Analyse d'emails
 Oui
 
Analyse des Archives
 Oui
 
Analyser paquets programmes
 Oui
 
Analyse des fichiers
 Oui
 
Analyse de boot
 Oui
 
  
  
 
  Fichier analys
  Statut
 
C:\System Volume Information\_restore{DB3E0604-AAFE-4E2E-9854-F409F163C479}\RP236\A0123577.exe
 InfectÃ© par: Gen:Trojan.Heur.AutoIT.Yq3@byjiJjfO
 
C:\System Volume Information\_restore{DB3E0604-AAFE-4E2E-9854-F409F163C479}\RP236\A0123577.exe
 Echec de la dÃ©sinfection
 
C:\System Volume Information\_restore{DB3E0604-AAFE-4E2E-9854-F409F163C479}\RP236\A0123577.exe
 SupprimÃ©
 
C:\System Volume Information\_restore{DB3E0604-AAFE-4E2E-9854-F409F163C479}\RP236\A0129574.exe
 InfectÃ© par: Gen:Trojan.Heur.AutoIT.Yq3@byjiJjfO
 
C:\System Volume Information\_restore{DB3E0604-AAFE-4E2E-9854-F409F163C479}\RP236\A0129574.exe
 Echec de la dÃ©sinfection
 
C:\System Volume Information\_restore{DB3E0604-AAFE-4E2E-9854-F409F163C479}\RP236\A0129574.exe
 SupprimÃ©
 
C:\System Volume Information\_restore{DB3E0604-AAFE-4E2E-9854-F409F163C479}\RP241\A0134569.exe
 InfectÃ© par: Gen:Trojan.Heur.AutoIT.Yq3@byjiJjfO
 
C:\System Volume Information\_restore{DB3E0604-AAFE-4E2E-9854-F409F163C479}\RP241\A0134569.exe
 Echec de la dÃ©sinfection
 
C:\System Volume Information\_restore{DB3E0604-AAFE-4E2E-9854-F409F163C479}\RP241\A0134569.exe
 SupprimÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_fr_b03f5f7f11d50a3a
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5.resources
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5.resources\3.5.0.0_fr_b03f5f7f11d50a3a
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.resources.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\microsoft.build.utilities.resources
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_fr_b03f5f7f11d50a3a
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5.resources
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5.resources\3.5.0.0_fr_b03f5f7f11d50a3a
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.resources.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Jscript.resources
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_fr_b03f5f7f11d50a3a
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.JScript.Resources.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\microsoft.transactions.bridge.dtc.resources
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\microsoft.transactions.bridge.dtc.resources\3.0.0.0_fr_b03f5f7f11d50a3a
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\microsoft.transactions.bridge.dtc.resources\3.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.Resources.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\microsoft.transactions.bridge.resources
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\microsoft.transactions.bridge.resources\3.0.0.0_fr_b03f5f7f11d50a3a
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\microsoft.transactions.bridge.resources\3.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Resources.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_fr_b03f5f7f11d50a3a
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_fr_b03f5f7f11d50a3a
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.resources
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_fr_b03f5f7f11d50a3a
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.Resources.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\policy.1.0.cli_basetypes
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\policy.1.0.cli_basetypes\14.0.0.0__ce2cb7e279207b9e
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\policy.1.0.cli_basetypes\14.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_basetypes.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\policy.1.0.cli_oootypes
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\policy.1.0.cli_oootypes\3.0.0.0__ce2cb7e279207b9e
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\policy.1.0.cli_oootypes\3.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_oootypes.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\policy.1.0.cli_ure
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\policy.1.0.cli_ure\17.0.0.0__ce2cb7e279207b9e
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\policy.1.0.cli_ure\17.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_ure.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\policy.1.0.cli_uretypes
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\policy.1.0.cli_uretypes\3.0.0.0__ce2cb7e279207b9e
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\policy.1.0.cli_uretypes\3.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_uretypes.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks.resources
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks.resources\3.0.0.0_fr_31bf3856ad364e35
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationBuildTasks.resources.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\PresentationCore.resources
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_fr_31bf3856ad364e35
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationCore.resources.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\PresentationFontCache
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic
 NettoyÃ©
 
C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35
 NettoyÃ©

dédétraqué · Answer

Salut mou_yem


Ton rapport est propre, seulement des points de restauration système infectés que l'on va purger :

Désactive la restauration système sur tous les lecteurs :

- Clique droit sur le Poste de travail sur le bureau, dans propriété tu cliques sur l'onglet Restauration système

- Coche la case désactiver la restauration et applique 

Redémarre l’ordinateur et réactive la restauration système.

Tutoriel XP :  http://www.libellules.ch/desactiver_restauration.php

Tutoriel Vista : https://www.commentcamarche.net/faq/13214-vista-desactiver-reactiver-la-restauration-systeme-de-vista


As-tu d'autre souci?


@++    :)

mou_yem · Answer

Salut dédétraqué,

j'ai encore quelques soucis avec Windows XP:

 - il est encore très très long au démarrage: déjà pour ouvrir ma session, et même après son ouverture mon bureau n'est pas exploitable (impossible de faire quoique ce soit) qu'après quelques minutes,

 - impossible de redémarrer ou d'éteindre le PC "normalement": il reste fige sur "windows is shutting down", même si je le laisse plusieurs minutes, ca fait que je suis obligé de l'éteindre manuellement a chaque fois.

 - si je lance plusieurs programmes simultanément c'est la panique a bord, il bug ! Alors que ma configuration PC n'est pas si pourrie que ca (processeur intel dual core 1.8, 3Go de Ram)

Ces problèmes sont nouveaux, ils ne sont apparus qu'il y a quelques jours...

Merci pour ton aide.
@+

dédétraqué · Answer

Salut mou_yem


Télécharge OTL (de OldTimer) et enregistre-le sur ton Bureau.
http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/

- Quitte les applications en cours afin de ne pas interrompre le scan.
- Double clique sur OTL.exe pour lancer le.
- Une fenêtre apparaît. Sous Custom Scans (en bas), copie/colle ceci :

netsvcs
%SYSTEMDRIVE%\*.* 
%SYSTEMDRIVE%\*.exe 
%PROGRAMFILES%\*.* 
%PROGRAMFILES%\*.
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
/md5stop
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s

- Clique sur le bouton Run Scan.
- Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTListIT2 (donc par défaut sur le Bureau).

- Copie/colle ici le contenu des deux fichiers. Utilise un message par rapport.


@++   :)

mou_yem · Answer

Salut dédétraqué,

j'essaie depuis ce matin de poster les rapports mais je n'y arrive pas...

mou_yem · Answer

Je vais essayer en 2 fois, peut-etre est-il trop long;

 - OTL.txt:

OTL logfile created on: 1/4/2010 6:34:19 AM - Run 1
OTL by OldTimer - Version 3.1.21.0     Folder = C:\Documents and Settings\Mourad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: États-Unis | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.07 Gb Total Space | 23.54 Gb Free Space | 60.26% Space Free | Partition Type: NTFS
Drive D: | 39.07 Gb Total Space | 38.97 Gb Free Space | 99.74% Space Free | Partition Type: NTFS
Drive E: | 39.07 Gb Total Space | 38.97 Gb Free Space | 99.75% Space Free | Partition Type: NTFS
Drive F: | 31.84 Gb Total Space | 31.75 Gb Free Space | 99.71% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 962.70 Mb Total Space | 603.00 Mb Free Space | 62.64% Space Free | Partition Type: FAT
 
Computer Name: 7206BD0B
Current User Name: Mourad
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Processes (SafeList) ==========/color
 
PRC - [2010/01/04 06:30:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mourad\Desktop\OTL.exe
PRC - [2009/10/31 11:23:37 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/19 23:40:09 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/14 19:19:31 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/05/09 00:19:35 | 00,581,632 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\ST330\service\st330service.exe
PRC - [2009/03/02 13:08:11 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/23 09:49:16 | 02,652,056 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2008/12/11 15:58:44 | 00,146,800 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2008/04/14 03:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/02 13:07:38 | 00,105,208 | ---- | M] () -- C:\Program Files\D-Link\D-Link USB VoIP Adapter\VServ.exe
PRC - [2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe
PRC - [2005/08/24 14:00:28 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
PRC - [2004/04/13 17:12:18 | 00,103,936 | ---- | M] (BonSoft) -- C:\Program Files\ClocX\ClocX.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========/color
 
MOD - [2010/01/04 06:30:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mourad\Desktop\OTL.exe
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========/color
 
SRV - [2009/12/17 19:00:28 | 00,243,056 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2009/10/31 11:23:37 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/10/20 21:52:24 | 00,054,272 | ---- | M] (SolarWinds) [On_Demand | Stopped] -- C:\Program Files\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe -- (SolarWinds TFTP Server)
SRV - [2009/08/19 23:40:09 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/14 19:19:31 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/05/09 00:19:35 | 00,581,632 | ---- | M] (THOMSON Telecom Belgium) [Auto | Running] -- C:\Program Files\Thomson\ST330\service\st330service.exe -- (st330service)
SRV - [2009/04/23 06:09:12 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9c3c0e7640a00) Service Google Update (gupdate1c9c3c0e7640a00)
SRV - [2008/12/11 15:58:44 | 00,146,800 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2008/04/14 03:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2008/04/08 09:56:30 | 00,800,040 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2008/01/22 11:13:26 | 00,275,752 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/11/06 21:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/11/06 21:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/01/02 13:07:38 | 00,105,208 | ---- | M] () [Auto | Running] -- C:\Program Files\D-Link\D-Link USB VoIP Adapter\VServ.exe -- (VService)
SRV - [2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/08/24 14:00:28 | 00,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe -- (btwdins)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========/color
 
DRV - File not found [File_System | Unknown | Running] --  -- (pavboot)
DRV - [2009/12/20 11:48:25 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/12/18 10:23:14 | 00,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2009/11/04 00:04:50 | 00,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers	ap0901.sys -- (tap0901)
DRV - [2009/10/25 06:11:34 | 00,077,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\MBR.exe -- (mbr)
DRV - [2009/07/20 04:40:02 | 00,591,832 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slusbvip.sys -- (slusbvip)
DRV - [2009/07/20 04:40:02 | 00,085,656 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slvad.sys -- (SLVAD_simple)
DRV - [2009/07/20 04:40:02 | 00,037,208 | R--- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TLRecAgent.sys -- (TLRecAgent)
DRV - [2009/07/14 19:19:31 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/30 19:43:05 | 00,032,000 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stppp.sys -- (stppp)
DRV - [2009/04/30 19:43:05 | 00,030,464 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\st330.sys -- (ST330)
DRV - [2009/04/30 19:43:05 | 00,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stbus.sys -- (STBUS)
DRV - [2009/04/30 02:12:13 | 00,130,816 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/04/14 16:09:56 | 05,069,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/03/30 10:32:47 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/25 14:29:52 | 00,130,432 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/02/13 12:34:33 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/21 09:38:32 | 00,095,640 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2009/01/07 23:39:36 | 00,020,744 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2008/12/18 12:16:56 | 00,073,840 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2008/12/11 08:38:22 | 00,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/12/07 12:44:54 | 00,030,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2008/09/22 11:29:18 | 00,097,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctfw.sys -- (SFilter)
DRV - [2008/08/05 20:10:12 | 01,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/07/02 14:58:48 | 00,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2008/04/13 21:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 19:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 19:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/15 13:12:06 | 05,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/10/30 12:25:55 | 00,021,568 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2007/10/30 12:25:54 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2007/10/30 12:25:53 | 00,049,920 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2007/05/31 04:32:34 | 00,099,648 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0420Vid.sys -- (V0420VID) Live! Cam Vista IM (VF0420)
DRV - [2006/01/04 15:41:48 | 01,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/08/24 13:53:46 | 00,401,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005/08/24 13:51:10 | 01,341,466 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/08/24 13:49:12 | 00,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005/08/24 13:49:04 | 00,030,189 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2005/08/24 13:48:38 | 00,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/24 13:45:46 | 00,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/08/04 15:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/08 11:53:48 | 00,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 00,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2001/08/17 16:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========/color
 
 
[color=#E56717]========== Internet Explorer ==========/color
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========/color
 
FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.startup.homepage: "https://www.google.fr/?gws_rd=ssl"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {bb628310-0ab7-11db-9cd8-0800200c9a66}:3.5.0.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.30
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.0.1
FF - prefs.js..keyword.URL: "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=MIMWA5"
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\Components: C:\Program Files\Mozilla Firefox\components [2010/01/02 21:30:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/30 13:25:06 | 00,000,000 | ---D | M]
 
[2009/04/23 02:00:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mourad\Application Data\Mozilla\Extensions
[2010/01/04 06:11:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mourad\Application Data\Mozilla\Firefox\Profiles\moulsvwe.default\extensions
[2009/07/26 14:07:30 | 00,000,000 | ---D | M] (Qute) -- C:\Documents and Settings\Mourad\Application Data\Mozilla\Firefox\Profiles\moulsvwe.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2009/07/14 13:50:28 | 00,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Mourad\Application Data\Mozilla\Firefox\Profiles\moulsvwe.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2009/12/31 21:06:56 | 00,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Mourad\Application Data\Mozilla\Firefox\Profiles\moulsvwe.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/11/06 18:49:13 | 00,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Mourad\Application Data\Mozilla\Firefox\Profiles\moulsvwe.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/07/16 10:38:10 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mourad\Application Data\Mozilla\Firefox\Profiles\moulsvwe.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}
[2009/08/26 19:04:39 | 00,001,775 | ---- | M] () -- C:\Documents and Settings\Mourad\Application Data\Mozilla\Firefox\Profiles\moulsvwe.default\searchplugins\live-search.xml
[2010/01/04 06:11:17 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/05/11 07:04:59 | 00,000,000 | ---D | M] (BlueSoleil Extension) -- C:\Program Files\Mozilla Firefox\extensions\{231D7D17-4F1B-4933-AB61-E502DB82FD11}(2)
[2009/12/30 13:24:59 | 00,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2009/12/30 13:24:59 | 00,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/12/30 13:24:59 | 00,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/12/30 13:24:59 | 00,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2009/12/30 13:24:59 | 00,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: (789 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 	127.0.0.1		localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} Reg Error: Value error. (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Value error. (Shockwave Flash Object)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/22 15:04:26 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/02 07:20:48 | 00,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/01/02 07:20:48 | 00,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/01/02 07:20:48 | 00,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/01/02 07:20:48 | 00,000,000 | R--D | M] - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/01/02 07:20:50 | 00,000,000 | RHSD | M] - I:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/01/01 14:14:44 | 00,000,000 | ---D | M]
NetSvcs: Iprip -  File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color
 
[2010/01/04 06:29:56 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mourad\Desktop\OTL.exe
[2010/01/04 00:34:25 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/03 20:11:48 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/03 20:06:05 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/03 20:06:05 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/03 20:06:05 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/03 20:06:05 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/03 20:05:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/03 20:05:46 | 00,000,000 | ---D | C] -- C:\ComboFix
[2010/01/03 20:05:36 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/03 12:01:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mourad\Desktop\WAG54GX2_1005_AnnexA
[2010/01/02 23:13:01 | 00,452,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mourad\Desktop\OTM.exe
[2010/01/02 12:10:07 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Mourad\Recent
[2010/01/02 07:36:47 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/01/02 07:20:48 | 00,000,000 | R--D | C] -- C:\autorun.inf
[2010/01/02 06:58:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2010/01/02 06:57:52 | 00,000,000 | ---D | C] -- C:\UsbFix
[2010/01/02 06:48:26 | 00,000,000 | ---D | C] -- C:sit
[2010/01/02 05:58:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/01/01 06:39:53 | 00,000,000 | ---D | C] -- C:\Program Files\OpenVPN
[2009/12/31 21:22:41 | 00,130,432 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\Rtnicxp.sys
[2009/12/31 20:28:50 | 00,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2009/12/31 20:28:50 | 00,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcachetl8139.sys
[2009/12/26 18:05:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mourad\Desktop\CLE USB
[2009/12/25 06:26:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mourad\Desktop\Incontinence
[2009/12/24 01:52:42 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/12/23 21:36:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mourad\Desktop\Firewall Traversal
[2009/12/23 18:56:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mourad\Application Data\RealTunnelv2
[2009/12/21 00:33:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SolarWinds
[2009/12/21 00:33:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mourad\My Documents\SolarWinds
[2009/12/21 00:32:47 | 00,000,000 | ---D | C] -- C:\Program Files\SolarWinds
[2009/12/20 23:16:19 | 00,729,088 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2009/12/20 23:16:17 | 00,000,000 | ---D | C] -- C:\Program Files\TFTP Desktop
[2009/12/20 11:33:24 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcacheastls.dll
[2009/12/20 11:33:24 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcacheaschap.dll
[2009/12/20 11:31:54 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oakley.dll
[2009/07/22 11:20:03 | 00,085,656 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\slvad.sys
[2009/07/22 11:19:20 | 00,591,832 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\slusbvip.sys
[2009/07/22 11:19:20 | 00,037,208 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\TLRecAgent.sys
[2009/06/03 15:32:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/04/23 12:37:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/23 06:09:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/04/23 02:27:34 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/04/23 00:42:01 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/04/22 15:09:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

mou_yem · Answer

(suite de OTL.Txt): [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/01/04 06:30:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mourad\Desktop\OTL.exe [2010/01/04 06:12:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS asks\GoogleUpdateTaskMachineUA.job [2010/01/04 06:00:18 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics [2010/01/04 05:59:56 | 00,013,690 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/01/04 05:58:08 | 00,000,882 | ---- | M] () -- C:\WINDOWS asks\GoogleUpdateTaskMachineCore.job [2010/01/04 05:58:06 | 00,000,258 | ---- | M] () -- C:\WINDOWS asks\defrag.job [2010/01/04 05:58:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS asks\SA.DAT [2010/01/04 05:57:54 | 32,121,03680 | -HS- | M] () -- C:\hiberfil.sys [2010/01/04 05:57:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/01/04 05:54:33 | 09,437,184 | ---- | M] () -- C:\Documents and Settings\Mourad tuser.dat [2010/01/04 05:54:33 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Mourad tuser.ini [2010/01/04 01:09:51 | 00,000,424 | -H-- | M] () -- C:\WINDOWS asks\User_Feed_Synchronization-{894F263C-E34C-448D-AD66-4A9A7005FF4A}.job [2010/01/03 22:26:20 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2010/01/03 21:38:29 | 00,274,952 | ---- | M] () -- C:\Documents and Settings\Mourad\Desktop\Sans nom 1.pdf [2010/01/03 20:16:32 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/01/03 20:11:55 | 00,000,281 | RHS- | M] () -- C:\boot.ini [2010/01/03 19:23:44 | 03,818,002 | R--- | M] () -- C:\Documents and Settings\Mourad\Desktop\ComboFix.exe [2010/01/03 07:16:32 | 06,441,045 | ---- | M] () -- C:\Documents and Settings\Mourad\Desktop\WAG54GX2_1005_AnnexA.zip [2010/01/02 23:14:27 | 00,452,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mourad\Desktop\OTM.exe [2010/01/02 13:23:01 | 35,293,542 | ---- | M] () -- C:\Documents and Settings\Mourad\Desktop\UsbFix_Upload_Me_7206BD0B.zip [2010/01/02 06:47:55 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Mourad\Desktop\RSIT.exe [2010/01/01 18:33:07 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Mourad\PUTTY.RND [2010/01/01 06:58:49 | 00,000,566 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Anonine.lnk [2010/01/01 06:39:55 | 00,000,792 | ---- | M] () -- C:\Documents and Settings\Mourad\Desktop\OpenVPN GUI.lnk [2010/01/01 04:54:03 | 00,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/01/01 02:52:53 | 26,257,920 | ---- | M] () -- C:\Documents and Settings\Mourad\Desktop\yeynch52.exe [2009/12/31 07:27:51 | 00,000,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ItsHidden.lnk [2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/12/28 05:57:48 | 00,370,712 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100101-032351.backup [2009/12/25 05:57:49 | 00,002,293 | ---- | M] () -- C:\Documents and Settings\Mourad\Desktop\Google Chrome.lnk [2009/12/25 05:53:47 | 00,370,712 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091228-055748.backup [2009/12/24 07:04:31 | 00,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091225-055347.backup [2009/12/24 02:16:26 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk [2009/12/20 23:35:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS ftpdesk.INI [2009/12/20 23:16:11 | 00,729,088 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe [2009/12/20 11:48:25 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/01/03 21:38:29 | 00,274,952 | ---- | C] () -- C:\Documents and Settings\Mourad\Desktop\Sans nom 1.pdf [2010/01/03 20:11:55 | 00,000,211 | ---- | C] () -- C:\Boot.bak [2010/01/03 20:11:51 | 00,260,272 | ---- | C] () -- C:\cmldr [2010/01/03 20:06:05 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/01/03 20:06:05 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/01/03 20:06:05 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/01/03 20:06:05 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/01/03 20:06:05 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/01/03 19:20:41 | 03,818,002 | R--- | C] () -- C:\Documents and Settings\Mourad\Desktop\ComboFix.exe [2010/01/03 07:14:53 | 06,441,045 | ---- | C] () -- C:\Documents and Settings\Mourad\Desktop\WAG54GX2_1005_AnnexA.zip [2010/01/02 07:22:36 | 35,293,542 | ---- | C] () -- C:\Documents and Settings\Mourad\Desktop\UsbFix_Upload_Me_7206BD0B.zip [2010/01/02 06:47:49 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Mourad\Desktop\RSIT.exe [2010/01/01 06:58:49 | 00,000,566 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Anonine.lnk [2010/01/01 06:39:55 | 00,000,792 | ---- | C] () -- C:\Documents and Settings\Mourad\Desktop\OpenVPN GUI.lnk [2010/01/01 02:44:36 | 26,257,920 | ---- | C] () -- C:\Documents and Settings\Mourad\Desktop\yeynch52.exe [2009/12/31 07:27:51 | 00,000,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ItsHidden.lnk [2009/12/24 02:16:26 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk [2009/12/20 23:35:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS ftpdesk.INI [2009/11/05 06:55:16 | 00,006,144 | ---- | C] () -- C:\Documents and Settings\Mourad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/28 14:29:40 | 00,000,940 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2009/10/20 00:48:58 | 00,177,056 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2009/08/10 16:55:03 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009/07/22 11:20:03 | 00,248,664 | R--- | C] () -- C:\WINDOWS\System32\slvipgx.dll [2009/07/22 11:11:43 | 00,150,368 | R--- | C] () -- C:\WINDOWS\System32\slvipco.dll [2009/07/22 11:09:46 | 00,000,077 | ---- | C] () -- C:\WINDOWS\slsetup.ini [2009/06/06 17:43:47 | 00,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2009/05/12 14:39:13 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009/04/30 02:34:43 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2009/04/30 02:22:12 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2009/04/25 06:08:05 | 00,000,223 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc [2009/04/22 15:16:50 | 00,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll [2009/04/22 15:13:26 | 00,000,535 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2009/04/22 15:13:22 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2009/04/22 15:06:55 | 00,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2009/04/06 05:50:57 | 00,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll [2008/12/07 12:44:54 | 00,030,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys [2007/10/25 13:04:22 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\keyyofaxmon.dll [2005/08/24 13:56:04 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2002/05/15 23:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2001/11/23 18:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2009/04/22 15:04:26 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2009/09/09 04:06:08 | 00,000,211 | ---- | M] () -- C:\Boot.bak [2010/01/03 20:11:55 | 00,000,281 | RHS- | M] () -- C:\boot.ini [2004/08/03 23:00:00 | 00,260,272 | ---- | M] () -- C:\cmldr [2010/01/03 20:18:37 | 00,021,174 | ---- | M] () -- C:\ComboFix.txt [2009/04/22 15:04:26 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010/01/04 05:57:54 | 32,121,03680 | -HS- | M] () -- C:\hiberfil.sys [2009/08/21 15:37:45 | 08,407,882 | ---- | M] () -- C:\immudebug.log [2009/04/22 15:04:26 | 00,000,000 | RHS- | M] () -- C:\IO.SYS [2009/04/23 14:19:47 | 00,001,035 | ---- | M] () -- C:\JavaRa.log [2009/04/22 15:04:26 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/04 15:00:00 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2009/04/23 01:29:25 | 00,250,048 | RHS- | M] () -- C: tldr [2010/01/04 05:57:44 | 21,453,86496 | -HS- | M] () -- C:\pagefile.sys [2009/04/22 15:06:56 | 00,001,392 | ---- | M] () -- C:\Recovery-Info.lnk [2009/12/29 13:48:37 | 00,001,608 | ---- | M] () -- C: esiplog.txt [2009/06/12 22:29:38 | 00,058,752 | ---- | M] () -- C: esultat.txt [2009/06/12 22:28:37 | 20,320,679 | ---- | M] () -- C:\upload_moi_MOURAD-7206BD0B.tar.gz [2010/01/02 07:25:54 | 00,005,860 | ---- | M] () -- C:\UsbFix.txt [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< %PROGRAMFILES%\*.* >[/color] [color=#A23BEC]< %PROGRAMFILES%\*. >[/color] [2009/10/15 18:21:03 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe [2009/07/14 19:20:20 | 00,000,000 | ---D | M] -- C:\Program Files\Avira [2009/07/14 11:22:05 | 00,000,000 | ---D | M] -- C:\Program Files\Belkin [2009/04/22 18:59:18 | 00,000,000 | ---D | M] -- C:\Program Files\CCleaner [2009/05/05 19:18:40 | 00,000,000 | ---D | M] -- C:\Program Files\CDex_150 [2009/06/08 05:17:07 | 00,000,000 | ---D | M] -- C:\Program Files\Ciel [2009/04/23 02:16:12 | 00,000,000 | ---D | M] -- C:\Program Files\ClocX [2010/01/03 20:16:03 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files [2009/04/22 15:01:13 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications [2009/07/22 11:34:30 | 00,000,000 | ---D | M] -- C:\Program Files\D-Link [2009/07/17 10:28:27 | 00,000,000 | ---D | M] -- C:\Program Files\Defraggler [2009/08/13 02:00:57 | 00,000,000 | ---D | M] -- C:\Program Files\ESTsoft [2009/04/23 06:11:42 | 00,000,000 | ---D | M] -- C:\Program Files\Google [2009/12/24 07:03:09 | 00,000,000 | ---D | M] -- C:\Program Files\Google Chrome [2009/06/06 17:48:21 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard [2009/06/06 17:48:45 | 00,000,000 | ---D | M] -- C:\Program Files\HP [2009/12/31 21:22:37 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information [2009/04/23 01:59:21 | 00,000,000 | ---D | M] -- C:\Program Files\Intel [2009/12/20 11:47:24 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer [2009/06/06 19:44:53 | 00,000,000 | ---D | M] -- C:\Program Files\IVT Corporation [2009/04/23 14:18:44 | 00,000,000 | ---D | M] -- C:\Program Files\Java [2009/10/31 11:27:54 | 00,000,000 | ---D | M] -- C:\Program Files\JRE [2009/04/23 17:22:36 | 00,000,000 | ---D | M] -- C:\Program Files\jv16 PowerTools [2009/08/15 19:10:17 | 00,000,000 | ---D | M] -- C:\Program Files\Keyyo Softphone X-Lite [2009/08/18 06:19:28 | 00,000,000 | ---D | M] -- C:\Program Files\Keyyo X-PRO [2009/08/20 17:40:59 | 00,000,000 | ---D | M] -- C:\Program Files\KeyyoFax [2009/04/24 19:55:54 | 00,000,000 | ---D | M] -- C:\Program Files\Lavalys [2010/01/01 02:41:10 | 00,000,000 | ---D | M] -- C:\Program Files\ma-config.com [2010/01/01 03:18:48 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/04/23 16:56:32 | 00,000,000 | ---D | M] -- C:\Program Files\media-player-classic_media_player_classic_6.4.9.1_build_20081210_francais_11019 [2009/04/23 01:38:49 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger [2009/08/26 19:13:32 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft [2009/04/22 15:07:12 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage [2009/04/23 01:34:18 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker [2010/01/04 06:33:17 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox [2009/05/05 21:13:41 | 00,000,000 | ---D | M] -- C:\Program Files\MP3Gain [2009/04/23 17:08:42 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild [2009/04/22 15:00:09 | 00,000,000 | ---D | M] -- C:\Program Files\MSN [2009/04/22 15:00:51 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone [2009/05/04 19:45:15 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Messenger [2009/04/23 14:21:45 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0 [2009/04/23 07:28:10 | 00,000,000 | ---D | M] -- C:\Program Files\Nero [2009/04/23 01:31:36 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting [2009/04/22 17:07:13 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services [2009/10/31 13:06:29 | 00,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3 [2010/01/04 06:12:09 | 00,000,000 | ---D | M] -- C:\Program Files\OpenVPN [2009/10/31 08:37:47 | 00,000,000 | ---D | M] -- C:\Program Files\Opera [2009/08/13 03:01:58 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express [2010/01/04 06:12:37 | 00,000,000 | ---D | M] -- C:\Program Files\Panda Security [2009/08/26 23:08:42 | 00,000,000 | ---D | M] -- C:\Program Files\Patch MsnCreative [2010/01/01 01:34:16 | 00,000,000 | ---D | M] -- C:\Program Files\PC Tools Firewall Plus [2010/01/02 13:23:59 | 00,000,000 | ---D | M] -- C:\Program Files\Real [2009/12/31 21:22:40 | 00,000,000 | ---D | M] -- C:\Program Files\Realtek [2009/04/23 17:08:32 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies [2009/12/24 01:52:43 | 00,000,000 | R--D | M] -- C:\Program Files\Skype [2009/12/21 00:32:47 | 00,000,000 | ---D | M] -- C:\Program Files\SolarWinds [2009/12/20 11:49:57 | 00,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy [2009/12/21 00:47:02 | 00,000,000 | ---D | M] -- C:\Program Files\TFTP Desktop [2009/04/30 19:51:01 | 00,000,000 | ---D | M] -- C:\Program Files\Thomson [2009/06/07 13:23:33 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro [2009/04/22 15:10:44 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information [2009/04/23 02:20:39 | 00,000,000 | ---D | M] -- C:\Program Files\VideoLAN [2009/05/04 19:45:40 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live [2009/05/04 19:44:14 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive [2009/04/23 02:26:39 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2 [2009/04/23 02:28:24 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player [2009/04/23 01:31:33 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT [2009/04/22 15:03:17 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate [2009/04/22 15:07:12 | 00,000,000 | ---D | M] -- C:\Program Files\xerox [2010/01/04 06:14:12 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo! [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008/04/13 21:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys [2008/04/13 21:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 21:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys [2008/04/13 21:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008/04/13 21:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008/04/13 21:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 21:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008/04/13 21:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004/08/04 15:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: AUTOCHK.EXE >[/color] [2008/04/14 03:12:12 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe [2008/04/14 03:12:12 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe [2008/04/14 03:12:12 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe [2008/04/14 03:12:12 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\dllcache\autochk.exe [2004/08/04 15:00:00 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2004/08/04 15:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys [2004/08/04 15:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2004/08/04 15:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008/04/14 03:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008/04/14 03:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/14 03:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004/08/04 15:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2008/04/14 03:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe [2008/04/14 03:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe [2008/04/14 03:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2004/08/04 15:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [color=#A23BEC]< MD5 for: IASTOR.SYS >[/color] [2004/09/26 16:24:54 | 00,477,952 | ---- | M] (Intel Corporation) MD5=DD19FDD8BB262F64A11C50CC23FC6F70 -- C:\WINDOWS\OEM\iaStor\iaStor.sys [color=#A23BEC]< MD5 for: IMM32.DLL >[/color] [2008/04/14 03:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ERDNT\cache\imm32.dll [2008/04/14 03:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll [2008/04/14 03:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll [2004/08/04 15:00:00 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll [color=#A23BEC]< MD5 for: KERNEL32.DLL >[/color] [2009/03/21 16:54:07 | 00,989,184 | ---- | M] (Microsoft Corporation) MD5=80202858D245FF07DAA1739C57A3E19B -- C:\WINDOWS\$hf_mig$\KB959426\SP2QFE\kernel32.dll [2004/08/04 15:00:00 | 00,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB959426_0$\kernel32.dll [2009/03/21 17:18:57 | 00,986,112 | ---- | M] (Microsoft Corporation) MD5=B6ACAED7588295129791E0E6A2B0FADE -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll [2009/03/21 17:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\$hf_mig$\KB959426\SP3GDR\kernel32.dll [2009/03/21 17:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\ERDNT\cache\kernel32.dll [2009/03/21 17:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll [2009/03/21 17:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll [2008/04/14 03:11:56 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll [2008/04/14 03:11:56 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll [2009/03/21 16:59:23 | 00,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll [color=#A23BEC]< MD5 for: MSWSOCK.DLL >[/color] [2008/06/20 20:41:10 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll [2008/06/20 20:36:11 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll [2004/08/04 15:00:00 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll [2008/06/20 20:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll [2008/06/20 20:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\ERDNT\cache\mswsock.dll [2008/06/20 20:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll [2008/06/20 20:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll [2008/04/14 03:12:01 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll [2008/04/14 03:12:01 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll [2008/06/20 20:43:05 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008/04/13 22:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache dis.sys [2008/04/13 22:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386 dis.sys [2008/04/13 22:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache dis.sys [2008/04/13 22:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers dis.sys [2004/08/04 15:00:00 | 00,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$ dis.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2008/04/14 03:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache etlogon.dll [2008/04/14 03:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386 etlogon.dll [2008/04/14 03:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32 etlogon.dll [2004/08/04 15:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$ etlogon.dll [color=#A23BEC]< MD5 for: NTFS.SYS >[/color] [2008/04/13 22:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache tfs.sys [2008/04/13 22:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386 tfs.sys [2008/04/13 22:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\dllcache tfs.sys [2008/04/13 22:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers tfs.sys [2004/08/03 23:15:10 | 00,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS [2004/08/04 15:00:00 | 00,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$ tfs.sys [color=#A23BEC]< MD5 for: NTMSSVC.DLL >[/color] [2008/04/14 03:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ERDNT\cache tmssvc.dll [2008/04/14 03:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386 tmssvc.dll [2008/04/14 03:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\dllcache tmssvc.dll [2008/04/14 03:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32 tmssvc.dll [2004/08/04 15:00:00 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$ tmssvc.dll [color=#A23BEC]< MD5 for: NVATABUS.SYS >[/color] [2004/09/02 10:24:38 | 00,082,816 | ---- | M] (NVIDIA Corporation) MD5=EEABD98AA887DD923546F20D400B2907 -- C:\WINDOWS\OEM vatabus vatabus.sys [color=#A23BEC]< MD5 for: PROQUOTA.EXE >[/color] [2004/08/04 15:00:00 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe [2008/04/14 03:12:32 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe [2008/04/14 03:12:32 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\dllcache\proquota.exe [2008/04/14 03:12:32 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe [color=#A23BEC]< MD5 for: QMGR.DLL >[/color] [2004/08/04 15:00:00 | 00,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll [2008/04/14 03:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll [2008/04/14 03:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll [2008/04/14 03:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll [2008/04/14 03:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2004/08/04 15:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/14 03:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008/04/14 03:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/14 03:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll [color=#A23BEC]< MD5 for: SFCFILES.DLL >[/color] [2004/08/04 15:00:00 | 01,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll [2008/04/14 03:12:05 | 01,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll [2008/04/14 03:12:05 | 01,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll [2008/04/14 03:12:05 | 01,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\dllcache\sfcfiles.dll [2008/04/14 03:12:05 | 01,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll [color=#A23BEC]< MD5 for: SPOOLSV.EXE >[/color] [2004/08/04 15:00:00 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe [2008/04/14 03:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ERDNT\cache\spoolsv.exe [2008/04/14 03:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe [2008/04/14 03:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\system32\spoolsv.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2008/04/14 03:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe [2008/04/14 03:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe [2008/04/14 03:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe [2004/08/04 15:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe [color=#A23BEC]< MD5 for: TERMSRV.DLL >[/color] [2004/08/04 15:00:00 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$ ermsrv.dll [2008/04/14 03:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ERDNT\cache ermsrv.dll [2008/04/14 03:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386 ermsrv.dll [2008/04/14 03:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32 ermsrv.dll [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2004/08/04 15:00:00 | 00,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008/04/14 03:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008/04/14 03:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/14 03:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008/04/14 03:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe [color=#A23BEC]< MD5 for: VIAMRAID.SYS >[/color] [2004/05/18 16:55:26 | 00,074,112 | ---- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\WINDOWS\OEM\viapdsk\viamraid.sys [color=#A23BEC]< MD5 for: WS2_32.DLL >[/color] [2008/04/14 03:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ERDNT\cache\ws2_32.dll [2008/04/14 03:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll [2008/04/14 03:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll [2004/08/04 15:00:00 | 00,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll [color=#A23BEC]< MD5 for: XMLPROV.DLL >[/color] [2008/04/14 03:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ERDNT\cache\xmlprov.dll [2008/04/14 03:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll [2008/04/14 03:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\dllcache\xmlprov.dll [2008/04/14 03:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll [2004/08/04 15:00:00 | 00,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< c:\$recycle.bin\*.* /s >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6 < End of report >

mou_yem · Answer

et le second: - Extras.Txt: OTL Extras logfile created on: 1/4/2010 6:34:19 AM - Run 1 OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\Mourad\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: États-Unis | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39.07 Gb Total Space | 23.54 Gb Free Space | 60.26% Space Free | Partition Type: NTFS Drive D: | 39.07 Gb Total Space | 38.97 Gb Free Space | 99.74% Space Free | Partition Type: NTFS Drive E: | 39.07 Gb Total Space | 38.97 Gb Free Space | 99.75% Space Free | Partition Type: NTFS Drive F: | 31.84 Gb Total Space | 31.75 Gb Free Space | 99.71% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 962.70 Mb Total Space | 603.00 Mb Free Space | 62.64% Space Free | Partition Type: FAT Computer Name: 7206BD0B Current User Name: Mourad Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = htmlfile] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp "48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp "5060:UDP" = 5060:UDP:*:Enabled:5060 "5061:UDP" = 5061:UDP:*:Enabled:5061 "16384:UDP" = 16384:UDP:*:Enabled:16384 "16482:UDP" = 16482:UDP:*:Enabled:16482 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found "C:\Program Files\Thomson\ST330\service\st330service.exe" = C:\Program Files\Thomson\ST330\service\st330service.exe:*:Enabled:ST330 service -- (THOMSON Telecom Belgium) "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies) "C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- (CybelSoft) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0A7AB28D-E7DE-458A-9243-663DADDEE290}" = D-Link USB VoIP Adapter "{0A7AB28D-E7DE-458A-9243-663DADDEE290}SL" = D-Link USB VoIP Adapter "{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}" = OpenOffice.org 3.1 "{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService "{18754BA4-4F0C-4E6E-888B-9496AFA05F43}" = Ma-Config.com "{1AA86313-B188-498D-91CF-D017AC5A82A5}" = SolarWinds TFTP Server "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16 "{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0 "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra "{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = Belkin Bluetooth Software "{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live "{4B296228-DF7C-43EA-8DED-76027355B219}" = Opera 10.01 "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp "{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger "{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan "{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AB8DD4C1-6237-455E-AF09-86296B3E3EE0}" = Ciel Auto-entrepreneur Facile 1.30 "{AC76BA86-7AD7-1036-7B44-A92000000001}" = Adobe Reader 9.2 - Français "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{C084BC61-E537-11DE-8616-005056806466}" = Google Earth "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch "{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3 "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component "{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200 "{ECA2B21B-A180-4775-B93F-6E404E36A8CC}" = MSRuntime Libraries "{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy "{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}" = Nero 7 Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALUpdate_is1" = ALTools Update "ALZip_is1" = ALZip "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner (remove only) "CDex" = CDex extraction audio "ClocX" = ClocX (1.4) "Creative VF0420" = Creative Live! Cam Vista IM Driver (1.00.03.0000) "Defraggler" = Defraggler (remove only) "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "HP Imaging Device Functions" = HP Imaging Device Functions 10.0 "HP Photosmart Essential" = HP Photosmart Essential 2.5 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0 "HPExtendedCapabilities" = HP Customer Participation Program 10.0 "ie8" = Windows Internet Explorer 8 "InstallShield_{1AA86313-B188-498D-91CF-D017AC5A82A5}" = SolarWinds TFTP Server "jv16 PowerTools_is1" = jv16 PowerTools 1.3 "Keyyo Softphone_is1" = Keyyo Softphone 2.0 release 1105c "KeyyoFax" = KeyyoFax 1.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "PC Tools Firewall Plus" = PC Tools Firewall Plus 5.0 "Shop for HP Supplies" = Shop for HP Supplies "SpeedTouch 330" = SpeedTouch 330 "VLC media player" = VLC media player 1.0.1 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Installation Windows Live "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "cf6c187cd4791543" = e-parcours "Google Chrome" = Google Chrome "Live Search" = Notification Live Search [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 1/1/2010 4:14:34 AM | Computer Name = 7206BD0B | Source = Google Update | ID = 20 Description = Error - 1/1/2010 5:14:34 AM | Computer Name = 7206BD0B | Source = Google Update | ID = 20 Description = Error - 1/1/2010 6:14:34 AM | Computer Name = 7206BD0B | Source = Google Update | ID = 20 Description = Error - 1/2/2010 4:12:05 AM | Computer Name = 7206BD0B | Source = Google Update | ID = 20 Description = Error - 1/2/2010 5:12:05 AM | Computer Name = 7206BD0B | Source = Google Update | ID = 20 Description = Error - 1/2/2010 6:12:30 AM | Computer Name = 7206BD0B | Source = Google Update | ID = 20 Description = Error - 1/2/2010 7:12:15 PM | Computer Name = 7206BD0B | Source = Google Update | ID = 20 Description = Error - 1/2/2010 8:12:14 PM | Computer Name = 7206BD0B | Source = Google Update | ID = 20 Description = Error - 1/2/2010 9:12:39 PM | Computer Name = 7206BD0B | Source = Google Update | ID = 20 Description = Error - 1/2/2010 10:12:39 PM | Computer Name = 7206BD0B | Source = Google Update | ID = 20 Description = [ System Events ] Error - 1/3/2010 7:24:55 AM | Computer Name = 7206BD0B | Source = Service Control Manager | ID = 7006 Description = L'appel ScRegSetValueExW a échoué pour Type avec l'erreur : %%5 Error - 1/3/2010 7:24:57 AM | Computer Name = 7206BD0B | Source = Service Control Manager | ID = 7006 Description = L'appel ScRegSetValueExW a échoué pour Type avec l'erreur : %%5 Error - 1/3/2010 7:25:00 AM | Computer Name = 7206BD0B | Source = Service Control Manager | ID = 7006 Description = L'appel ScRegSetValueExW a échoué pour Type avec l'erreur : %%5 Error - 1/3/2010 7:25:03 AM | Computer Name = 7206BD0B | Source = Service Control Manager | ID = 7006 Description = L'appel ScRegSetValueExW a échoué pour Type avec l'erreur : %%5 Error - 1/3/2010 7:25:05 AM | Computer Name = 7206BD0B | Source = Service Control Manager | ID = 7006 Description = L'appel ScRegSetValueExW a échoué pour Type avec l'erreur : %%5 Error - 1/3/2010 10:44:27 AM | Computer Name = 7206BD0B | Source = ipnathlp | ID = 31012 Description = L'agent proxy DNS a rencontré une erreur lors de l'obtention de la liste locale des serveurs de résolution de noms. Des serveurs DNS ou WINS peuvent être inaccessibles aux clients sur le réseau local. La donnée est le code de l'erreur. Error - 1/3/2010 10:44:27 AM | Computer Name = 7206BD0B | Source = ipnathlp | ID = 31012 Description = L'agent proxy DNS a rencontré une erreur lors de l'obtention de la liste locale des serveurs de résolution de noms. Des serveurs DNS ou WINS peuvent être inaccessibles aux clients sur le réseau local. La donnée est le code de l'erreur. Error - 1/3/2010 10:44:27 AM | Computer Name = 7206BD0B | Source = ipnathlp | ID = 31012 Description = L'agent proxy DNS a rencontré une erreur lors de l'obtention de la liste locale des serveurs de résolution de noms. Des serveurs DNS ou WINS peuvent être inaccessibles aux clients sur le réseau local. La donnée est le code de l'erreur. Error - 1/3/2010 10:44:27 AM | Computer Name = 7206BD0B | Source = ipnathlp | ID = 31012 Description = L'agent proxy DNS a rencontré une erreur lors de l'obtention de la liste locale des serveurs de résolution de noms. Des serveurs DNS ou WINS peuvent être inaccessibles aux clients sur le réseau local. La donnée est le code de l'erreur. Error - 1/3/2010 1:24:52 PM | Computer Name = 7206BD0B | Source = ipnathlp | ID = 31012 Description = L'agent proxy DNS a rencontré une erreur lors de l'obtention de la liste locale des serveurs de résolution de noms. Des serveurs DNS ou WINS peuvent être inaccessibles aux clients sur le réseau local. La donnée est le code de l'erreur. < End of report >

PC infecté, a l'aide !!!

30 réponses

Votre réponse

Newsletters