Infection rootkit

Résolu
Kaeldos Messages postés 79 Date d'inscription   Statut Membre Dernière intervention   -  
 WinError -
Bonjour à tous.

Un fichier du nom "zroksaq.sys" à été détecté sur mon PC, a priori un rootkit. Étant une bille en informatique je ne sais pas comment m'en débarrasser.

Merci d'avance pour votre aide.
A voir également:

80 réponses

Précédent
Réponse 41 / 80
plopus Messages postés 5962 Date d'inscription   Statut Contributeur sécurité Dernière intervention   293
 
donc

RSIT => logiciel de diagnostique qui liste un peu ce qui ce trouve dans le PC, pour identifier les virus et leur emplacement

ADremover => logiciel d'infection specifique type Eorezo par exemple et d'autres

malwarebyte => excellent logiciel de scan generaliste (a garder et scanner toutes les semaines)

antivir => jte l'ai fait config pour qu'il recherche les elements caches, il nous a confirer la presence du rootkit qui st caché de tout les rapport de DIAG (principe d'un rootkit)
pour te donner une idée https://fr.wikipedia.org/wiki/Rootkit

combofix => logiciel pour infection specifique type rootkit mais il n'a pas detecter le rootkit comme malware
donc nous avons du faire un script de suppression en lui disant tu supprime sa et sa pour etre tranquille



un peu de mise ajour et d'optimisation en attendant :

va dans demarrer/tout les programme/windows update
et recherche des mises a jour et installe les puis redemarre ton PC et recommence l'opration jusqu' a ne + avoir de mise a jour



va dans demarrer/panneau de configuration /ajout et suppressin de programme

et desinstalle :

DAEMON Tools Toolbar
Java SE Runtime Environment 6 Update 1-->

puis installe la derniere version de java ici http://jdl.sun.com/webapps/getjava/BrowserRedirect?locale=fr&host=www.java.com:80


ensuite

Sous VISTA

==> Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
https://www.androidworld.fr/

* Va dans démarrer puis panneau de configuration
* Double Clique sur l'icône "Comptes d'utilisateurs"
* Clique ensuite sur désactiver et valide.

---------------------------------------------------------------------------------


Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :

* Télécharge Toolscleaner sur ton Bureau
https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/
* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta prochaine réponse


puis

verfie la vulnerabilité de windows et aussi d'autre produits, tu desinstalle les ancienne version des logiciels que tu dois mettre a jour

- Soit par le biais de ce site internet il faut installer l'active X puis
clic start scan et le site montre d'une croix rouge les faille de
sécurité pour quelques produits important installé sur le PC comme
java, IE, windows, flashplayer, adobe...les + importantes
https://www.flexera.com/products/operations/software-vulnerability-management.html

- Soit on peut aussi passer par un logiciel a installer qui scan le PC et
affiche TOUTES les mises a jour des logiciels et produits installé sur
le PC
https://filehippo.com/windows/tuning-utilities/

puis

- Telecharge et installe CCleaner
https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/
- une fois installer, lance le
- va dans option/avancé et decoche la 1er ligne
- et nettoie plusieurs fois dans les onglets regsitre et nettoyeur jusqu' a trouver 0erreur


et dit moi si tu as des problemes, des alerte d'antivir ou que ce soit .


@+ tard
0
Réponse 42 / 80
Kaeldos Messages postés 79 Date d'inscription   Statut Membre Dernière intervention   1
 
oki je m'y colle de suite.
0
Réponse 43 / 80
plopus Messages postés 5962 Date d'inscription   Statut Contributeur sécurité Dernière intervention   293
 
bon une fois que tu auras fait tous ce que je t'ai mit tu feras sa


/!\ Il faut impérativement désactiver tous tes logiciels de protection pour utiliser ce programme, ferme TOUS tes programmes et n'utilise pas ton PC durant le scan/!\

• Rends toi sur cette page, et clique sur "Download EXE" pour télécharger Gmer (sous un nom aléatoire, pour éviter qu'il soit bloqué par une infection)
http://www.gmer.net/
• Lance Gmer
• Dans l'onglet "Rootkit", clique sur "Scan" puis patiente.
• A la fin, clique sur "Save" et enregistre le rapport sur ton Bureau.
0
Réponse 44 / 80
Kaeldos Messages postés 79 Date d'inscription   Statut Membre Dernière intervention   1
 
voila pour TCleaner. Pas eu de rapport enregistré, j'ai C/C ce qu'il y a avait dans la fenêtre:

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\Rsit: trouvé !
C:\Ad-remover: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\Users\YannBastian\Desktop\Rsit.exe: trouvé !
C:\Windows\mbr.exe: trouvé !

---------------------------------
--> Suppression:

C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\Users\YannBastian\Desktop\Rsit.exe: supprimé !
C:\Windows\mbr.exe: supprimé !
C:\Combofix: supprimé !
C:\Qoobox: supprimé !
C:\Rsit: supprimé !
C:\Ad-remover: supprimé !


je continu
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 80
Kaeldos Messages postés 79 Date d'inscription   Statut Membre Dernière intervention   1
 
Voila pour la verification des vulnérabilités. Je ne suis pas très sûr de ce que je dois faire là.


This installation of Adobe Reader 8.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 8.1.3.187, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 8.2.0.

Update Instructions:
Download


Installed on Your System in:
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
Adobe Flash Player 9.x Adobe Flash Player 9.x 9.0.124.0 (ActiveX) Adobe Flash Player 9.x

This installation of Adobe Flash Player 9.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is 9.0.124.0 (ActiveX), however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 9.0.246.0.

Update Instructions:
Download


Installed on Your System in:
C:\Windows\SYSTEM32\Macromed\Flash\Flash9f.ocx



________

CCleaner fait. J' enchaines.
0
Réponse 46 / 80
Kaeldos Messages postés 79 Date d'inscription   Statut Membre Dernière intervention   1
 
Je dois partir en raid sur wow. je me colle sur gmer des que j'ai fini.
0
Réponse 47 / 80
plopus Messages postés 5962 Date d'inscription   Statut Contributeur sécurité Dernière intervention   293
 
va dans demarrer/panneau de configuration /ajout et suppressin de programme

et desinstalle

Adobe Reader 8
Adobe Flash Player 9

puis supprime ce fichier si present : C:\Windows\SYSTEM32\Macromed\Flash\Flash9f.ocx


ensuite installe les derniere version de :

https://get2.adobe.com/fr/reader/otherversions/
decoche bien la case qui te propose d'installer Mcaffe avant de telecharger le fichier

et https://get.adobe.com/flashplayer/?loc=fr&promoid=DXLUJ
decoche bien la case qui te propose d'installer Mcaffe avant de telecharger le fichier


puis repasse CCleaner registre compris jusqu' a 0erreur


tu as fait sa ?
va dans demarrer/tout les programme/windows update
et recherche des mises a jour et installe les puis redemarre ton PC et recommence l'opration jusqu' a ne + avoir de mise a jour


et passe a GMER en suivant BIEN les consignes


0
Kaeldos Messages postés 79 Date d'inscription   Statut Membre Dernière intervention   1
 
voici le rapport GMER:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-02 00:05:59
Windows 6.0.6001 Service Pack 1
Running: aupif.exe; Driver: C:\Users\YANNBA~1\AppData\Local\Temp\fgdiyfog.sys


---- System - GMER 1.0.15 ----

SSDT 8B71A0A4 ZwCreateThread
SSDT 8B71A090 ZwOpenProcess
SSDT 8B71A095 ZwOpenThread
SSDT 8B71A09F ZwTerminateProcess
SSDT 8B71A09A ZwWriteVirtualMemory

INT 0x51 ? 84561BF8
INT 0x62 ? 86F7DBF8
INT 0x72 ? 86F7DBF8
INT 0x92 ? 84560BF8
INT 0xA2 ? 84561BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 454 81CF7B18 4 Bytes [A4, A0, 71, 8B]
.text ntkrnlpa.exe!KeSetTimerEx + 624 81CF7CE8 4 Bytes [90, A0, 71, 8B]
.text ntkrnlpa.exe!KeSetTimerEx + 640 81CF7D04 4 Bytes [95, A0, 71, 8B]
.text ntkrnlpa.exe!KeSetTimerEx + 854 81CF7F18 4 Bytes [9F, A0, 71, 8B]
.text ntkrnlpa.exe!KeSetTimerEx + 8B4 81CF7F78 4 Bytes [9A, A0, 71, 8B]
? System32\Drivers\spge.sys Le chemin d'accès spécifié est introuvable. !
.text USBPORT.SYS!DllUnload 8A75E46F 5 Bytes JMP 86F7D1D8
.text ai0gsehq.SYS 8F7BE000 22 Bytes [26, 32, C1, 81, 10, 31, C1, ...]
.text ai0gsehq.SYS 8F7BE017 181 Bytes [00, 32, E7, 30, 82, 3D, E5, ...]
.text ai0gsehq.SYS 8F7BE0CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
.text ai0gsehq.SYS 8F7BE0DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ai0gsehq.SYS 8F7BE0E7 714 Bytes [00, F0, 0E, 00, 00, 00, 00, ...]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [822046D6] \SystemRoot\System32\Drivers\spge.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [82204042] \SystemRoot\System32\Drivers\spge.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [82204800] \SystemRoot\System32\Drivers\spge.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [822040C0] \SystemRoot\System32\Drivers\spge.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8220413E] \SystemRoot\System32\Drivers\spge.sys
IAT \SystemRoot\System32\Drivers\ai0gsehq.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\ai0gsehq.SYS[ataport.SYS!AtaPortWritePortUchar] 838F7E3F
IAT \SystemRoot\System32\Drivers\ai0gsehq.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\ai0gsehq.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\ai0gsehq.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
IAT \SystemRoot\System32\Drivers\ai0gsehq.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8F7E10
IAT \SystemRoot\System32\Drivers\ai0gsehq.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\ai0gsehq.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\ai0gsehq.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\ai0gsehq.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\ai0gsehq.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\ai0gsehq.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\ai0gsehq.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\ai0gsehq.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\ai0gsehq.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\ai0gsehq.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\ai0gsehq.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\ai0gsehq.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\ai0gsehq.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\ai0gsehq.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\ai0gsehq.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\ai0gsehq.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 853221F8
Device \FileSystem\cdfs \Cdfs 87F2A500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x22 0x3F 0x7B 0xF7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA0 0x61 0xB0 0xC8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x68 0xCC 0x76 0x3C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x22 0x3F 0x7B 0xF7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA0 0x61 0xB0 0xC8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x68 0xCC 0x76 0x3C ...

---- EOF - GMER 1.0.15 ----
0
Réponse 48 / 80
plopus Messages postés 5962 Date d'inscription   Statut Contributeur sécurité Dernière intervention   293
 
salut

as tu des problemes en particuliers ?
des bizarreries ?

refait sa stp pour voir car apparament les log reduise, a chaque fois que tu le fait.


a faire dans l'ordre :

va dans demarrer / executer

tu tape

CHKDSK

puis entrée

un scan va ce lancer laisse le faire et suit les instructions a la fin si on t'en donne.


=======


puis retourne dans demarrer / executer tape

CMD

puis entrée

dans la fenetre noir tu tape

sfc /scannow (il y a un espace entre les 2)

un scan va ce lancer, laisse faire si on te demande le CD de windows met le si tu l'as.

dit moi ce que les 2 commandes t 'on mise et si sa va mieux.
0
Réponse 49 / 80
Kaeldos Messages postés 79 Date d'inscription   Statut Membre Dernière intervention   1
 
Des bizarreries oui j'en ai. Après quelques heures d'utilisations du PC, explorer se freeze un vingtaine de seconde par intervalle de dix secondes. Voir même un freeze complet du PC. Pour l'exemple après utilisation de Gmer, je fermais le programmes et dès que je lançais la moindre application ça bloquait le PC. Je pouvais ne faire que ctrl+alt+sup et ensuite la moindre action bloquait le pc. Je fais ce que tu m'as demandé dans la soirée.
0
Réponse 50 / 80
Kaeldos Messages postés 79 Date d'inscription   Statut Membre Dernière intervention   1
 
Pour CHKDSK:
Windows a verifié le système de fichiers sans trouver de problème.

339292768 Ko d'espace disque total.
194493684 Ko dans 224522 fichiers.
113008 Ko dans 24246 index.
0 Ko dans des secteurs défectueux.
388792 Ko utilisés par le système.
65536 Ko occupés par le fichier journal.
144297284 Ko disponible sur le disque

4096 octets disponibles sur le disque.
84823192 unités d'allocation au total sur le disque.
36074321 unités d'allocation disponibles sur le disque.
0
Réponse 51 / 80
Kaeldos Messages postés 79 Date d'inscription   Statut Membre Dernière intervention   1
 
voila le log de scannow. j'l'ai coupé en 2 ( 11 mo le truc):

http://www.cijoint.fr/cjlink.php?file=cj201003/cijnJx2184.txt
http://www.cijoint.fr/cjlink.php?file=cj201003/cijJ4wTlhd.txt
0
Réponse 52 / 80
plopus Messages postés 5962 Date d'inscription   Statut Contributeur sécurité Dernière intervention   293
 
Le scan SFc te demande le CD de windows ? que te dit il a la fin a par le rapport


bon, c'est la 1er fois que je vais utiliser ce tool jveux voir un truc


Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

▶ Télécharge List&Kill'em et enregistre le sur ton bureau

▶ dezippe-le , (clic droit/ extraire.....)

Il ne necessite pas d'installation

▶ double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

choisis la langue puis choisis l'option 1 = Mode Recherche

▶ laisse travailler l'outil

un rapport du nom de catchme apparait sur ton bureau , ignore-le , mais ne le supprime pas pour l instant

▶ Poste le contenu du rapport qui s'ouvre
0
Réponse 53 / 80
Kaeldos Messages postés 79 Date d'inscription   Statut Membre Dernière intervention   1
 
sfc ne me demande pas le CD windows, et il me dit qu'il n'a rien trouvé de particulier.
Je fais le list&kill'em demain matin.
0
Réponse 54 / 80
plopus Messages postés 5962 Date d'inscription   Statut Contributeur sécurité Dernière intervention   293
 
salut

[list]
[*] [url=http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/]Clique ici[/url] pour télécharger sur ton bureau
[*] Ferme toutes tes fenêtres, puis double clique sur [color=#FF8000]OTL.exe[/color] pour le lancer.
[*] Coche Lop Check et Purity check
[*] Sous Custom Scans (en bas), copie/colle ceci



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ /s



[*] Clique sur le bouton Run Scan en haut à gauche puis patiente quelques instants.
[list]
[*] A la fin du scan, deux rapports s'ouvriront OTL.Txt et Extras.Txt Copie/colle ici l'ensemble des rapports.[/list]
PS : Les rapport sont aussi enregistrés sur le bureau[/list]
0
Réponse 55 / 80
Kaeldos Messages postés 79 Date d'inscription   Statut Membre Dernière intervention   1
 
voila pour list&kill'em.

List'em by g3n-h@ckm@n 1.2.8.5

User : YannBastian (Administrateurs)
Update on 03/03/2010 by g3n-h@ckm@n ::::: 18.30
Start at: 12:24:39 | 04/03/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

AMD Athlon(tm) Dual Core Processor 4450e
Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 323,57 Go (140,83 Go free) [COMPAQ] | NTFS
D:\ -> Disque fixe local | 11,77 Go (1,02 Go free) [FACTORY_IMAGE] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque CD-ROM

Boot: Normal


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\cmd.exe
C:\Users\YannBastian\AppData\Local\temp\DE1E.tmp\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Steam REG_SZ "c:\program files\steam\steam.exe" -silent
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
hpsysdrv REG_SZ c:\hp\support\hpsysdrv.exe
HP Health Check Scheduler REG_SZ c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
DPService REG_SZ "C:\Program Files\HP\DVDPlay\DPService.exe"
HP Software Update REG_SZ c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
SunJavaUpdateReg REG_SZ "C:\Windows\system32\jureg.exe" -delete
SunJavaUpdateSched REG_SZ "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 0 (0x0)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
DisableRegistryTools REG_DWORD 0 (0x0)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDrives REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDrives REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
AutoRestartShell REG_DWORD 1 (0x1)
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 1 (0x1)
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD 39 (0x27)
SFCDisable REG_DWORD 0 (0x0)
System REG_SZ

===============

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

===
DNS
===

HKLM\SYSTEM\CCS\Services\Tcpip\..\{88461DBB-E719-4D93-98C0-1610821C8095}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{88461DBB-E719-4D93-98C0-1610821C8095}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{88461DBB-E719-4D93-98C0-1610821C8095}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Users\YannBastian\AppData\Local\temp\DE1E.tmp
## C:\> hashdeep.exe C:\Windows\ERDNT\cache\atapi.sys
##
21560,2d9c903dc76a66813d350a562de40ed9,82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3,C:\Windows\ERDNT\cache\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Users\YannBastian\AppData\Local\temp\DE1E.tmp
## C:\> hashdeep.exe C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
##
19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Users\YannBastian\AppData\Local\temp\DE1E.tmp
## C:\> hashdeep.exe C:\Windows\System32\drivers\atapi.sys
##
21560,2d9c903dc76a66813d350a562de40ed9,82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3,C:\Windows\System32\drivers\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Users\YannBastian\AppData\Local\temp\DE1E.tmp
## C:\> hashdeep.exe C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
##
19048,4f4fcb8b6ea06784fb6d475b7ec7300f,6202d85c9a75e3f01f5f94f069c4cd8a2b9295a182301eae5940ec3bc2c1d896,C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Users\YannBastian\AppData\Local\temp\DE1E.tmp
## C:\> hashdeep.exe C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
##
21560,2d9c903dc76a66813d350a562de40ed9,82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3,C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Users\YannBastian\AppData\Local\temp\DE1E.tmp
## C:\> hashdeep.exe C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
##
21560,2d9c903dc76a66813d350a562de40ed9,82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3,C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.

Rapport d'analyse pour le volume C: COMPAQ

Taille du volume = 324 Go
Espace libre = 141 Go
tendue d'espace libre la plus grande = 109 Go
Pourcentage de fragmentation des fichiers = 6 %

Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.

Il n'est pas n‚cessaire de d‚fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Program Files\Autorun.exe
Present !! : C:\Program Files\Autorun.ico
Present !! : C:\Program Files\DAEMON Tools Toolbar
Present !! : C:\Windows\System32\ealregsnapshot1.reg
Present !! : C:\Users\YannBastian\AppData\Roaming\avdrn.dat
Present !! : C:\Users\YannBastian\LOCAL Settings\Temp\FP_PL_PFS_INSTALLER.exe
Present !! : C:\Users\YannBastian\LOCAL Settings\Temp\catchme.dll
Present !! : C:\Users\YannBastian\LOCAL Settings\Temp\secuniasi3836868787347055193.dll

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_USERS\S-1-5-21-3430781819-4112138520-4176161753-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 12:37:52
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"hdf12"=hex:22,3f,7b,f7,d9,a3,02,89,87,47,7f,fc,3c,2a,b7,0e,9c,f3,2b,06,66,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,c1,45,94,c7,28,cc,25,67,29,68,d7,8f,1f,c9,95,b2,07,..
"hdf12"=hex:a0,61,b0,c8,65,e5,f1,4d,25,79,ff,9e,63,90,ad,74,d7,7b,02,3f,74,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:68,cc,76,3c,93,5f,9e,74,9c,68,65,38,68,13,01,a7,16,6a,44,ad,3c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"hdf12"=hex:22,3f,7b,f7,d9,a3,02,89,87,47,7f,fc,3c,2a,b7,0e,9c,f3,2b,06,66,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,c1,45,94,c7,28,cc,25,67,29,68,d7,8f,1f,c9,95,b2,07,..
"hdf12"=hex:a0,61,b0,c8,65,e5,f1,4d,25,79,ff,9e,63,90,ad,74,d7,7b,02,3f,74,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:68,cc,76,3c,93,5f,9e,74,9c,68,65,38,68,13,01,a7,16,6a,44,ad,3c,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll prosync1.sys >>UNKNOWN [0x853221F8]<<
kernel: MBR read successfully
user & kernel MBR OK


¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials





¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 12:56:10,43
0
Réponse 56 / 80
Kaeldos Messages postés 79 Date d'inscription   Statut Membre Dernière intervention   1
 
voici les deux rapports de OTL. Le old.txt:

OTL by OldTimer - Version 3.1.33.0 Folder = C:\Users\YannBastian\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 323,57 Gb Total Space | 140,53 Gb Free Space | 43,43% Space Free | Partition Type: NTFS
Drive D: | 11,77 Gb Total Space | 1,02 Gb Free Space | 8,68% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-YANNBASTIAN
Current User Name: YannBastian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========/color

PRC - [2010/03/04 13:02:09 | 000,552,960 | ---- | M] (OldTimer Tools) -- C:\Users\YannBastian\Desktop\OTL.exe
PRC - [2010/03/03 10:40:45 | 001,097,296 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\GameOverlayUI.exe
PRC - [2010/02/20 10:58:01 | 001,217,872 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2010/02/19 11:49:00 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/10 15:50:22 | 000,142,008 | ---- | M] () -- C:\Program Files\Mumble\dbus-daemon.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/15 13:31:25 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/15 13:29:28 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008/06/12 13:28:40 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008/01/21 03:33:52 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/01/21 03:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/04/18 16:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


[color=#E56717]========== Modules (SafeList) ==========/color

MOD - [2010/03/04 13:02:09 | 000,552,960 | ---- | M] (OldTimer Tools) -- C:\Users\YannBastian\Desktop\OTL.exe
MOD - [2008/01/21 03:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========/color

SRV - [2010/02/10 21:59:00 | 003,654,060 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/11/01 08:13:22 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/10/15 13:31:25 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/15 13:29:28 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/02/03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Stopped] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


[color=#E56717]========== Driver Services (SafeList) ==========/color

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/01/12 12:03:34 | 011,586,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/02 21:29:19 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/06/02 21:29:18 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/06/02 21:29:16 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2009/05/17 18:44:52 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/07/03 18:03:48 | 002,152,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/06/06 20:13:40 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/06/06 20:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/01/21 03:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 03:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/11/08 18:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2006/12/23 10:44:59 | 000,080,768 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2006/12/23 10:43:17 | 000,077,120 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2005/12/21 10:16:58 | 000,007,136 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003/12/01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)


[color=#E56717]========== Standard Registry (SafeList) ==========/color


[color=#E56717]========== Internet Explorer ==========/color

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========/color

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1978305&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1978305&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/24 09:17:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/01 22:44:01 | 000,000,000 | ---D | M]

[2009/02/10 17:01:12 | 000,000,000 | ---D | M] -- C:\Users\YannBastian\AppData\Roaming\mozilla\Extensions
[2010/03/03 15:30:16 | 000,000,000 | ---D | M] -- C:\Users\YannBastian\AppData\Roaming\mozilla\Firefox\Profiles\g2ay6tdk.default\extensions
[2009/09/03 19:51:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\YannBastian\AppData\Roaming\mozilla\Firefox\Profiles\g2ay6tdk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/01 09:38:14 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\YannBastian\AppData\Roaming\mozilla\Firefox\Profiles\g2ay6tdk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/03/03 15:30:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/07 12:51:02 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/01/07 12:51:02 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/01/07 12:51:02 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/01/07 12:51:02 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/01/07 12:51:02 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/02/28 20:25:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DPService] C:\Program Files\HP\DVDPlay\DPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/26 12:06:54 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color

[2010/03/04 13:02:07 | 000,552,960 | ---- | C] (OldTimer Tools) -- C:\Users\YannBastian\Desktop\OTL.exe
[2010/03/04 12:24:21 | 000,000,000 | ---D | C] -- C:\Kill'em
[2010/03/03 20:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\List_Kill'em
[2010/03/03 19:30:59 | 000,000,000 | ---D | C] -- C:\Users\YannBastian\AppData\Local\Mumble
[2010/03/01 22:58:14 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/03/01 22:58:14 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/03/01 22:58:14 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/03/01 22:58:14 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/03/01 22:58:14 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/03/01 22:58:14 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/03/01 22:58:14 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/01 22:58:14 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/03/01 22:58:14 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/03/01 22:58:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/01 22:58:14 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010/03/01 22:58:13 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/03/01 22:58:13 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/03/01 22:58:13 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/03/01 22:58:13 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/01 22:58:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/03/01 22:58:13 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/03/01 22:58:13 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/03/01 22:58:13 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/03/01 22:58:13 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/03/01 22:58:12 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/01 22:58:12 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/01 22:58:12 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/03/01 22:58:12 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010/03/01 22:58:12 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2010/03/01 22:58:12 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/03/01 22:58:12 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/03/01 22:58:12 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/01 22:58:11 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/03/01 22:58:11 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/03/01 22:58:11 | 000,391,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/01 22:58:11 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/03/01 22:58:10 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/03/01 22:58:10 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/03/01 22:58:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/03/01 22:58:10 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/03/01 22:58:10 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/03/01 22:58:10 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010/03/01 22:58:10 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/03/01 22:58:10 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/03/01 22:58:10 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/03/01 22:58:10 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010/03/01 22:58:09 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/03/01 22:57:48 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/03/01 22:46:24 | 001,955,472 | ---- | C] (Adobe Systems Incorporated) -- C:\install_flash_player_ax.exe
[2010/03/01 22:37:59 | 027,565,744 | ---- | C] ( ) -- C:\AdbeRdr930_fr_FR.exe
[2010/03/01 22:36:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/03/01 20:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/01 20:38:42 | 003,396,856 | ---- | C] (Piriform Ltd) -- C:\ccsetup229.exe
[2010/03/01 20:31:16 | 000,000,000 | ---D | C] -- C:\Nouveau dossier
[2010/03/01 20:25:56 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2010/03/01 20:25:56 | 000,000,000 | ---D | C] -- C:\Users\YannBastian\Recent
[2010/03/01 20:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/01 20:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/01 20:10:47 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/03/01 20:10:47 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/03/01 20:10:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/03/01 20:10:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/03/01 20:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/03/01 20:09:00 | 000,923,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\jxpiinstall.exe
[2010/03/01 19:25:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/03/01 19:25:13 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/03/01 19:25:12 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/03/01 19:25:12 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/03/01 19:25:12 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/03/01 19:25:12 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/03/01 19:25:12 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/03/01 19:25:11 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/03/01 19:25:10 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/03/01 19:25:10 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/03/01 16:16:53 | 003,654,060 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des
[2010/02/28 20:34:19 | 000,000,000 | ---D | C] -- C:\Users\YannBastian\AppData\Local\temp
[2010/02/28 20:33:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/02/28 19:54:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/02/26 19:46:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/02/26 19:13:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/02/26 19:13:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/02/26 19:13:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/02/26 19:13:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/02/25 17:14:50 | 000,000,000 | ---D | C] -- C:\Users\YannBastian\AppData\Roaming\Malwarebytes
[2010/02/25 17:14:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/25 17:14:44 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/25 17:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/25 17:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/25 17:12:56 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\YannBastian\Desktop\mbam-setup.exe
[2010/02/25 13:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/02/10 03:10:39 | 003,597,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/10 03:10:39 | 003,546,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/10 03:10:30 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/10 03:10:30 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/10 03:10:30 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/10 03:10:30 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/10 03:10:30 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/02/06 17:38:46 | 000,000,000 | ---D | C] -- C:\cxl
[2010/02/06 17:05:00 | 000,000,000 | ---D | C] -- C:\trainer torchlight
[2009/05/17 14:30:21 | 000,245,408 | ---- | C] (Microsoft Corporation) -- C:\Program Files\unicows.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========/color

[2010/03/04 14:54:20 | 006,029,312 | -HS- | M] () -- C:\Users\YannBastian\ntuser.dat
[2010/03/04 14:23:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/04 14:23:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/04 14:00:12 | 000,035,465 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/04 13:58:52 | 000,000,290 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/03/04 13:30:46 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/03/04 13:02:09 | 000,552,960 | ---- | M] (OldTimer Tools) -- C:\Users\YannBastian\Desktop\OTL.exe
[2010/03/04 12:23:59 | 000,035,465 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/04 12:23:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/04 12:23:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/04 12:23:39 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/04 12:22:05 | 000,524,288 | -HS- | M] () -- C:\Users\YannBastian\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/03/04 12:22:05 | 000,065,536 | -HS- | M] () -- C:\Users\YannBastian\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/03/04 12:12:23 | 003,041,430 | -H-- | M] () -- C:\Users\YannBastian\AppData\Local\IconCache.db
[2010/03/04 11:26:43 | 000,238,080 | ---- | M] () -- C:\Users\YannBastian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 11:06:43 | 001,470,810 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/04 11:06:43 | 000,669,328 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/03/04 11:06:43 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/04 11:06:43 | 000,123,350 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/03/04 11:06:43 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/03 20:00:23 | 000,000,798 | ---- | M] () -- C:\Users\Public\Desktop\List_Kill'em.lnk
[2010/03/03 05:15:26 | 003,205,760 | ---- | M] () -- C:\4.wmv
[2010/03/03 05:10:48 | 006,002,583 | ---- | M] () -- C:\3.wmv
[2010/03/01 23:22:35 | 000,293,376 | ---- | M] () -- C:\aupif.exe
[2010/03/01 23:13:19 | 000,293,376 | ---- | M] () -- C:\gmer.exe
[2010/03/01 23:08:34 | 000,293,376 | ---- | M] () -- C:\oml949bw.exe
[2010/03/01 22:46:26 | 001,955,472 | ---- | M] (Adobe Systems Incorporated) -- C:\install_flash_player_ax.exe
[2010/03/01 22:44:01 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/03/01 22:42:38 | 027,565,744 | ---- | M] ( ) -- C:\AdbeRdr930_fr_FR.exe
[2010/03/01 20:44:55 | 000,293,376 | ---- | M] () -- C:\knrphuod.exe
[2010/03/01 20:39:16 | 000,001,676 | ---- | M] () -- C:\Users\YannBastian\Desktop\CCleaner.lnk
[2010/03/01 20:39:01 | 003,396,856 | ---- | M] (Piriform Ltd) -- C:\ccsetup229.exe
[2010/03/01 20:36:15 | 035,353,088 | ---- | M] () -- C:\AdbeRdr820_en_US.msi
[2010/03/01 20:13:50 | 000,455,680 | ---- | M] () -- C:\ToolsCleaner2.exe
[2010/03/01 20:10:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/03/01 20:10:19 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/03/01 20:10:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/03/01 20:10:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/03/01 20:09:09 | 000,923,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\jxpiinstall.exe
[2010/03/01 19:54:29 | 000,075,304 | ---- | M] () -- C:\Users\YannBastian\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/01 19:53:02 | 000,315,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/01 13:01:45 | 000,000,004 | ---- | M] () -- C:\Users\YannBastian\AppData\Roaming\avdrn.dat
[2010/02/28 20:25:48 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/02/28 20:25:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/02/28 19:05:41 | 366,627,722 | ---- | M] () -- C:\Legend.of.the.Seeker.S02E13.HDTV.XviD-LOL.avi
[2010/02/28 18:52:18 | 000,022,931 | ---- | M] () -- C:\Legend of the Seeker_2x13_HDTV.1ère version - legend.of.the.seeker.over-blog.com.fr.zip
[2010/02/28 16:48:08 | 000,059,718 | ---- | M] () -- C:\Legend of the Seeker - 2x13 - Princess.HDTV.1+¿re version - legend.of.the.seeker.over-blog.com.fr.srt
[2010/02/28 16:25:03 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/02/26 18:50:28 | 003,873,931 | R--- | M] () -- C:\Users\YannBastian\Desktop\cbfix.exe
[2010/02/26 03:02:23 | 003,821,681 | ---- | M] () -- C:\movie4.wmv
[2010/02/26 03:00:39 | 004,093,693 | ---- | M] () -- C:\movie3.wmv
[2010/02/26 03:00:39 | 003,693,675 | ---- | M] () -- C:\movie2.wmv
[2010/02/25 18:21:17 | 002,746,372 | ---- | M] () -- C:\sph4.mpg
[2010/02/25 17:14:48 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/25 17:13:09 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\YannBastian\Desktop\mbam-setup.exe
[2010/02/24 15:07:05 | 000,000,016 | ---- | M] () -- C:\Users\YannBastian\AppData\Roaming\rbuwzv.dat
[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/18 13:49:16 | 000,002,261 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/02/17 20:56:12 | 365,588,662 | ---- | M] () -- C:\Legend.of.the.Seeker.S02E11.HDTV.XviD-LOL.avi
[2010/02/17 18:49:17 | 000,023,033 | ---- | M] () -- C:\Legend of the Seeker_2x11_HDTV.LOL.fr.zip
[2010/02/17 01:17:22 | 194,089,856 | ---- | M] () -- C:\DungeonDefense_Install_2.2_JeuxVideo.com_14521.exe
[2010/02/16 15:03:54 | 000,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2010/02/16 13:24:50 | 000,000,467 | ---- | M] () -- C:\msmq.reg
[2010/02/16 09:22:32 | 000,060,242 | ---- | M] () -- C:\Legend of the Seeker - 2x11 - Torn.HDTV.LOL.fr.srt
[2010/02/12 16:25:36 | 000,069,057 | ---- | M] () -- C:\Medium - 6x13 - Psych.HDTV.fr.srt
[2010/02/12 11:48:12 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/02/12 01:05:57 | 000,000,284 | ---- | M] () -- C:\Users\YannBastian\AppData\Roaming\wklnhst.dat
[2010/02/10 21:59:00 | 003,654,060 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des
[2010/02/08 18:53:11 | 000,002,391 | ---- | M] () -- C:\Users\YannBastian\Documents\MumbleAutomaticCertificateBackup.p12
[2010/02/08 18:53:04 | 000,000,799 | ---- | M] () -- C:\Users\Public\Desktop\Mumble (Backwards Compatible).lnk
[2010/02/08 18:53:04 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[2010/02/06 10:01:44 | 366,703,320 | ---- | M] () -- C:\med612.avi
[2010/02/02 21:16:43 | 001,882,267 | ---- | M] () -- C:\AtlasLoot-v5.09.05.zip
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========/color

[2010/03/04 13:58:52 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/03/03 20:00:23 | 000,000,798 | ---- | C] () -- C:\Users\Public\Desktop\List_Kill'em.lnk
[2010/03/03 05:10:35 | 006,002,583 | ---- | C] () -- C:\3.wmv
[2010/03/01 23:22:34 | 000,293,376 | ---- | C] () -- C:\aupif.exe
[2010/03/01 23:13:18 | 000,293,376 | ---- | C] () -- C:\gmer.exe
[2010/03/01 23:08:33 | 000,293,376 | ---- | C] () -- C:\oml949bw.exe
[2010/03/01 22:58:11 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/03/01 22:44:01 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/03/01 20:44:50 | 000,293,376 | ---- | C] () -- C:\knrphuod.exe
[2010/03/01 20:39:16 | 000,001,676 | ---- | C] () -- C:\Users\YannBastian\Desktop\CCleaner.lnk
[2010/03/01 20:29:44 | 035,353,088 | ---- | C] () -- C:\AdbeRdr820_en_US.msi
[2010/03/01 20:13:49 | 000,455,680 | ---- | C] () -- C:\ToolsCleaner2.exe
[2010/03/01 13:01:45 | 000,000,004 | ---- | C] () -- C:\Users\YannBastian\AppData\Roaming\avdrn.dat
[2010/02/28 19:08:09 | 000,059,718 | ---- | C] () -- C:\Legend of the Seeker - 2x13 - Princess.HDTV.1+¿re version - legend.of.the.seeker.over-blog.com.fr.srt
[2010/02/28 18:54:05 | 366,627,722 | ---- | C] () -- C:\Legend.of.the.Seeker.S02E13.HDTV.XviD-LOL.avi
[2010/02/28 18:52:15 | 000,022,931 | ---- | C] () -- C:\Legend of the Seeker_2x13_HDTV.1ère version - legend.of.the.seeker.over-blog.com.fr.zip
[2010/02/26 19:13:40 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/02/26 19:13:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/02/26 19:13:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/02/26 19:13:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/02/26 18:49:42 | 003,873,931 | R--- | C] () -- C:\Users\YannBastian\Desktop\cbfix.exe
[2010/02/26 03:02:12 | 003,821,681 | ---- | C] () -- C:\movie4.wmv
[2010/02/26 03:00:09 | 003,693,675 | ---- | C] () -- C:\movie2.wmv
[2010/02/26 03:00:03 | 004,093,693 | ---- | C] () -- C:\movie3.wmv
[2010/02/25 18:20:40 | 002,746,372 | ---- | C] () -- C:\sph4.mpg
[2010/02/25 17:14:48 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/24 15:06:46 | 000,000,016 | ---- | C] () -- C:\Users\YannBastian\AppData\Roaming\rbuwzv.dat
[2010/02/18 11:02:16 | 000,060,242 | ---- | C] () -- C:\Legend of the Seeker - 2x11 - Torn.HDTV.LOL.fr.srt
[2010/02/17 19:56:53 | 365,588,662 | ---- | C] () -- C:\Legend.of.the.Seeker.S02E11.HDTV.XviD-LOL.avi
[2010/02/17 14:16:19 | 003,205,760 | ---- | C] () -- C:\4.wmv
[2010/02/17 01:12:52 | 194,089,856 | ---- | C] () -- C:\DungeonDefense_Install_2.2_JeuxVideo.com_14521.exe
[2010/02/16 15:03:54 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/02/16 13:24:50 | 000,000,467 | ---- | C] () -- C:\msmq.reg
[2010/02/16 11:14:07 | 000,023,033 | ---- | C] () -- C:\Legend of the Seeker_2x11_HDTV.LOL.fr.zip
[2010/02/13 20:23:31 | 000,069,057 | ---- | C] () -- C:\Medium - 6x13 - Psych.HDTV.fr.srt
[2010/02/08 18:53:11 | 000,002,391 | ---- | C] () -- C:\Users\YannBastian\Documents\MumbleAutomaticCertificateBackup.p12
[2010/02/08 18:53:04 | 000,000,799 | ---- | C] () -- C:\Users\Public\Desktop\Mumble (Backwards Compatible).lnk
[2010/02/08 18:53:04 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2010/02/06 09:53:57 | 366,703,320 | ---- | C] () -- C:\med612.avi
[2010/02/02 21:16:33 | 001,882,267 | ---- | C] () -- C:\AtlasLoot-v5.09.05.zip
[2010/01/23 16:33:40 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/01/21 08:48:21 | 003,268,476 | ---- | C] () -- C:\ProgramData\AuctioneerSuite-5.7.4568.zip
[2010/01/19 14:00:08 | 005,349,537 | ---- | C] () -- C:\ProgramData\petfoj4.wmv
[2010/01/19 14:00:05 | 005,333,537 | ---- | C] () -- C:\ProgramData\petfoj3.wmv
[2010/01/19 14:00:01 | 005,333,537 | ---- | C] () -- C:\ProgramData\petfoj2.wmv
[2010/01/19 13:59:59 | 005,333,537 | ---- | C] () -- C:\ProgramData\petfoj1.wmv
[2010/01/17 22:35:01 | 001,090,977 | ---- | C] () -- C:\ProgramData\DBM-4.38-r3147-Core-and-WotLK-Mods.zip
[2009/10/22 18:38:29 | 000,035,465 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/22 18:38:29 | 000,035,465 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/02 23:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/07/04 08:32:57 | 000,000,284 | ---- | C] () -- C:\Users\YannBastian\AppData\Roaming\wklnhst.dat
[2009/05/17 18:44:52 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/05/17 14:30:21 | 000,258,048 | ---- | C] () -- C:\Program Files\Autorun.exe
[2009/05/17 14:30:21 | 000,004,363 | ---- | C] () -- C:\Program Files\ReadMe.txt
[2009/05/17 14:30:21 | 000,003,262 | ---- | C] () -- C:\Program Files\MedievalLords.ico
[2009/05/17 14:30:21 | 000,000,766 | ---- | C] () -- C:\Program Files\Autorun.ico
[2009/04/07 05:32:10 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll
[2009/01/28 20:10:22 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/01/28 12:10:59 | 000,002,032 | ---- | C] () -- C:\Users\YannBastian\AppData\Local\d3d9caps.dat
[2009/01/28 11:58:45 | 000,238,080 | ---- | C] () -- C:\Users\YannBastian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 17:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/11/06 17:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/11/06 17:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/08/26 12:07:48 | 000,000,350 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/08/26 11:48:45 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/08/26 11:48:45 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/12/29 12:16:02 | 000,036,864 | ---- | C] () -- C:\Windows\System32\frapsvid.dll

[color=#E56717]========== LOP Check ==========/color

[2009/02/23 10:08:37 | 000,000,000 | ---D | M] -- C:\Users\YannBastian\AppData\Roaming\Acreon
[2009/01/28 20:13:13 | 000,000,000 | ---D | M] -- C:\Users\YannBastian\AppData\Roaming\Atari
[2009/09/23 23:07:52 | 000,000,000 | ---D | M] -- C:\Users\YannBastian\AppData\Roaming\Azureus
[2009/06/06 20:49:18 | 000,000,000 | ---D | M] -- C:\Users\YannBastian\AppData\Roaming\DAEMON Tools Lite
[2009/11/24 21:09:45 | 000,000,000 | ---D | M] -- C:\Users\YannBastian\AppData\Roaming\Multi File Downloader
[2010/03/04 13:55:28 | 000,000,000 | ---D | M] -- C:\Users\YannBastian\AppData\Roaming\Mumble
[2009/11/23 13:02:47 | 000,000,000 | ---D | M] -- C:\Users\YannBastian\AppData\Roaming\runic games
[2009/06/28 00:24:19 | 000,000,000 | ---D | M] -- C:\Users\YannBastian\AppData\Roaming\SPORE
[2009/07/04 08:33:04 | 000,000,000 | ---D | M] -- C:\Users\YannBastian\AppData\Roaming\Template
[2009/01/29 18:41:59 | 000,000,000 | ---D | M] -- C:\Users\YannBastian\AppData\Roaming\Ubisoft
[2010/03/04 12:22:03 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========/color



[color=#E56717]========== Custom Scans ==========/color


[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ /s >/color
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"" = Microsoft Windows Media Player
"IsInstalled" = 0
"Version" = 11,0,6001,7008
"ComponentID" = WMPACCESS
"LocalizedName" = @%SystemRoot%\system32\wmploc.dll,-128 -- [2009/09/10 16:21:53 | 008,147,456 | ---- | M] (Microsoft Corporation)
"StubPath" = C:\Windows\system32\unregmp2.exe /ShowWMP -- [2009/09/10 16:21:07 | 000,310,784 | ---- | M] (Microsoft Corporation)
"DontAsk" = 2
"Locale" = *
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"" = Internet Explorer
"LocalizedName" = @C:\Windows\system32\ie4uinit.exe,-21 -- [2009/03/08 12:32:53 | 000,173,056 | ---- | M] (Microsoft Corporation)
"ComponentID" = IEACCESS
"Dontask" = 2
"IsInstalled" = 1
"Locale" = *
"StubPath" = C:\Windows\system32\ie4uinit.exe -UserIconConfig -- [2009/03/08 12:32:53 | 000,173,056 | ---- | M] (Microsoft Corporation)
"Version" = 8,0,6001,18702
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"" = Browser Customizations -- [2008/01/21 03:34:20 | 000,081,920 | ---- | M] (Microsoft Corporation)
"LocalizedName" = @C:\Windows\system32\iedkcs32.dll,-3052 -- [2009/03/08 22:09:24 | 000,391,536 | ---- | M] (Microsoft Corporation)
"ComponentiD" = BRANDING.CAB
"IsInstalled" = 1
"Locale" = *
"StubPath" = "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP -- [2009/03/08 22:09:24 | 000,391,536 | ---- | M] (Microsoft Corporation)
"Version" = 8,0,6001,18702
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"" = Java (Sun) -- [2010/03/01 20:10:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
"ComponentID" = JAVAVM
"IsInstalled" = 1
"KeyFileName" = C:\Program Files\Java\jre6\bin\regutils.dll -- [2010/02/18 22:50:48 | 000,266,240 | ---- | M] (Sun Microsystems, Inc.)
"Version" = 5,0,5000,0
"Locale" = EN
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
"" =
"Version" = 11,0,6001,7000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"" = Microsoft Windows Media Player 11.0
"IsInstalled" = 1
"Version" = 11,0,6001,7008
"DontAsk" = 2
"Locale" = EN
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"" = Themes Setup
"LocalizedName" = @%SystemRoot%\system32\themeui.dll,-2682 -- [2008/01/21 03:33:22 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ComponentID" = Theme Component
"IsInstalled" = 1
"Locale" = EN
"StubPath" = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll -- [2006/11/02 10:45:35 | 000,014,336 | ---- | M] (Microsoft Corporation)
"Version" = 1,1,1,9
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"" = Offline Browsing Pack
"ComponentID" = MobilePk
"IsInstalled" = 1
"Locale" = *
"Version" = 8,0,6001,18702
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"IsInstalled" = 1
"Dontask" = 2
"Locale" = *
"ComponentID" = MailNews
"CloneUser" = 1
"StubPath" = "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE -- [2008/01/21 03:32:59 | 000,397,312 | ---- | M] (Microsoft Corporation)
"Version" = 6,0,6001,18000
"" = Microsoft Windows Mail 7
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"Version" = 11,0,6001,7000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"" = DirectDrawEx
"ComponentID" = DirectDrawEx
"IsInstalled" = 1
"Locale" = *
"Version" = 4,71,1113,0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"" = Internet Explorer Help
"ComponentID" = HelpCont
"IsInstalled" = 1
"Locale" = *
"Version" = 8,0,6001,18702
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"" = Microsoft Windows Script 5.7
"ComponentID" = MSVBScript
"IsInstalled" = 1
"Locale" = FR
"Version" = 5,7,0,18068
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"" = Internet Explorer Setup Tools
"ComponentID" = GenSetup
"IsInstalled" = 1
"Locale" = *
"Version" = 8,0,6001,18702
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"" = Browsing Enhancements
"ComponentID" = ExtraPack
"IsInstalled" = 1
"Locale" = *
"Version" = 8,0,6001,18702
"KeyFileName" = %SystemRoot%\system32\msieftp.dll -- [2008/01/21 03:33:47 | 000,296,960 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
"" = Microsoft Windows Media Player
"IsInstalled" = 1
"Version" = 11,0,6001,7000
"ComponentID" = Microsoft Windows Media Player
"LocalizedName" = @%SystemRoot%\system32\wmploc.dll,-128 -- [2009/09/10 16:21:53 | 008,147,456 | ---- | M] (Microsoft Corporation)
"StubPath" = %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- [2009/09/10 16:21:07 | 000,310,784 | ---- | M] (Microsoft Corporation)
"DontAsk" = 2
"Locale" = EN
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"" = MSN Site Access
"ComponentID" = MSN_Auth
"IsInstalled" = 1
"Locale" = *
"Version" = 4,9,9,2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"" = Address Book 7
"Version" = 6,0,6001,18000
"IsInstalled" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
"" = .NET Framework
"Locale" =
"ComponentID" = .NETFramework
"Version" = 2,0,50727,0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"" = Windows Desktop Update
"LocalizedName" = @%SystemRoot%\system32\shell32.dll,-32969 -- [2008/11/06 14:14:25 | 011,580,928 | ---- | M] (Microsoft Corporation)
"ComponentID" = IE4_SHELLID
"IsInstalled" = 1
"Locale" = en
"StubPath" = regsvr32.exe /s /n /i:U shell32.dll -- [2006/11/02 10:45:35 | 000,014,336 | ---- | M] (Microsoft Corporation)
"Version" = 6,0,6001,18167
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"" = Internet Explorer
"LocalizedName" = @C:\Windows\system32\ie4uinit.exe,-20 -- [2009/03/08 12:32:53 | 000,173,056 | ---- | M] (Microsoft Corporation)
"ComponentID" = BASEIE40_W2K
"IsInstalled" = 1
"Locale" = en
"StubPath" = C:\Windows\system32\ie4uinit.exe -BaseSettings -- [2009/03/08 12:32:53 | 000,173,056 | ---- | M] (Microsoft Corporation)
"Version" = 8,0,6001,18702
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"IsInstalled" = 1
"ComponentID" = DOTNETFRAMEWORKS
"StubPath" = C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install -- [2008/07/27 19:03:17 | 000,083,968 | ---- | M] (Microsoft Corporation)
"DontAsk" = 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"" = Dynamic HTML Data Binding
"ComponentID" = Tridata
"IsInstalled" = 1
"Locale" = *
"Version" = 8,0,6001,18702
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
"" = .NET Framework
"Version" = 2,0,50727,1
"ComponentID" = .NETFramework
"Locale" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"" = Internet Explorer Core Fonts
"ComponentID" = Fontcore
"IsInstalled" = 1
"Locale" = *
"Version" = 8,0,6001,18702
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"IsInstalled" = 1
"Version" = 2,1,4025,0
"ComponentID" = Windows Movie Maker v2.1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
"" = Adobe Flash Player
"ComponentID" = Flash
"IsInstalled" = 01 00 00 00 [binary data]
"Version" = 10.0.45.2
"Locale" = EN
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"" = HTML Help
"ComponentID" = HTMLHelp
"IsInstalled" = 1
"Locale" = *
"Version" = 6,0,6001,18702
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"" = Active Directory Service Interface
"ComponentID" = ADSI
"IsInstalled" = 1
"Locale" = EN
"Version" = 5,0,00,0
< End of report >
0
Réponse 57 / 80
Kaeldos Messages postés 79 Date d'inscription   Statut Membre Dernière intervention   1
 
et le extra:

OTL Extras logfile created on: 04/03/2010 14:54:10 - Run 1
OTL by OldTimer - Version 3.1.33.0 Folder = C:\Users\YannBastian\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 323,57 Gb Total Space | 140,53 Gb Free Space | 43,43% Space Free | Partition Type: NTFS
Drive D: | 11,77 Gb Total Space | 1,02 Gb Free Space | 8,68% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-YANNBASTIAN
Current User Name: YannBastian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FC8359-ACF0-42FA-83CA-E849013ED537}" = rport=445 | protocol=6 | dir=out | app=system |
"{09AB2256-858F-47A1-99FE-4CF10AD425CB}" = rport=138 | protocol=17 | dir=out | app=system |
"{09B6FBE7-A0FF-429D-9DBE-E4D99C216726}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3E5E6ED2-6860-4B66-84F1-B4944853F745}" = lport=138 | protocol=17 | dir=in | app=system |
"{4530842B-C8A5-4A0B-875F-CDB6E6FCA143}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{6528648D-491A-4F4E-8DC7-5578027CA83E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{69E2F02B-810B-4F92-9DFC-0D7A9F1542B0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6B127277-6116-4B01-8CD3-4A5344D4401A}" = lport=445 | protocol=6 | dir=in | app=system |
"{70B0826C-ADD6-4A62-81FD-2DEAA809763A}" = rport=139 | protocol=6 | dir=out | app=system |
"{7A21C6FD-60A4-44B8-BD3C-52B91C8D9BC4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{81886929-4CA0-4794-A59E-3D1C41942F03}" = rport=137 | protocol=17 | dir=out | app=system |
"{A518FFD9-B7B8-4AD5-BAAC-25D76F23B044}" = lport=139 | protocol=6 | dir=in | app=system |
"{AAED1551-711A-40AC-B39F-A111AC2F274C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B0F4DD51-8351-4C92-B5E2-A41AA632F4CD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B390E4F7-D2EC-4324-98F3-92714D63EEF1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BC5EDB38-B880-4B19-9EC3-1FB5A15FC86C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C5724150-D239-461C-A1D7-B309B95535B3}" = lport=137 | protocol=17 | dir=in | app=system |
"{C8E2B974-910C-4026-B785-5A33E2C999E6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CB2B81A7-DB3F-4FA6-9DCB-AE8E275146D6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB4B2BFC-0D09-4984-AD9F-30137CE4368D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E3088A98-BD34-4C3F-897A-6506E3B8DC49}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0212903A-D5F2-4D41-9ED9-2ACB107CDD3C}" = protocol=6 | dir=in | app=c:\program files\cyanide\blood bowl\bb.exe |
"{0E903210-9D72-4067-B28C-0F1E629E423B}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"{11F9AA9F-1E36-42CE-A58F-967BBA3B3A73}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{12E1F0B1-AB5C-49DC-9771-83D463906F50}" = protocol=6 | dir=in | app=c:\program files\cyanide\blood bowl\autorun\exe\autorun.exe |
"{175F9149-38A8-41A0-888F-27D017E836CC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{20478038-6007-41D2-9B13-11CE919A7511}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-frfr-downloader.exe |
"{2055ED17-71BF-4280-AB93-4A93D49C6C28}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{227CCCBA-6D13-4AAE-B070-D40C30958CAB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii\overlord2.exe |
"{29FAE890-2D45-44F2-B2D6-4A494C78869D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-frfr-downloader.exe |
"{2CCF6BC6-7698-454C-91CE-5766DD188CEB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{2E77B2F5-513F-4E59-83FD-2EDE53A46D6C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{36F88FEF-6B0F-4531-95E2-18CE727E65B2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii\config.exe |
"{3A378916-8137-40AC-9A5C-DA1C810FBC21}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{50F67E86-7DDD-4527-81CB-F3A6865A0983}" = dir=in | app=c:\program files\hp\dvdplay\dpservice.exe |
"{53106110-E62B-4528-B15B-5954258D8999}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cities xl\runme.exe |
"{56EF9B4A-1F14-4DF8-8148-E39E8709CE55}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\kfed.exe |
"{570BF5AC-BA5A-4B04-B6EA-D1C80ECEAFB9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{63A82F3F-D06E-4A04-A85C-EE77EAB60F63}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{7478B777-B7F1-4FC1-ADA5-E86445BFFBD3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-frfr-downloader.exe |
"{75C8A59B-F6E4-46EC-80E3-DEF17AA63708}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"{847A7B1A-2866-4818-97FF-ECDCEF072617}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cities xl\runme.exe |
"{84B9959A-DC46-49DC-ADB8-E320092F544F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-frfr-downloader.exe |
"{8BDA3BFF-47B4-494F-8C44-24467F6B0CAB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8F2FB3A8-E64C-4C03-89A3-999E76B2E323}" = protocol=17 | dir=in | app=c:\program files\cyanide\blood bowl\bb.exe |
"{92C2FCE6-E496-44B9-AA92-B05F4B542CE0}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{946B6623-5661-4EF5-8347-FF588B28C3FD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{A49E70DD-C56A-4CBA-836A-81F7233A523E}" = dir=in | app=c:\program files\hp\dvdplay\dvdplay.exe |
"{A8DF0EA8-8289-45E2-BA3A-D5B03AC1B636}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-frfr-downloader.exe |
"{AB4E7464-32BA-4DFA-B032-E53E0257103C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-frfr-downloader.exe |
"{ACAB1B70-EB11-4D17-A3B2-2F0B8C380FFD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii\overlord2.exe |
"{AEA0AD30-F377-44FA-8074-BA3A5500277E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{B5CE081C-12C2-4BEE-82D6-A930D08B2355}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{BC4D70FC-F408-4F72-A0FE-7BD758F72E2A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{BE633B50-ADC5-4EF8-894D-C3279659AAB9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\kfed.exe |
"{BFA2E02B-225E-418D-BAFF-C798869E7200}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii\config.exe |
"{C2EC554D-5031-42D8-B5E2-EB825BE820C4}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-frfr-downloader.exe |
"{CB2A8EE9-D2B4-44E0-BFF8-8E20E84CE1E7}" = protocol=17 | dir=in | app=c:\program files\cyanide\blood bowl\autorun\exe\autorun.exe |
"{D7E4378D-AEAE-406A-A032-5254DF26BB9D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-frfr-downloader.exe |
"{E7989028-E2C0-4256-83F3-A852403C9BDE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F8B35E1F-1F41-478F-879C-EBAF1D0389C9}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"TCP Query User{22AC367C-30CF-42CB-8787-1DE275F91529}C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe" = protocol=6 | dir=in | app=c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe |
"TCP Query User{25733794-93CA-4484-9D58-89ABF6E91C33}C:\program files\common files\pocketsoft\rtpatch\autortp\artpschd.exe" = protocol=6 | dir=in | app=c:\program files\common files\pocketsoft\rtpatch\autortp\artpschd.exe |
"TCP Query User{258078E2-3C05-4826-B39E-DC1DF41E1CEB}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{281D09E8-FC1C-4F9D-9C0E-A96587B3E6C8}C:\users\yannbastian\appdata\local\temp\blizzard launcher temporary - 1e2375d8\launcher.exe" = protocol=6 | dir=in | app=c:\users\yannbastian\appdata\local\temp\blizzard launcher temporary - 1e2375d8\launcher.exe |
"TCP Query User{385F26CC-A4A6-4586-9F54-AF6B1BA8B4B9}C:\program files\multi file downloader\multifiledownloader.exe" = protocol=6 | dir=in | app=c:\program files\multi file downloader\multifiledownloader.exe |
"TCP Query User{47FCC6D2-B85B-42FE-8BB3-C1FB97E6C7E3}C:\users\yannbastian\documents\azureus downloads\urbanterror\iourtded.exe" = protocol=6 | dir=in | app=c:\users\yannbastian\documents\azureus downloads\urbanterror\iourtded.exe |
"TCP Query User{56C853BB-E551-4C1C-8CE9-7DE3A43E4B51}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{5A192667-BA4F-48B3-B313-2DD43540045C}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{7EB56227-A511-48AE-9D2A-D9E220E7A0BC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{EB1BAB72-B87C-4E3D-A3BC-8CEA3A1F86A7}C:\users\yannbastian\documents\azureus downloads\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=c:\users\yannbastian\documents\azureus downloads\urbanterror\iourbanterror.exe |
"UDP Query User{49BED9B1-AFBB-4984-815B-AF85D4DAF67A}C:\users\yannbastian\documents\azureus downloads\urbanterror\iourtded.exe" = protocol=17 | dir=in | app=c:\users\yannbastian\documents\azureus downloads\urbanterror\iourtded.exe |
"UDP Query User{7641A8C0-00D9-4F2D-B020-2BD0EBF40E83}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{82D691C5-5E2F-4967-8423-3DCC8E618EAE}C:\users\yannbastian\documents\azureus downloads\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=c:\users\yannbastian\documents\azureus downloads\urbanterror\iourbanterror.exe |
"UDP Query User{BC639A6B-F30B-4985-A439-1288CEBFED7F}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{BE474872-2DDD-4A21-8975-002DFE3B5AAB}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{C01930CF-7187-4ACE-84A7-CFE8DDAE489C}C:\users\yannbastian\appdata\local\temp\blizzard launcher temporary - 1e2375d8\launcher.exe" = protocol=17 | dir=in | app=c:\users\yannbastian\appdata\local\temp\blizzard launcher temporary - 1e2375d8\launcher.exe |
"UDP Query User{CD5312D8-5A68-4C8E-AB5B-1A5915ABDC10}C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe" = protocol=17 | dir=in | app=c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe |
"UDP Query User{D586C4E8-AA8B-456B-99C1-040FCE521F7D}C:\program files\common files\pocketsoft\rtpatch\autortp\artpschd.exe" = protocol=17 | dir=in | app=c:\program files\common files\pocketsoft\rtpatch\autortp\artpschd.exe |
"UDP Query User{E60B3569-E4FF-4E3D-BA04-A22CD1CF9247}C:\program files\multi file downloader\multifiledownloader.exe" = protocol=17 | dir=in | app=c:\program files\multi file downloader\multifiledownloader.exe |
"UDP Query User{F9CDE1BE-AF5E-4D09-B930-EE9B9452ED25}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{3B160861-7250-451E-B5EE-8B92BF30A710}" = Microsoft Works
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{48BF4489-0C58-4E80-BB17-94A673CE310A}" = HP Demo
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59F6861F-9EEF-4873-8778-43BC7D6F90BA}" = Medieval Lords - Démo
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{93F2C2FE-5036-4DA4-83C5-3F74608C4D6C}_is1" = WinFile
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3 - Français
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ : Pack d’éléments étranges et mignons
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E88BA4E8-6B36-4D39-9499-C10B439819E1}_is1" = List_Kill'em 1.2.8.4
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend
"{FDE0D0EB-486C-48B9-A6B5-4BEAA078AF73}" = Medieval Lords
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"BloodBowl_is1" = Blood Bowl 1.0.1.3
"CABAL Online (Europe)_is1" = CABAL Online
"CCleaner" = CCleaner
"Chaos-League" = Chaos-League
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Fraps" = Fraps (remove only)
"GameCenter" = GameCenter
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MegaTrainer XL_is1" = MegaTrainer XL V1.3.3.6
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.18)" = Mozilla Firefox (3.0.18)
"Mumble" = Mumble and Murmur
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Version de démonstration de Microsoft Office Home and Student 2007
"PC-Doctor for Windows" = Outils de diagnostic du matériel
"Runic Games Torchlight" = Torchlight
"SFR_Kit" = SFR - Kit de connexion
"Silkroad" = Silkroad
"Steam App 1250" = Killing Floor
"Steam App 1260" = Killing Floor SDK
"Steam App 12810" = Overlord II
"Steam App 35420" = Defence Alliance 2
"Steam App 35500" = Cities XL - Limited Edition
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"World of Warcraft" = World of Warcraft
"Wow Cartographe" = Wow Cartographe 1.09

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 01/03/2010 17:38:36 | Computer Name = PC-YannBastian | Source = Windows Search Service | ID = 3013
Description =

Error - 01/03/2010 18:03:00 | Computer Name = PC-YannBastian | Source = WinMgmt | ID = 10
Description =

Error - 01/03/2010 18:12:04 | Computer Name = PC-YannBastian | Source = WinMgmt | ID = 10
Description =

Error - 01/03/2010 18:17:28 | Computer Name = PC-YannBastian | Source = Application Error | ID = 1000
Description = Application défaillante gmer.exe, version 1.0.15.15281, horodatage
0x4b2763f0, module défaillant gmer.exe, version 1.0.15.15281, horodatage 0x4b2763f0,
code d’exception 0xc0000005, décalage d’erreur 0x0000c4b1, ID du processus 0xf4c,
heure de début de l’application 0x01cab98cae38207b.

Error - 01/03/2010 18:20:20 | Computer Name = PC-YannBastian | Source = WinMgmt | ID = 10
Description =

Error - 01/03/2010 19:11:49 | Computer Name = PC-YannBastian | Source = WinMgmt | ID = 10
Description =

Error - 01/03/2010 22:41:08 | Computer Name = PC-YannBastian | Source = Application Hang | ID = 1002
Description = Le programme KillingFloor.exe version 0.0.0.0 a cessé d’interagir
avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
sont disponibles, consultez l’historique du problème dans l’application Rapports
et solutions aux problèmes du Panneau de configuration. ID de processus : ac0 Heure
de début : 01cab99ddae5288c Heure de fin : 0

Error - 01/03/2010 22:43:12 | Computer Name = PC-YannBastian | Source = Application Hang | ID = 1002
Description = Le programme firefox.exe version 1.9.0.3685 a cessé d’interagir avec
Windows et a été fermé. Pour déterminer si des informations supplémentaires sont
disponibles, consultez l’historique du problème dans l’application Rapports et
solutions aux problèmes du Panneau de configuration. ID de processus : 898 Heure de
début : 01cab9b1e7e6a09c Heure de fin : 0

Error - 01/03/2010 22:44:35 | Computer Name = PC-YannBastian | Source = Application Hang | ID = 1002
Description = Le programme iexplore.exe version 8.0.6001.18702 a cessé d’interagir
avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
sont disponibles, consultez l’historique du problème dans l’application Rapports
et solutions aux problèmes du Panneau de configuration. ID de processus : fc4 Heure
de début : 01cab9b2139a862c Heure de fin : 0

Error - 02/03/2010 10:06:26 | Computer Name = PC-YannBastian | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 03/03/2010 19:34:27 | Computer Name = PC-YannBastian | Source = Service Control Manager | ID = 7026
Description =

Error - 04/03/2010 04:19:05 | Computer Name = PC-YannBastian | Source = HTTP | ID = 15016
Description =

Error - 04/03/2010 04:19:30 | Computer Name = PC-YannBastian | Source = Service Control Manager | ID = 7026
Description =

Error - 04/03/2010 06:48:45 | Computer Name = PC-YannBastian | Source = HTTP | ID = 15016
Description =

Error - 04/03/2010 06:50:27 | Computer Name = PC-YannBastian | Source = Service Control Manager | ID = 7026
Description =

Error - 04/03/2010 07:13:27 | Computer Name = PC-YannBastian | Source = HTTP | ID = 15016
Description =

Error - 04/03/2010 07:15:07 | Computer Name = PC-YannBastian | Source = HTTP | ID = 15016
Description =

Error - 04/03/2010 07:18:25 | Computer Name = PC-YannBastian | Source = HTTP | ID = 15016
Description =

Error - 04/03/2010 07:23:44 | Computer Name = PC-YannBastian | Source = HTTP | ID = 15016
Description =

Error - 04/03/2010 07:30:32 | Computer Name = PC-YannBastian | Source = Service Control Manager | ID = 7022
Description =


< End of report >
0
Réponse 58 / 80
plopus Messages postés 5962 Date d'inscription   Statut Contributeur sécurité Dernière intervention   293
 
relance list and killemn en option 2 destruction/suppression

et poste le rapport
0
Réponse 59 / 80
plopus Messages postés 5962 Date d'inscription   Statut Contributeur sécurité Dernière intervention   293
 
tu feras sa aussi :


- clic ici https://www.virustotal.com/gui/
- clic sur parcourir en milieu de page
- dans la nouvelle fenetre copie colle la (les) ligne a analyser

C:\knrphuod.exe


- clic sur ouvrir
- clic sur envoyer, un rappport va s'etablir
SI ON TE DIT le fichier a deja ete analyser clic sur réanalyser
et copie colle le rapport ici + l' URL du rapport (adresse internet)



supprime ces fichiers si present affiche les dossier cacher avant:
https://www.commentcamarche.net/informatique/windows/185-afficher-les-extensions-et-les-fichiers-caches-sous-windows/

C:\Users\YannBastian\AppData\Roaming\avdrn.dat
C:\Users\YannBastian\AppData\Roaming\rbuwzv.dat
C:\Program Files\ReadMe.txt
C:\Program Files\MedievalLords.ico
0
Réponse 60 / 80
plopus Messages postés 5962 Date d'inscription   Statut Contributeur sécurité Dernière intervention   293
 
tu feras sa aussi :


- clic ici https://www.virustotal.com/gui/
- clic sur parcourir en milieu de page
- dans la nouvelle fenetre copie colle la (les) ligne a analyser

C:\knrphuod.exe


- clic sur ouvrir
- clic sur envoyer, un rappport va s'etablir
SI ON TE DIT le fichier a deja ete analyser clic sur réanalyser
et copie colle le rapport ici + l' URL du rapport (adresse internet)



supprime ces fichiers si present affiche les dossier cacher avant:
https://www.commentcamarche.net/informatique/windows/185-afficher-les-extensions-et-les-fichiers-caches-sous-windows/

C:\Users\YannBastian\AppData\Roaming\avdrn.dat
C:\Users\YannBastian\AppData\Roaming\rbuwzv.dat
C:\Program Files\ReadMe.txt
C:\Program Files\MedievalLords.ico
0

Discussions similaires

Rootkit sur pc windows 10
mic42 -
bazfile -

1 réponse
infection
gladiator1952 -
gladiator1952 -

6 réponses
infection ou pas?
jpn1000 -
mcvivien2 -

5 réponses
Infection ou pas ???
karissia -
helpcenter -

1 réponse